Jump to content

Advisories (MDKSA-2006:067 ): clamav


Recommended Posts

Mandriva Advisories MDKSA-2006:067 : clamav


Updated clamav packages fix vulnerabilities

April 7th, 2006


Damian Put discovered an integer overflow in the PE header parser in ClamAV that could be exploited if the ArchiveMaxFileSize option was disabled (CVE-2006-1614). Format strings in the logging code could possibly lead to the execution of arbitrary code (CVE-2006-1615). David Luyer found that ClamAV could be tricked into an invalid memory access in the cli_bitset_set() function, which could lead to a Denial of Service (CVE-2006-1630). This update provides ClamAV 0.88.1 which corrects this issue and also fixes some other bugs.



The released versions of Mandriva GNU/Linux affected are:

  • CS3.0
  • 10.2
  • 2006.0

Full information about this advisory, including the updated packages, is available at:



Other references:





Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2005/11/24 16:53:12 aru Exp aru $)

Link to comment
Share on other sites


  • Create New...