Bug 209915 - app-antivirus/clamav < 0.92.1 multiple vulnerabilities (CVE-2008-0318,CVE-2008-0728)
|
Bug#:
209915
(CVE-2008-0318)
|
Product: Gentoo Security
|
Version: unspecified
|
Platform: All
|
|
OS/Version: Linux
|
Status: RESOLVED
|
Severity: normal
|
Priority: P2
|
|
Resolution: FIXED
|
Assigned To: security@gentoo.org
|
Reported By: py@gentoo.org
|
|
Component: Vulnerabilities
|
|
|
URL:
http://secunia.com/advisories/28907/
|
|
Summary: app-antivirus/clamav < 0.92.1 multiple vulnerabilities (CVE-2008-0318,CVE-2008-0728)
|
|
Keywords:
|
|
Status Whiteboard: B2 [glsa]
|
|
Opened: 2008-02-12 20:41 0000
|
Some vulnerabilities have been reported in ClamAV, which can be exploited by
malicious people to cause a DoS (Denial of Service) or to potentially
compromise a vulnerable system.
1) An integer overflow error exists within the "cli_scanpe()" function in
libclamav/pe.c. No further information is currently available.
2) An error within the "unmew11()" function in libclamav/mew.c can be exploited
to corrupt heap memory.
Successful exploitation may allow execution of arbitrary code.
The vulnerabilities are reported in versions prior to 0.92.1.
Solution:
Update to version 0.92.1.
net-mail/antivirus, ok for fast-tracking stabilization of 0.92.1?
could someone please add "CVE-2008-0728" to the summary? (i dont have the
needed permissions)
Maintainers please advise.
I'm OK for 0.92.1 stabilization.
Arches please test and mark stable app-antivirus/clamav-0.92.1, target "alpha
amd64 hppa ia64 ppc ppc64 sparc x86 ~x86-fbsd"
hmm, don't know why I rated this B3 at first... glsa request filed.
Fixed in release snapshot.
