[Secure-testing-commits] r2660 - data/DTSA/advs
Micah Anderson
micah at costa.debian.org
Fri Nov 4 03:16:48 UTC 2005
Author: micah
Date: 2005-11-04 03:16:46 +0000 (Fri, 04 Nov 2005)
New Revision: 2660
Added:
data/DTSA/advs/21-clamav.adv
Log:
Preparing an advisory for new clamav issues
Added: data/DTSA/advs/21-clamav.adv
===================================================================
--- data/DTSA/advs/21-clamav.adv 2005-11-04 01:19:19 UTC (rev 2659)
+++ data/DTSA/advs/21-clamav.adv 2005-11-04 03:16:46 UTC (rev 2660)
@@ -0,0 +1,28 @@
+source: clamav
+date: November 3rd, 2005
+author: Micah Anderson
+vuln-type: Denial of service
+problem-scope: remote
+debian-specific: no
+cve: CVE-2005-3239
+testing-fix: 0.87.1-0etch.1
+sid-fix: 0.87.1
+upgrade: apt-get upgrade
+
+
+Multiple security holes were found in clamav:
+
+CVE-2005-3239
+
+ The OLE2 unpacker allows remote attackers to cause a denial of service
+ by sending a DOC file with an invalid property tree, triggering
+ an infinite recursion.
+
+ A possible denial of service has been found in
+ libclamav/tnef.c (IDEF1169)
+
+ A possible debian of service has been found in
+ libclamav/mspack/cabd.c (IDEF1180)
+
+ Buffer size calculation could be by-passed due to a vulnerability
+ in libclamav/fsg.c (ZDI-CAN-004)
More information about the Secure-testing-commits
mailing list