| |||||||||||||||||||
Pardus alert 2010-55 (clamav)
------------------------------------------------------------------------ Pardus Linux Security Advisory 2010-55 security@pardus.org.tr ------------------------------------------------------------------------ Date: 2010-04-20 Severity: 3 Type: Local ------------------------------------------------------------------------ Summary ======= A weakness and a vulnerability have been fixed in ClamAV, which can be exploited by malicious people to bypass the scanning functionality or potentially compromise a vulnerable system. Description =========== CVE-2010-0098: ClamAV does not properly handle the (1) CAB and (2) 7z file formats, which allows remote attackers to bypass virus detection via a crafted archive that is compatible with standard archive utilities. CVE-2010-1311: The qtm_decompress function in libclamav/mspack.c in ClamAV allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted CAB archive that uses the Quantum (aka .Q) compression format. NOTE: some of these details are obtained from third party information. Affected packages: Pardus 2009: clamav, all before 0.95.3-36-6 Pardus 2008: clamav, all before 0.95.2-31-5 Resolution ========== There are update(s) for clamav. You can update them via Package Manager or with a single command from console: Pardus 2008: pisi up clamav Pardus 2009: pisi up clamav References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=12637 * http://secunia.com/advisories/39329/ * https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1826 * https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1771 ------------------------------------------------------------------------ _______________________________________________ Pardus-security mailing list Pardus-security@pardus.org.tr http://liste.pardus.org.tr/mailman/listinfo/pardus-security (Log in to post comments)
|
|||||||||||||||||||