From: Pınar Yanardağ (pinarpardus.org.tr)
Date: Fri Sep 05 2008 - 20:12:23 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

------------------------------------------------------------------------
Pardus Linux Security Advisory 2008-39 securitypardus.org.tr
------------------------------------------------------------------------
       Date: 2008-09-06
   Severity: 3
       Type: Remote
------------------------------------------------------------------------

Summary
=======

There has been discovered multiple vulnerabilities in Clamav including a
DoS (Denial of Service) vulnerability and memory leaks.

Description
===========

The first vulnerability is caused due to an error in
libclamav/chmunpack.c when processing malformed CHM files. This can be
exploited to cause an invalid memory access via a specially crafted CHM
file.

Others as follow:

* Out-of-memory null dereference (bb#1141) CVE-2008-3912

* Possible invalid memory access (bb#1089) CVE-2008-1389

* Error path memory leaks CVE-2008-3913

* Fd leaks (bb#1141) CVE-2008-3914

Affected packages:

   Pardus 2008:
     clamav, all before 0.93.3-28-2
   Pardus 2007:
     clamav, all before 0.93.3-30-29

Resolution
==========

There are update(s) for clamav. You can update them via Package Manager
or with a single command from console:

   Pardus 2008:
     pisi up clamav

   Pardus 2007:
     pisi up clamav

References
==========

   * http://bugs.pardus.org.tr/show_bug.cgi?id=8110
   * http://int21.de/cve/CVE-2008-1389-clamav-chd.html
   * http://secunia.com/advisories/31725

------------------------------------------------------------------------

--
Pınar Yanardağ
Pardus Security Team
http://security.pardus.org.tr

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]