[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 1680-1] New clamav packages fix potential code execution

On Thu, Dec 04, 2008 at 09:26:17AM +0100, Florian Weimer wrote:

> Moritz Jodeit discovered that ClamAV, an anti-virus solution, suffers
> from an off-by-one-error in its VBA project file processing, leading to
> a heap-based buffer overflow and potentially arbitrary code execution
> (CVE-2008-5050).
> Ilja van Sprundel discovered that ClamAV contains a denial of service
> condition in its JPEG file processing because it does not limit the
> recursion depth when processing JPEG thumbnails (CVE-2008-5314).
> For the stable distribution (etch), these problems have been fixed in
> version 0.90.1dfsg-4etch16.
> For the unstable distribution (sid), these problems have been fixed in
> version 0.94.dfsg.2-1.

This looks like quite a serious bug (remote arbitrary code execution).
Are there any plans for an update to volatile?


Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)

Reply to: