/[advisories]/24704.adv
ViewVC logotype

Contents of /24704.adv

Parent Directory Parent Directory | Revision Log Revision Log


Revision 8525 - (show annotations) (download)
Sun May 12 09:00:50 2019 UTC (6 weeks, 4 days ago) by tmb
File size: 1912 byte(s)
MGASA-2019-0162: clamav-0.100.3-1.mga6
1 type: security
2 subject: Updated clamav packages fix security vulnerabilities
3 CVE:
4 - CVE-2019-1787
5 - CVE-2019-1788
6 - CVE-2019-1789
7 src:
8 6:
9 core:
10 - clamav-0.100.3-1.mga6
11 description: |
12 The updated packages fix security vulnerabilities:
13
14 A vulnerability in the Portable Document Format (PDF) scanning functionality
15 of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow
16 an unauthenticated, remote attacker to cause a denial of service (DoS)
17 condition on an affected device. The vulnerability is due to a lack of
18 proper data handling mechanisms within the device buffer while indexing
19 remaining file data on an affected device. An attacker could exploit this
20 vulnerability by sending crafted PDF files to an affected device. A
21 successful exploit could allow the attacker to cause a heap buffer
22 out-of-bounds read condition, resulting in a crash that could result in a
23 denial of service condition on an affected device. (CVE-2019-1787)
24
25 A vulnerability in the Object Linking & Embedding (OLE2) file scanning
26 functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior
27 could allow an unauthenticated, remote attacker to cause a denial of service
28 condition on an affected device. The vulnerability is due to a lack of
29 proper input and validation checking mechanisms for OLE2 files sent an
30 affected device. An attacker could exploit this vulnerability by sending
31 malformed OLE2 files to the device running an affected version ClamAV
32 Software. An exploit could allow the attacker to cause an out-of-bounds
33 write condition, resulting in a crash that could result in a denial of
34 service condition on an affected device. (CVE-2019-1788)
35
36 An out-of-bounds heap read condition when scanning PE files. (CVE-2019-1789)
37 references:
38 - https://bugs.mageia.org/show_bug.cgi?id=24704
39 - https://usn.ubuntu.com/3940-1/
40 ID: MGASA-2019-0162

  ViewVC Help
Powered by ViewVC 1.1.26