SuSE 10 Security Update : clamav (ZYPP Patch Number 2390)
Medium Nessus Plugin ID 29397
SynopsisThe remote SuSE 10 host is missing a security-related patch.
DescriptionThis update to ClamAV version 0.88.7 fixes various bugs :
- Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (crash) via a malformed base64-encoded MIME attachment that triggers a NULL pointer dereference. (CVE-2006-5874)
- Clam AntiVirus (ClamAV) 0.88.6 allowed remote attackers to cause a denial of service (stack overflow and application crash) by wrapping many layers of multipart/mixed content around a document, a different vulnerability than CVE-2006-5874 / CVE-2006-6406.
- Clam AntiVirus (ClamAV) 0.88.6 allowed remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file. (CVE-2006-6406)
SolutionApply ZYPP patch number 2390.