/[advisories]/24704.adv
ViewVC logotype

Annotation of /24704.adv

Parent Directory Parent Directory | Revision Log Revision Log


Revision 8513 - (hide annotations) (download)
Sun May 12 08:49:40 2019 UTC (4 years, 10 months ago) by tmb
File size: 1892 byte(s)
fix typo
1 tmb 8496 type: security
2     subject: Updated clamav packages fix security vulnerabilities
3     CVE:
4     - CVE-2019-1787
5     - CVE-2019-1788
6     - CVE-2019-1789
7     src:
8     6:
9     core:
10     - clamav-0.100.3-1.mga6
11     description: |
12     The updated packages fix security vulnerabilities:
13    
14     A vulnerability in the Portable Document Format (PDF) scanning functionality
15     of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow
16     an unauthenticated, remote attacker to cause a denial of service (DoS)
17     condition on an affected device. The vulnerability is due to a lack of
18     proper data handling mechanisms within the device buffer while indexing
19     remaining file data on an affected device. An attacker could exploit this
20     vulnerability by sending crafted PDF files to an affected device. A
21     successful exploit could allow the attacker to cause a heap buffer
22     out-of-bounds read condition, resulting in a crash that could result in a
23     denial of service condition on an affected device. (CVE-2019-1787)
24    
25     A vulnerability in the Object Linking & Embedding (OLE2) file scanning
26     functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior
27     could allow an unauthenticated, remote attacker to cause a denial of service
28     condition on an affected device. The vulnerability is due to a lack of
29     proper input and validation checking mechanisms for OLE2 files sent an
30     affected device. An attacker could exploit this vulnerability by sending
31     malformed OLE2 files to the device running an affected version ClamAV
32     Software. An exploit could allow the attacker to cause an out-of-bounds
33     write condition, resulting in a crash that could result in a denial of
34 tmb 8513 service condition on an affected device. (CVE-2019-1788)
35 tmb 8496
36     An out-of-bounds heap read condition when scanning PE files. (CVE-2019-1789)
37     references:
38     - https://bugs.mageia.org/show_bug.cgi?id=24704
39     - https://usn.ubuntu.com/3940-1/

  ViewVC Help
Powered by ViewVC 1.1.30