U radu besplatnog antivirusnog alata clamav, koji se koristi na Linux sustavima za pregled privitaka elektroničke pošte, otkrivena su dva propusta. Prvi propust je rezultat preljeva međuspremnika u funkciji "cli_pdf" u datoteci "libclamav/pdf.c", a može se iskoristiti za DoS napad podmetanjem posebno oblikovanog PDF dokumenta. Drugi se javlja u funkciji "ba_read_project_strings" u "vba_extract.c", a moguće ga je iskoristiti udaljeno za pokretanje proizvoljnog programskog koda s posebno oblikovanim VBA (eng. Visual Basic for Applications) podacima. Korisnike se potiče na korištenje dostupne nadogradnje.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-2732
2011-03-05 19:21:02
--------------------------------------------------------------------------------
Name : clamav
Product : Fedora 15
Version : 0.97
Release : 1500.fc15
URL : http://www.clamav.net
Summary : End-user tools for the Clam Antivirus scanner
Description :
Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this
software is the integration with mail servers (attachment scanning). The
package provides a flexible and scalable multi-threaded daemon, a command
line scanner, and a tool for automatic updating via Internet. The programs
are based on a shared library distributed with the Clam AntiVirus package,
which you can use with your own software. The virus database is based on
the virus database from OpenAntiVirus, but contains additional signatures
(including signatures for popular polymorphic viruses, too) and is KEPT UP
TO DATE.
--------------------------------------------------------------------------------
Update Information:
Update to 0.97
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #595318 - CVE-2010-1639 Clam AntiVirus: Heap-based overflow, when
processing malicious PDF file(s)
https://bugzilla.redhat.com/show_bug.cgi?id=595318
[ 2 ] Bug #679787 - CVE-2011-1003 clamav: Double free error by reading VBA
project strings
https://bugzilla.redhat.com/show_bug.cgi?id=679787
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update clamav' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke