Home page logo

fulldisclosure logo Full Disclosure mailing list archives

[PLSA 2008-39] Clamav: Multiple Vulnerabilities
From: Pınar Yanardağ <pinar () pardus org tr>
Date: Sat, 06 Sep 2008 04:12:23 +0300

Pardus Linux Security Advisory 2008-39            security () pardus org tr
       Date: 2008-09-06
   Severity: 3
       Type: Remote


There has been discovered multiple vulnerabilities in Clamav including a
DoS (Denial of Service) vulnerability and memory leaks.


The   first vulnerability   is   caused   due   to   an   error    in
libclamav/chmunpack.c when processing malformed CHM files. This can  be
exploited to cause an invalid memory access via a specially crafted CHM

Others as follow:

* Out-of-memory null dereference (bb#1141) CVE-2008-3912

* Possible invalid memory access (bb#1089) CVE-2008-1389

* Error path memory leaks CVE-2008-3913

* Fd leaks (bb#1141) CVE-2008-3914

Affected packages:

   Pardus 2008:
     clamav, all before 0.93.3-28-2
   Pardus 2007:
     clamav, all before 0.93.3-30-29


There are update(s) for clamav. You can update them via Package Manager
or with a single command from console:

   Pardus 2008:
     pisi up clamav

   Pardus 2007:
     pisi up clamav


   * http://bugs.pardus.org.tr/show_bug.cgi?id=8110
   * http://int21.de/cve/CVE-2008-1389-clamav-chd.html
   * http://secunia.com/advisories/31725


Pınar Yanardağ
Pardus Security Team

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • [PLSA 2008-39] Clamav: Multiple Vulnerabilities Pınar Yanardağ (Sep 06)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]