Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Debian Security Advisory DSA 1320-1 (clamav)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The remote host is missing an update to clamav announced via advisory DSA 1320-1.
Insight
Insight
Several remote vulnerabilities have been discovered in the Clam anti-virus toolkit. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-2650 It was discovered that the OLE2 parser can be tricked into an infinite loop and memory exhaustion. CVE-2007-3023 It was discovered that the NsPack decompression code performed insufficient sanitising on an internal length variable, resulting in a potential buffer overflow. CVE-2007-3024 It was discovered that temporary files were created with insecure permissions, resulting in information disclosure. CVE-2007-3122 It was discovered that the decompression code for RAR archives allows bypassing a scan of a RAR archive due to insufficient validity checks. CVE-2007-3123 It was discovered that the decompression code for RAR archives performs insufficient validation of header values, resulting in a buffer overflow. For the oldstable distribution (sarge) these problems have been fixed in version 0.84-2.sarge.17. Please note that the fix for CVE-2007-3024 hasn't been backported to oldstable. For the stable distribution (etch) these problems have been fixed in version 0.90.1-3etch1. For the unstable distribution (sid) these problems have been fixed in version 0.90.2-1. We recommend that you upgrade your clamav packages. An updated package
Solution
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201320-1