From e45ecdbb1884b87c1858d0856305c02cfcfc0a12 Mon Sep 17 00:00:00 2001 From: Stefan Fritsch Date: Thu, 17 May 2007 12:18:22 +0000 Subject: advs for clamav and mydns git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@5863 e39458fd-73e7-0310-bf30-c45bca0a0e42 --- data/DTSA/advs/36-mydns.adv | 14 ++++++++++++++ data/DTSA/advs/37-clamav.adv | 27 +++++++++++++++++++++++++++ 2 files changed, 41 insertions(+) create mode 100644 data/DTSA/advs/36-mydns.adv create mode 100644 data/DTSA/advs/37-clamav.adv (limited to 'data/DTSA/advs') diff --git a/data/DTSA/advs/36-mydns.adv b/data/DTSA/advs/36-mydns.adv new file mode 100644 index 0000000000..ec1eaa7ae1 --- /dev/null +++ b/data/DTSA/advs/36-mydns.adv @@ -0,0 +1,14 @@ +source: mydns +date: April 30th, 2007 +author: Stefan Fritsch +vuln-type: multiple buffer overflows +problem-scope: remote +debian-specifc: no +cve: CVE-2007-2362 +vendor-advisory: +testing-fix: 1:1.1.0-7.1lenny1 +sid-fix: 1:1.1.0-8 +upgrade: apt-get upgrade + +Multiple buffer overflows in MyDNS allow remote attackers to cause a denial of +service (daemon crash) and possibly execute arbitrary code. diff --git a/data/DTSA/advs/37-clamav.adv b/data/DTSA/advs/37-clamav.adv new file mode 100644 index 0000000000..d6267e000d --- /dev/null +++ b/data/DTSA/advs/37-clamav.adv @@ -0,0 +1,27 @@ +source: clamav +date: April 30th, 2007 +author: Stefan Fritsch +vuln-type: several vulnerabilities +problem-scope: remote +debian-specifc: no +cve: CVE-2007-1745 CVE-2007-1997 CVE-2007-2029 +vendor-advisory: +testing-fix: 0.90.1-3lenny1 +sid-fix: 0.90.2-1 +upgrade: apt-get upgrade + +Several remote vulnerabilities have been discovered in the Clam anti-virus +toolkit. The Common Vulnerabilities and Exposures project identifies the +following problems: + +CVE-2007-1745 +It was discovered that a file descriptor leak in the CHM handler may lead to +denial of service. + +CVE-2007-1997 +It was discovered that a buffer overflow in the CAB handler may lead to the +execution of arbitrary code. + +CVE-2007-2029 +It was discovered that a file descriptor leak in the PDF handler may lead to +denial of service. -- cgit v1.2.3