Medium Nessus Plugin ID 19934
SynopsisThe remote host is missing a vendor-supplied security patch
DescriptionThe remote host is missing the patch for the advisory SUSE-SA:2005:055 (clamav).
This update upgrades clamav to version 0.87.
It fixes vulnerabilities in handling of UPX and FSG compressed executables, which could lead to a remote attacker executing code within the daemon using clamav.
These are tracked by the Mitre CVE IDs CVE-2005-2919 and CVE-2005-2920.
Also following bugs were fixed:
- Support for PE files, Zip and Cabinet archives has been improved and other small bugfixes have been made.
- The new option '--on-outdated-execute' allows freshclam to run a command when system reports a new engine version.