GLSA-200708-04 : ClamAV: Denial of Service
Medium Nessus Plugin ID 25869
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200708-04 (ClamAV: Denial of Service)
Metaeye Security Group reported a NULL pointer dereference in ClamAV when processing RAR archives.
A remote attacker could send a specially crafted RAR archive to the clamd daemon, resulting in a crash and a Denial of Service.
There is no known workaround at this time.
SolutionAll ClamAV users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=app-antivirus/clamav-0.91'