Debian Security Advisory DSA 1660-1 (clamav) Network Vulnerability

Summary

The remote host is missing an update to clamav announced via advisory DSA 1660-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201660-1

Insight

Several denial-of-service vulnerabilities have been discovered in the ClamAV anti-virus toolkit: Insufficient checking for out-of-memory conditions results in null pointer derefences (CVE-2008-3912). Incorrect error handling logic leads to memory leaks (CVE-2008-3913) and file descriptor leaks (CVE-2008-3914). For the stable distribution (etch), these problems have been fixed in version 0.90.1dfsg-4etch15. For the unstable distribution (sid) and the testing distribution (lenny), these problems have been fixed in version 0.94.dfsg-1. We recommend that you upgrade your clamav package.

Severity

Classification

CVE CVE-2008-3912, CVE-2008-3913, CVE-2008-3914

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Debian Security Advisory DSA 1039-1 (blender)
Debian Security Advisory DSA 075-1 (netkit-telnet-ssl)
Debian Security Advisory DSA 1016-1 (evolution)
Debian Security Advisory DSA 058-1 (exim)
Debian Security Advisory DSA 1004-1 (vlc)

Take action and discover your vulnerabilities