[Frugalware-security] [ FSA-238 ] clamav

vmiklos noreply at frugalware.org
Tue Aug 7 10:07:15 CEST 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Frugalware Security Advisory                           FSA-238

Date: 2007-08-07
Package: clamav
Vulnerable versions: <= 0.90.2-1terminus2
Unaffected versions: >= 0.90.2-1terminus3
Related bugreport: http://bugs.frugalware.org/task/2257
CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3725

Description
===========

Metaeye SG has reported a vulnerability in ClamAV, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to a NULL-pointer dereference error within libclamav/unrar/unrarvm.c when handling RAR archives and can be exploited to cause a crash via a specially crafted RAR archive.

Updated Packages
================

Check if you have clamav installed:

	# pacman-g2 -Q clamav

If found, then you should upgrade to the latest version:

	# pacman-g2 -Sy clamav

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: See http://ftp.frugalware.org/pub/README.GPG for info

iD8DBQFGuCgzZ7NElSD1VhkRAkkTAJ4qqTPP1xAYTMckT/RcJDft60wyGACfedO2
sT7T9s+bxUBcXpfJJhmO3es=
=R5Tf
-----END PGP SIGNATURE-----


More information about the Frugalware-security mailing list