[Pkg-clamav-devel] Bug#535881: clamav: recent vulnerabilities
Michael S. Gilbert
michael.s.gilbert at gmail.com
Sun Jul 5 18:50:19 UTC 2009
package: clamav
version: 0.90.1dfsg-4etch16
severity: important
tags: security
hello,
clamav is vulnerable to several scanner bypass vulnerabilities [1].
note that the upstream version also appears to address some other
security-related issues as well:
* libclamav: detect and handle archives hidden inside other files (eg.
images), which can be unpacked by WinZip, WinRAR and other tools
(bb#1554) Reported by ROGER Mickael and Thierry Zoller
* libclamav/mspack.c, cab.c: don't rely on file sizes stored in CAB
headers (bb#1562) Reported by Thierry*Zoller <Thierry*Zoller.lu>
* libclamunrar/unrarvm.c: fix handling of some broken rar files
* libclamav/mbox.c: handle malformed emails with embedded \0s (bb
#1573)
* libclamav/readdb.c: add offset checks (bb#1615)
[1] http://blog.zoller.lu/2009/05/advisory-clamav-generic-bypass.html
More information about the Pkg-clamav-devel
mailing list