Mandriva Linux Security Advisory : clamav (MDVSA-2010:249)
High Nessus Plugin ID 51071
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionMultiple vulnerabilities were discovered and corrected in clamav :
Multiple unspecified vulnerabilities in pdf.c in libclamav in ClamAV before 0.96.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document (CVE-2010-4260, (CVE-2010-4479).
Off-by-one error in the icon_cb function in pe_icons.c in libclamav in ClamAV before 0.96.5 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. NOTE: some of these details are obtained from third-party information (CVE-2010-4261).
Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:
The updated clamav packages have been upgraded to the 0.96.5 version that is not vulnerable to these issues.
SolutionUpdate the affected packages.