Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245219 Summary: clamav < 0.90.3 multiple vulnerabilities Product: Fedora Version: f7 Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: clamav AssignedTo: enrico.scholz(a)informatik.tu-chemnitz.de ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: fedora-security-list(a)redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3023 "unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not properly calculate the end of a certain buffer, with unknown impact and remote attack vectors." http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3024 "libclamav/others.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 uses insecure permissions for temporary files that are created by the cli_gentempstream function in clamd/clamdscan, which might allow local users to read sensitive files." http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3122 "The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to bypass scanning via a RAR file with a header flag value of 10, which can be processed by WinRAR." http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3123 "unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to cause a denial of service (core dump) via a crafted RAR file with a modified vm_codesize value, which triggers a heap-based buffer overflow." Not checked whether 0.88.x in FC-6 and earlier are affected. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.