diff options
author | Micah Anderson <micah@debian.org> | 2005-11-04 03:16:46 +0000 |
---|---|---|
committer | Micah Anderson <micah@debian.org> | 2005-11-04 03:16:46 +0000 |
commit | 559d8c9d82a9d152dec1313548cfe36957aeceea (patch) | |
tree | dee4abc0d447522db29bb1f3096cb349eb060193 /data/DTSA | |
parent | 3f3b1506a0aeb5e913f76373c105a5b9aae34232 (diff) |
Preparing an advisory for new clamav issues
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@2660 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data/DTSA')
-rw-r--r-- | data/DTSA/advs/21-clamav.adv | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/data/DTSA/advs/21-clamav.adv b/data/DTSA/advs/21-clamav.adv new file mode 100644 index 0000000000..381fe1d54d --- /dev/null +++ b/data/DTSA/advs/21-clamav.adv @@ -0,0 +1,28 @@ +source: clamav +date: November 3rd, 2005 +author: Micah Anderson +vuln-type: Denial of service +problem-scope: remote +debian-specific: no +cve: CVE-2005-3239 +testing-fix: 0.87.1-0etch.1 +sid-fix: 0.87.1 +upgrade: apt-get upgrade + + +Multiple security holes were found in clamav: + +CVE-2005-3239 + + The OLE2 unpacker allows remote attackers to cause a denial of service + by sending a DOC file with an invalid property tree, triggering + an infinite recursion. + + A possible denial of service has been found in + libclamav/tnef.c (IDEF1169) + + A possible debian of service has been found in + libclamav/mspack/cabd.c (IDEF1180) + + Buffer size calculation could be by-passed due to a vulnerability + in libclamav/fsg.c (ZDI-CAN-004) |