Mandrake Linux Security Advisory : clamav (MDKSA-2007:172)
High Nessus Plugin ID 25969
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionA vulnerability in ClamAV was discovered that could allow remote attackers to cause a denial of service via a crafted RTF file or a crafted HTML document with a data: URI, both of which trigger a NULL dereference (CVE-2007-4510).
A vulnerability in clamav-milter, when run in black hole mode, could allow remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call (CVE-2007-4560).
Other bugs have also been corrected in 0.91.2 which is being provided with this update.
SolutionUpdate the affected packages.