Mandriva Linux Security Advisory : clamav (MDVSA-2009:327)
Critical Nessus Plugin ID 43076
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionMultiple vulnerabilities has been found and corrected in clamav :
Unspecified vulnerability in ClamAV before 0.95 allows remote attackers to bypass detection of malware via a modified RAR archive (CVE-2009-1241).
libclamav/pe.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (crash) via a crafted EXE file that triggers a divide-by-zero error (CVE-2008-6680).
libclamav/untar.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (infinite loop) via a crafted file that causes (1) clamd and (2) clamscan to hang (CVE-2009-1270).
The CLI_ISCONTAINED macro in libclamav/others.h in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) via a malformed file with UPack encoding (CVE-2009-1371).
Stack-based buffer overflow in the cli_url_canon function in libclamav/phishcheck.c in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted URL (CVE-2009-1372).
Important notice about this upgrade: clamav-0.95+ bundles support for RAR v3 in libclamav which is a license violation as the RAR v3 license and the GPL license is not compatible. As a consequence to this Mandriva has been forced to remove the RAR v3 code.
Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers
This update provides clamav 0.95.2, which is not vulnerable to these issues. Additionally klamav-0.46 is being provided that has support for clamav-0.95+.
SolutionUpdate the affected packages.