1 |
tmb |
8496 |
type: security |
2 |
|
|
subject: Updated clamav packages fix security vulnerabilities |
3 |
|
|
CVE: |
4 |
|
|
- CVE-2019-1787 |
5 |
|
|
- CVE-2019-1788 |
6 |
|
|
- CVE-2019-1789 |
7 |
|
|
src: |
8 |
|
|
6: |
9 |
|
|
core: |
10 |
|
|
- clamav-0.100.3-1.mga6 |
11 |
|
|
description: | |
12 |
|
|
The updated packages fix security vulnerabilities: |
13 |
|
|
|
14 |
|
|
A vulnerability in the Portable Document Format (PDF) scanning functionality |
15 |
|
|
of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow |
16 |
|
|
an unauthenticated, remote attacker to cause a denial of service (DoS) |
17 |
|
|
condition on an affected device. The vulnerability is due to a lack of |
18 |
|
|
proper data handling mechanisms within the device buffer while indexing |
19 |
|
|
remaining file data on an affected device. An attacker could exploit this |
20 |
|
|
vulnerability by sending crafted PDF files to an affected device. A |
21 |
|
|
successful exploit could allow the attacker to cause a heap buffer |
22 |
|
|
out-of-bounds read condition, resulting in a crash that could result in a |
23 |
|
|
denial of service condition on an affected device. (CVE-2019-1787) |
24 |
|
|
|
25 |
|
|
A vulnerability in the Object Linking & Embedding (OLE2) file scanning |
26 |
|
|
functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior |
27 |
|
|
could allow an unauthenticated, remote attacker to cause a denial of service |
28 |
|
|
condition on an affected device. The vulnerability is due to a lack of |
29 |
|
|
proper input and validation checking mechanisms for OLE2 files sent an |
30 |
|
|
affected device. An attacker could exploit this vulnerability by sending |
31 |
|
|
malformed OLE2 files to the device running an affected version ClamAV |
32 |
|
|
Software. An exploit could allow the attacker to cause an out-of-bounds |
33 |
|
|
write condition, resulting in a crash that could result in a denial of |
34 |
tmb |
8513 |
service condition on an affected device. (CVE-2019-1788) |
35 |
tmb |
8496 |
|
36 |
|
|
An out-of-bounds heap read condition when scanning PE files. (CVE-2019-1789) |
37 |
|
|
references: |
38 |
|
|
- https://bugs.mageia.org/show_bug.cgi?id=24704 |
39 |
|
|
- https://usn.ubuntu.com/3940-1/ |