"Gentoo Linux Security Advisory GLSA 200909-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Clam AntiVirus: Multiple vulnerabilities
Date: September 09, 2009
Bugs: #264834, #265545
ID: 200909-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities in ClamAV allow for the remote execution of
arbitrary code or Denial of Service.
Background
==========
Clam AntiVirus (short: ClamAV) is an anti-virus toolkit for UNIX,
designed especially for e-mail scanning on mail gateways.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-antivirus/clamav = 0.95.2
Description
===========
Multiple vulnerabilities have been found in ClamAV:
* The vendor reported a Divide-by-zero error in the PE ("Portable
Executable"; Windows .exe) file handling of ClamAV (CVE-2008-6680).
* Jeffrey Thomas Peckham found a flaw in libclamav/untar.c, possibly
resulting in an infinite loop when processing TAR archives in clamd
and clamscan (CVE-2009-1270).
* Martin Olsen reported a vulnerability in the CLI_ISCONTAINED macro
in libclamav/others.h, when processing UPack archives
(CVE-2009-1371).
* Nigel disclosed a stack-based buffer overflow in the
"cli_url_canon()" function in libclamav/phishcheck.c when processing
URLs (CVE-2009-1372).
Impact
======
A remote attacker could entice a user or automated system to process a
specially crafted UPack archive or a file containing a specially
crafted URL, possibly resulting in the remote execution of arbitrary
code with the privileges of the user running the application, or a
Denial of Service. Furthermore, a remote attacker could cause a Denial
of Service by supplying a specially crafted TAR archive or PE
executable to a Clam AntiVirus instance.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Clam AntiVirus users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose =app-antivirus/clamav-0.95.2
References
==========
[ 1 ] CVE-2008-6680
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6680
[ 2 ] CVE-2009-1270
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1270
[ 3 ] CVE-2009-1371
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1371
[ 4 ] CVE-2009-1372
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1372
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200909-04.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2009 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
"
Sharon Osbourne will always have bulimiaGLSA 200907-16 Python: Integer overflows
This entry was posted
on 11:00 AM
.
Archives
-
▼
2009
(488)
-
▼
September
(53)
- RHSA-2009:1465-01 Important: kvm security and bug ...
- RHSA-2009:1466-01 Important: kernel security and b...
- DSA 1897-1: New horde3 packages fix arbitrary code...
- DSA 1895-1: New xmltooling packages fix potential ...
- DSA 1894-1: New newt packages fix arbitrary code e...
- DSA 1892-1: New dovecot packages fix arbitrary cod...
- GLSA 200909-20 cURL: Certificate validation error
- RHSA-2009:1461-01 Important: Red Hat Application S...
- RHSA-2009:1463-01 Moderate: newt security update
- USN-837-1: Newt vulnerability
- RHSA-2009:1452-01 Moderate: neon security update
- DSA 1891-1: New changetrack packages fix arbitrary...
- USN-836-1: WebKit vulnerabilities
- RHSA-2009:1459-04 Important: cyrus-imapd security ...
- RHSA-2009:1453-01 Moderate: pidgin security update
- USN-835-1: neon vulnerabilities
- DSA 1888-1: New openssl packages deprecate MD2 has...
- USN-834-1: PostgreSQL vulnerabilities
- GLSA 200909-19 Dnsmasq: Multiple vulnerabilities
- GLSA 200909-18 nginx: Remote execution of arbitra...
- DSA 1889-1: New icu packages correct multibyte seq...
- USN-830-1: OpenSSL vulnerability
- RHSA-2009:1438-01 Important: kernel security and b...
- USN-832-1: FreeRADIUS vulnerability
- DSA 1884-1: New nginx packages fix arbitrary code ...
- RHSA-2009:1451-01 Moderate: freeradius security up...
- DSA 1883-2: New nagios2 packages fix regression
- GLSA 200909-17 ZNC: Directory traversal
- USN-821-1: Firefox and Xulrunner vulnerabilities
- DSA 1887-1: New rails packages fix cross-site scri...
- GLSA 200909-14 Horde: Multiple vulnerabilities
- GLSA 200909-16 Wireshark: Denial of Service
- DSA 1878-2: New devscripts packages fix regressions
- GLSA 200909-12 HTMLDOC: User-assisted execution o...
- GLSA 200909-09 Screenie: Insecure temporary file ...
- DSA 1883-1: New nagios2 packages fix several cross...
- RHSA-2009:1432-01 Critical: seamonkey security update
- RHSA-2009:1431-01 Critical: seamonkey security update
- RHSA-2009:1430-01 Critical: firefox security update
- DSA 1879-1: New silc-client/silc-toolkit packages ...
- GLSA 200909-04 Clam AntiVirus: Multiple vulnerabi...
- DSA 1878-1: New devscripts packages fix remote cod...
- DSA 1881-1: New cyrus-imapd packages fix arbitrary...
- GLSA 200909-01 Linux-PAM: Privilege escalation
- GLSA 200909-02 libvorbis: User-assisted execution...
- RHSA-2009:1339-02 Low: rgmanager security, bug fix...
- RHSA-2009:1289-02 Moderate: mysql security and bug...
- RHSA-2009:1321-02 Low: nfs-utils security and bug ...
- RHSA-2009:1278-02 Low: lftp security and bug fix u...
- RHSA-2009:1341-02 Low: cman security, bug fix, and...
- RHSA-2009:1337-02 Low: gfs2-utils security and bug...
- RHSA-2009:1232-01 Moderate: gnutls security update
- RHSA-2009:1239-02 Important: kernel-rt security an...
-
▼
September
(53)