aru Posted April 8, 2006 Report Share Posted April 8, 2006 Mandriva Advisories MDKSA-2006:067 : clamav Updated clamav packages fix vulnerabilities April 7th, 2006 Damian Put discovered an integer overflow in the PE header parser in ClamAV that could be exploited if the ArchiveMaxFileSize option was disabled (CVE-2006-1614). Format strings in the logging code could possibly lead to the execution of arbitrary code (CVE-2006-1615). David Luyer found that ClamAV could be tricked into an invalid memory access in the cli_bitset_set() function, which could lead to a Denial of Service (CVE-2006-1630). This update provides ClamAV 0.88.1 which corrects this issue and also fixes some other bugs. The released versions of Mandriva GNU/Linux affected are: CS3.0 10.2 2006.0 Full information about this advisory, including the updated packages, is available at: wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:067 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1614 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1615 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1630 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2005/11/24 16:53:12 aru Exp aru $) Link to comment Share on other sites More sharing options...
Recommended Posts