Damian Put discovered a bug in the UPX decoder used for scanning UPX compressed Windows executables. The bug allows for a heap buffer overflow and may potentially be exploitable to execute arbitrary code. ClamAV has been version updated to version 0.88.4 in order to fix this problem.
There is no known workaround, please install the update packages.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
SUSE Linux Enterprise Server | 10 | i586 | clamav | < 0.88.4-0.2 | clamav-0.88.4-0.2.i586.rpm |
openSUSE | 10.1 | x86_64 | clamav | < 0.88.4-0.2 | clamav-0.88.4-0.2.x86_64.rpm |
SUSE Linux Enterprise Server | 10 | ia64 | clamav | < 0.88.4-0.2 | clamav-0.88.4-0.2.ia64.rpm |
SUSE Linux Enterprise Server | 10 | x86_64 | clamav | < 0.88.6-1.4 | clamav-0.88.6-1.4.x86_64.rpm |
openSUSE | 10.0 | x86_64 | clamav | < 0.88.4-0.1 | clamav-0.88.4-0.1.x86_64.rpm |
SUSE Linux Enterprise Server | 10 | x86_64 | clamav | < 0.88.4-0.2 | clamav-0.88.4-0.2.x86_64.rpm |
SUSE Linux Enterprise Server | 10 | i586 | clamav | < 0.88.6-1.4 | clamav-0.88.6-1.4.i586.rpm |
SUSE Linux Enterprise Server | 10 | s390x | clamav | < 0.88.6-1.4 | clamav-0.88.6-1.4.s390x.rpm |
openSUSE | 9.2 | i586 | clamav | < 0.88.4-0.1 | clamav-0.88.4-0.1.i586.rpm |
SUSE Linux Enterprise Server | 10 | ia64 | clamav | < 0.88.6-1.4 | clamav-0.88.6-1.4.ia64.rpm |