FreeBSD : clamav -- multiple vulnerabilities (b464f61b-84c7-4e1c-8ad4-6cf9efffd025)

Critical Nessus Plugin ID 106427

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

ClamAV project reports :

Join us as we welcome ClamAV 0.99.3 to the family!.

This release is a security release and is recommended for all ClamAV users.

CVE-2017-12374 ClamAV UAF (use-after-free) Vulnerabilities

CVE-2017-12375 ClamAV Buffer Overflow Vulnerability

CVE-2017-12376 ClamAV Buffer Overflow in handle_pdfname Vulnerability

CVE-2017-12377 ClamAV Mew Packet Heap Overflow Vulnerability

CVE-2017-12378 ClamAV Buffer Over Read Vulnerability

CVE-2017-12379 ClamAV Buffer Overflow in messageAddArgument Vulnerability

CVE-2017-12380 ClamAV Null Dereference Vulnerability

Solution

Update the affected package.

See Also

https://blog.clamav.net/2018/01/clamav-0993-has-been-released.html

http://www.nessus.org/u?1b9c164f

Plugin Details

Severity: Critical

ID: 106427

File Name: freebsd_pkg_b464f61b84c74e1c8ad46cf9efffd025.nasl

Version: 1.5

Type: local

Published: 2018/01/29

Updated: 2018/11/23

Dependencies: 12634

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:clamav, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2018/01/26

Vulnerability Publication Date: 2018/01/25

Reference Information

CVE: CVE-2017-12374, CVE-2017-12375, CVE-2017-12376, CVE-2017-12377, CVE-2017-12378, CVE-2017-12379, CVE-2017-12380