SuSE Update For Clamav SUSE-SA:2007:033 Network Vulnerability

Impact

remote denial of service

Solution

Please Install the Updated Packages.

Insight

The anti-virus scan engine ClamAV was upgraded to version 0.90.3 to fix several security bugs: - Wrong calculation of buffer-end CVE-2007-3023 - Use strict permissions for temporary files CVE-2007-3024 - Heap corruption causing denial-of-service with corrupted rar archive (no CVE assigned at this time) - Detect block list loop in OLE2 scanner CVE-2007-2650 Updated clamav packages for SUSE Linux Enterprise 10 will be released after Service Pack 1 is released.

Affected

clamav on SUSE LINUX 10.1, openSUSE 10.2, SUSE SLES 9, Open Enterprise Server, Novell Linux POS 9

References

http://www.novell.com/linux/security/advisories/2007_33_clamav.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2007-2650, CVE-2007-3023, CVE-2007-3024
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

SLES10: Security update for IBM Java 1.4.2
SLES10: Security update for ethereal
SLES10: Security update for mutt
SLES10: Security update for Linux kernel
SLES10: Security update for flac

SuSE Update for clamav SUSE-SA:2007:033

Take action and discover your vulnerabilities