remote denial of service

Please Install the Updated Packages.

The anti-virus scan engine ClamAV was updated to the version 0.90 to fix various bugs including 2 security bugs: CVE-2007-0897: A file descriptor leak in the handling of CAB files can lead to a denial of service attack against the clamd scanner daemon caused by remote attackers. CVE-2007-0898: A directory traversal in handling of MIME E-Mail headers could be used by remote attackers to overwrite local files owned by the user under which clamd is running. Since clamd is running as &quot vscan&quot user on SUSE, it would only be able to overwrite files owned by &quot vscan&quot .

clamav on SUSE LINUX 10.1, openSUSE 10.2, SUSE SLES 9, Open Enterprise Server, Novell Linux POS 9, SUSE SLES 10

• http://www.novell.com/linux/security/advisories/2007_17_clamav.html

---

Updated on 2015-03-25