GLSA-200404-07 : ClamAV RAR Archive Remote Denial Of Service Vulnerability
Low Nessus Plugin ID 14472
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200404-07 (ClamAV RAR Archive Remote Denial Of Service Vulnerability)
Certain types of RAR archives, including those created by variants of the [email protected] worm, may cause clamav to crash when it attempts to process them.
This vulnerability causes a Denial of Service in the clamav process.
Depending on configuration, this may cause dependent services such as mail to fail as well.
A workaround is not currently known for this issue. All users are advised to upgrade to the latest version of the affected package.
SolutionClamAV users should upgrade to version 0.68.1 or later:
# emerge sync # emerge -pv '>=app-antivirus/clamav-0.68.1' # emerge '>=app-antivirus/clamav-0.68.1'