Mandriva Update For Clamav MDVSA-2008:166 (clamav) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

An incomplete fix for CVE-2008-2713 resulted in remote attackers being able to cause a denial of service via a malformed Petite file that triggered an out-of-bounds memory access (CVE-2008-3215). This issue is corrected with the 0.93.3 release which is being provided.

Affected

clamav on Mandriva Linux 2007.1, Mandriva Linux 2007.1/X86_64, Mandriva Linux 2008.0, Mandriva Linux 2008.0/X86_64, Mandriva Linux 2008.1, Mandriva Linux 2008.1/X86_64

References

http://lists.mandriva.com/security-announce/2008-08/msg00010.php

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-2713, CVE-2008-3215

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:207 (perl-Compress-Raw-Bzip2)
Mandrake Security Advisory MDVSA-2009:136 (tomcat5)
Mandrake Security Advisory MDVSA-2009:177 (ruby)
Mandrake Security Advisory MDVSA-2009:160 (ruby)
Mandrake Security Advisory MDVSA-2009:051 (libpng)

Mandriva Update for clamav MDVSA-2008:166 (clamav)

Take action and discover your vulnerabilities