Updated clamav packages fix multiple vulnerabilities
Multiple vulnerabilities were discovered in ClamAV and corrected with
the 0.93 release, including:
ClamAV 0.92 allowed local users to overwrite arbitrary files via
a symlink attack on temporary files or on .ascii files in sigtool,
when utf16-decode is enabled (CVE-2007-6595).
A heap-based buffer overflow in ClamAV 0.92.1 allowed remote attackers
to execute arbitrary code via a crafted PeSpin packed PE binary
(CVE-2008-0314).
An integer overflow in libclamav prior to 0.92.1 allowed remote
attackers to cause a denial of service and possibly execute arbitrary
code via a crafted Petite packed PE file, which triggered a heap-based
buffer overflow (CVE-2008-0318).
An unspecified vulnerability in ClamAV prior to 0.92.1 triggered heap
corruption (CVE-2008-0728).
A buffer overflow in ClamAV 0.92 and 0.92.1 allowed remote attackers
to execute arbitrary code via a crafted Upack PE file (CVE-2008-1100).
ClamAV prior to 0.93 allowed remote attackers to cause a denial of
service (CPU consumption) via a crafted ARJ archive (CVE-2008-1387).
A heap-based buffer overflow in ClamAV 0.92.1 allowed remote attackers
to execute arbitrary code via a crafted WWPack compressed PE binary
(CVE-2008-1833).
ClamAV prior to 0.93 allowed remote attackers to bypass the scanning
engine via a RAR file with an invalid version number (CVE-2008-1835).
A vulnerability in rfc2231 handling in ClamAV prior to 0.93 allowed
remote attackers to cause a denial of service (crash) via a crafted
message that produced a string that was not null terminated, triggering
a buffer over-read (CVE-2008-1836).
A vulnerability in libclamunrar in ClamAV prior to 0.93 allowed remote
attackers to cause a denial of service (crash) via a crafted RAR file
(CVE-2008-1837).
Other bugs have also been corrected in 0.93 which is being provided
with this update. Because this new version has increased the major
of the libclamav library, updated dependent packages are also being
provided.
[ MDVSA-2008:088 ] - Updated clamav packages fix multiple vu
Ensimmäinen lukematon viesti • 1 viesti
• Sivu 1/1
[ MDVSA-2008:088 ] - Updated clamav packages fix multiple vu
Kirjoittaja dude67 » 18 Huhti 2008, 09:58
1. Mageia-1 KDE4 x86_64 (& Win7 Pro) | desktop
2. Mageia-2 KDE4 (& Win7 Home Premium) | laptop Acer 7530
3. Mageia-1 KDE4 (& Win7 Starter) | Samsung NC-10 miniläppäri
4. Mageia-1 KDE4 | serverinä toimiva desktop
Luotettavaa Linux käyttöä jo Mandriva 2006.0:sta lähtien
-
dude67 - Site Admin
- Viestit: 2256
- Liittynyt: 27 Syys 2007, 16:58
- Paikkakunta: Espoo
1 viesti
• Sivu 1/1
Paluu Mandrivan turvallisuustiedotteet
Paikallaolijat
Käyttäjiä lukemassa tätä aluetta: Ei rekisteröityneitä käyttäjiä ja 41 vierailijaa