From 4f2d7949f03e1c198bc888f2d05f421d35c57e21 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Mon, 9 Oct 2017 18:53:29 +0100 Subject: reinit the tree, so we can have metadata --- metadata/glsa/glsa-200509-13.xml | 67 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) create mode 100644 metadata/glsa/glsa-200509-13.xml (limited to 'metadata/glsa/glsa-200509-13.xml') diff --git a/metadata/glsa/glsa-200509-13.xml b/metadata/glsa/glsa-200509-13.xml new file mode 100644 index 000000000000..4592d8943a12 --- /dev/null +++ b/metadata/glsa/glsa-200509-13.xml @@ -0,0 +1,67 @@ + + + + Clam AntiVirus: Multiple vulnerabilities + + Clam AntiVirus is subject to vulnerabilities ranging from Denial of Service + to execution of arbitrary code when handling compressed executables. + + clamav + 2005-09-19 + 2005-09-19: 01 + 106279 + remote + + + 0.87 + 0.87 + + + +

+ Clam AntiVirus is a GPL anti-virus toolkit, designed for + integration with mail servers to perform attachment scanning. Clam + AntiVirus also provides a command line scanner and a tool for fetching + updates of the virus database. +

+ + +

+ Clam AntiVirus is vulnerable to a buffer overflow in + "libclamav/upx.c" when processing malformed UPX-packed executables. It + can also be sent into an infinite loop in "libclamav/fsg.c" when + processing specially-crafted FSG-packed executables. +

+ + +

+ By sending a specially-crafted file an attacker could execute + arbitrary code with the permissions of the user running Clam AntiVirus, + or cause a Denial of Service. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Clam AntiVirus users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.87" + + + CAN-2005-2919 + CAN-2005-2920 + Clam AntiVirus: Release Notes + + + koon + + + koon + + -- cgit v1.2.3