Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

SuSE Update for clamav SUSE-SA:2007:026

Information

Severity

Severity

High

Family

Family

SuSE Local Security Checks

CVSSv2 Base

CVSSv2 Base

7.5

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Solution Type

Solution Type

Vendor Patch

Created

Created

15 years ago

Modified

Modified

6 years ago

Summary

Check for the Version of clamav

Insight

Insight

The AntiVirus scan engine clamav was updated to version 0.90.2. Among other bugs two security problems were fixed which could cause a remote denial of service attack against clamav or potentially be used to execute code. - CVE-2007-1745: The chm_decompress_stream function in libclamav/chmunpack.c leaks file descriptors, which has unknown impact and attack vectors involving a crafted CHM file. - CVE-2007-1997: Integer signedness error in the (1) cab_unstore and (2) cab_extract functions in libclamav/cab.c might allow remote attackers to execute arbitrary code via a crafted CHM file that contains a negative integer, which passes a signed comparison and leads to a stack-based buffer overflow. Updates for this problem were released on Tuesday April 17.

Affected Software

Affected Software

clamav on SUSE LINUX 10.1, openSUSE 10.2, SUSE SLES 9, Open Enterprise Server, Novell Linux POS 9, SUSE SLES 10

Solution

Solution

Please Install the Updated Packages.

Common Vulnerabilities and Exposures (CVE)