Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245219
Summary: clamav < 0.90.3 multiple vulnerabilities Product: Fedora Version: f7 Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: clamav AssignedTo: enrico.scholz@informatik.tu-chemnitz.de ReportedBy: ville.skytta@iki.fi QAContact: extras-qa@fedoraproject.org CC: fedora-security-list@redhat.com
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3023 "unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not properly calculate the end of a certain buffer, with unknown impact and remote attack vectors."
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3024 "libclamav/others.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 uses insecure permissions for temporary files that are created by the cli_gentempstream function in clamd/clamdscan, which might allow local users to read sensitive files."
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3122 "The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to bypass scanning via a RAR file with a header flag value of 10, which can be processed by WinRAR."
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3123 "unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to cause a denial of service (core dump) via a crafted RAR file with a modified vm_codesize value, which triggers a heap-based buffer overflow."
Not checked whether 0.88.x in FC-6 and earlier are affected.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: clamav < 0.90.3 multiple vulnerabilities Alias: CVE-2007-3123
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245219
ville.skytta@iki.fi changed:
What |Removed |Added ---------------------------------------------------------------------------- Alias| |CVE-2007-3123
------- Additional Comments From ville.skytta@iki.fi 2007-07-19 14:01 EST ------- One more that I didn't find in Bugzilla and apparently affects 0.90.x series earlier than 0.90.3:
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2029 "File descriptor leak in the PDF handler in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service via a crafted PDF file."
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: clamav < 0.90.3 multiple vulnerabilities Alias: CVE-2007-3123
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245219
crow@orangeblood.org changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |crow@orangeblood.org
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: clamav < 0.90.3 multiple vulnerabilities Alias: CVE-2007-3123
https://bugzilla.redhat.com/show_bug.cgi?id=245219
------- Additional Comments From ondrejj@salstar.sk 2007-08-30 03:39 EST ------- Another problem is, that freshclam is writing to logs this: Reading CVD header (daily.cvd): Ignoring mirror 212.7.0.71 (too often connection s with outdated version)
I think updating is not working properly. This does not happen always and I am unable to reproduce this on other machine.
And last problem, libclamav is loading it's database a long time (aprox. 2-5 minutes). This bug can be also fixed with upgrade to clamav 0.91.
What is the problem with releasing clamav-0.91.2 built in Koji?
How can I help to release clamav updates with less time? My Fedora system is vulnerable to some vulnerabilities with old clamav. :-(
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: clamav < 0.90.3 multiple vulnerabilities Alias: CVE-2007-3123
https://bugzilla.redhat.com/show_bug.cgi?id=245219
ondrejj@salstar.sk changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |ondrejj@salstar.sk
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: clamav < 0.90.3 multiple vulnerabilities Alias: CVE-2007-3123
https://bugzilla.redhat.com/show_bug.cgi?id=245219
lkundrak@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Fixed In Version| |clamav-0.91.2-3.fc7 Resolution| |CURRENTRELEASE
security@lists.fedoraproject.org