MDVSA-2009:097 -- Mandriva clamavID: oval:org.secpod.oval:def:301218 | Date: (C)2012-01-07 (M)2022-02-11 |
Class: PATCH | Family: unix |
Multiple vulnerabilities has been found and corrected in clamav: Unspecified vulnerability in ClamAV before 0.95 allows remote attackers to bypass detection of malware via a modified RAR archive . libclamav/pe.c in ClamAV before 0.95 allows remote attackers to cause a denial of service via a crafted EXE file that triggers a divide-by-zero error . libclamav/untar.c in ClamAV before 0.95 allows remote attackers to cause a denial of service via a crafted file that causes clamd and clamscan to hang . The CLI_ISCONTAINED macro in libclamav/others.h in ClamAV before 0.95.1 allows remote attackers to cause a denial of service via a malformed file with UPack encoding . Stack-based buffer overflow in the cli_url_canon function in libclamav/phishcheck.c in ClamAV before 0.95.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted URL . Important notice about this upgrade: clamav-0.95+ bundles support for RAR v3 in libclamav which is a license violation as the RAR v3 license and the GPL license is not compatible. As a consequence to this Mandriva has been forced to remove the RAR v3 code. This update provides clamav 0.95.1, which is not vulnerable to these issues.
Platform: |
Mandriva Linux 2009.0 |
Mandriva Linux 2008.1 |