Insanity Reviews Friends

Just another WordPress weblog

USN-926-1: ClamAV vulnerabilities

Referenced CVEs: 
CVE-2010-0098

Description: 
===========================================================
Ubuntu Security Notice USN-926-1 April 08, 2010
clamav vulnerabilities
CVE-2010-0098
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.10:
libclamav6 0.95.3+dfsg-1ubuntu0.09.04~intrepid3

Ubuntu 9.04:
libclamav6 0.95.3+dfsg-1ubuntu0.09.04.1

Ubuntu 9.10:
libclamav6 0.95.3+dfsg-1ubuntu0.09.10.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that ClamAV did not properly verify its input when
processing CAB files. A remote attacker could send a specially crafted
CAB file to evade malware detection. (CVE-2010-0098)

It was discovered that ClamAV did not properly verify its input when
processing CAB files. A remote attacker could send a specially crafted
CAB file and cause a denial of service via application crash.

Bookmark and Share

Tags: , , , , , , , , , , , ,

Thu, April 8 2010 » Uncategorized

Leave a Reply

« »