MDVSA-2009:327 -- Mandriva clamavID: oval:org.secpod.oval:def:300588 | Date: (C)2012-01-07 (M)2022-02-11 |
Class: PATCH | Family: unix |
Multiple vulnerabilities has been found and corrected in clamav: Unspecified vulnerability in ClamAV before 0.95 allows remote attackers to bypass detection of malware via a modified RAR archive . libclamav/pe.c in ClamAV before 0.95 allows remote attackers to cause a denial of service via a crafted EXE file that triggers a divide-by-zero error . libclamav/untar.c in ClamAV before 0.95 allows remote attackers to cause a denial of service via a crafted file that causes clamd and clamscan to hang . The CLI_ISCONTAINED macro in libclamav/others.h in ClamAV before 0.95.1 allows remote attackers to cause a denial of service via a malformed file with UPack encoding . Stack-based buffer overflow in the cli_url_canon function in libclamav/phishcheck.c in ClamAV before 0.95.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted URL . Important notice about this upgrade: clamav-0.95+ bundles support for RAR v3 in libclamav which is a license violation as the RAR v3 license and the GPL license is not compatible. As a consequence to this Mandriva has been forced to remove the RAR v3 code. Packages for 2008.0 are being provided due to extended support for Corporate products. This update provides clamav 0.95.2, which is not vulnerable to these issues. Additionally klamav-0.46 is being provided that has support for clamav-0.95+.
Platform: |
Mandriva Linux 2008.0 |