Mandrake Linux Security Advisory : clamav (MDKSA-2006:184)
High Nessus Plugin ID 24569
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionAn integer overflow in previous versions of ClamAV could allow a remote attacker to cause a Denial of Service (scanning service crash) and execute arbitrary code via a Portable Executable (PE) file (CVE-2006-4182).
Another vulnerability could allow a remote attacker to cause a DoS via a crafted compressed HTML (CHM) file that causes ClamAV to read an invalid memory location (CVE-2006-5295).
These issues are corrected in ClamAV 0.88.5 which is provided with this update.
SolutionUpdate the affected packages.