_______________________________________________________________________
Package : clamav
Date : December 8, 2009
Affected: 2008.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities has been found and corrected in clamav:
Unspecified vulnerability in ClamAV before 0.95 allows remote
attackers to bypass detection of malware via a modified RAR archive
(CVE-2009-1241).
libclamav/pe.c in ClamAV before 0.95 allows remote attackers to cause
a denial of service (crash) via a crafted EXE file that triggers a
divide-by-zero error (CVE-2008-6680).
libclamav/untar.c in ClamAV before 0.95 allows remote attackers to
cause a denial of service (infinite loop) via a crafted file that
causes (1) clamd and (2) clamscan to hang (CVE-2009-1270).
The CLI_ISCONTAINED macro in libclamav/others.h in ClamAV before 0.95.1
allows remote attackers to cause a denial of service (application
crash) via a malformed file with UPack encoding (CVE-2009-1371).
Stack-based buffer overflow in the cli_url_canon function in
libclamav/phishcheck.c in ClamAV before 0.95.1 allows remote attackers
to cause a denial of service (application crash) and possibly execute
arbitrary code via a crafted URL (CVE-2009-1372).
Important notice about this upgrade: clamav-0.95+ bundles support
for RAR v3 in libclamav which is a license violation as the RAR v3
license and the GPL license is not compatible. As a consequence to
this Mandriva has been forced to remove the RAR v3 code.
Packages for 2008.0 are being provided due to extended support for
Corporate products.
This update provides clamav 0.95.2, which is not vulnerable to these
issues. Additionally klamav-0.46 is being provided that has support
for clamav-0.95+.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cg ... -2008-6680
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-1241
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-1270
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-1371
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-1372
_______________________________________________________________________
[ MDVSA-2009:327 ] clamav
Ensimmäinen lukematon viesti • 1 viesti
• Sivu 1/1
[ MDVSA-2009:327 ] clamav
Kirjoittaja dude67 » 12 Joulu 2009, 17:36
1. Mageia-1 KDE4 x86_64 (& Win7 Pro) | desktop
2. Mageia-2 KDE4 (& Win7 Home Premium) | laptop Acer 7530
3. Mageia-1 KDE4 (& Win7 Starter) | Samsung NC-10 miniläppäri
4. Mageia-1 KDE4 | serverinä toimiva desktop
Luotettavaa Linux käyttöä jo Mandriva 2006.0:sta lähtien
-
dude67 - Site Admin
- Viestit: 2256
- Liittynyt: 27 Syys 2007, 16:58
- Paikkakunta: Espoo
1 viesti
• Sivu 1/1
Paluu Mandrivan turvallisuustiedotteet
Paikallaolijat
Käyttäjiä lukemassa tätä aluetta: Ei rekisteröityneitä käyttäjiä ja 56 vierailijaa