clamav - several vulnerabilities

2008-02-1600:00:00

Google

osv.dev

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON

Several vulnerabilities have been discovered in the Clam anti-virus
toolkit, which may lead to the execution of arbitrary code or local denial
of service. The Common Vulnerabilities and Exposures project identifies
the following problems:

CVE-2007-6595
It was discovered that temporary files are created insecurely,
which may result in local denial of service by overwriting files.
CVE-2008-0318
Silvio Cesare discovered an integer overflow in the parser for PE
headers.

The version of clamav in the old stable distribution (sarge) is no
longer supported with security updates.

For the stable distribution (etch), these problems have been fixed in
version 0.90.1dfsg-3etch10. In addition to these fixes, this update
also incorporates changes from the upcoming point release of the
stable distribution (non-free RAR handling code was removed).

We recommend that you upgrade your clamav packages.

CPENameOperatorVersion
clamaveq0.90.1-3etch7
clamaveq0.90.1-3etch2
clamaveq0.90.1-3etch3
clamaveq0.90.1-3etch4
clamaveq0.90.1dfsg-3etch9
clamaveq0.90.1-3etch1
clamaveq0.90.1-3etch5
clamaveq0.90.1-3.1lenny2
clamaveq0.90.1-3etch8
clamaveq0.90.1-3etch6

Name	Operator	Version
clamav	eq	0.90.1-3etch7
clamav	eq	0.90.1-3etch2
clamav	eq	0.90.1-3etch3
clamav	eq	0.90.1-3etch4
clamav	eq	0.90.1dfsg-3etch9
clamav	eq	0.90.1-3etch1
clamav	eq	0.90.1-3etch5
clamav	eq	0.90.1-3.1lenny2
clamav	eq	0.90.1-3etch8
clamav	eq	0.90.1-3etch6