[Frugalware-security] [ FSA-155 ] clamav
voroskoi
noreply at frugalware.org
Tue Apr 17 13:32:38 CEST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Frugalware Security Advisory FSA-155
Date: 2007-04-17
Package: clamav
Vulnerable versions: <= 0.90.1-1
Unaffected versions: >= 0.90.2-1terminus1
Related bugreport: http://bugs.frugalware.org/task/1946
CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1745
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1997
Description
===========
Two vulnerabilities have been reported in Clam AntiVirus. One has an unknown impact, while the other can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system.
1) An unspecified file descriptor leak error exists within libclamav/chmunpack.c.
2) A signedness error exists within the "cab_unstore()" function in libclamav/cab.c. This can be exploited to cause a stack based buffer overflow via a specially crafted ".cab" file, and may allow execution of arbitrary code or crashing of the clamd process.
Updated Packages
================
Check if you have clamav installed:
# pacman -Q clamav
If found, then you should upgrade to the latest version:
# pacman -Sy clamav
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: See http://ftp.frugalware.org/pub/README.GPG for info
iD8DBQFGJLBVZ7NElSD1VhkRAvt0AJ9V5Bgm4LvS8G+6cReshYEz0+IvtgCfRQWx
4It7taTH8YLjFrIQChjOjKw=
=f7Z8
-----END PGP SIGNATURE-----
More information about the Frugalware-security
mailing list