Jump to content

Advisories MDVSA-2010:082-1: clamav


Recommended Posts

Multiple vulnerabilities has been found and corrected in clamav:

 

ClamAV before 0.96 does not properly handle the (1) CAB and (2) 7z file

formats, which allows remote attackers to bypass virus detection via

a crafted archive that is compatible with standard archive utilities

(CVE-2010-0098).

 

The qtm_decompress function in libclamav/mspack.c in ClamAV before

0.96 allows remote attackers to cause a denial of service (memory

corruption and application crash) via a crafted CAB archive that uses

the Quantum (aka .Q) compression format. NOTE: some of these details

are obtained from third party information (CVE-2010-1311).

 

This update provides clamav 0.96, which is not vulnerable to these

issues.

 

Update:

 

Packages for 2009.0 are provided due to the Extended Maintenance

Program.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...