Ubuntu
clamav package

[clamav] [CVE-2007-6595] [CVE-2008-0318] execution of arbitrary / DoS vulnerability

Bug #195685 reported by disabled.user on 2008-02-26

This bug report is a duplicate of: Bug #191150: possible integer overflow. Edit Remove

256

Affects		Status	Importance	Assigned to	Milestone
	clamav (Ubuntu)	New	Undecided	Unassigned

Bug Description

Binary package hint: clamav

References:
DSA-1497-1 (http://www.debian.org/security/2008/dsa-1497)

Quoting:
"Several vulnerabilities have been discovered in the Clam anti-virus
toolkit, which may lead to the execution of arbitrary or local denial
of service. The Common Vulnerabilities and Exposures project identifies
the following problems:

CVE-2007-6595

It was discovered that temporary files are created insecurely,
which may result in local denial of service by overwriting files.

CVE-2008-0318

Silvio Cesare discovered an integer overflow in the parser for PE
headers."

CVE References

Revision history for this message

Leonel Nunez (leonelnunez) wrote on 2008-02-26:

This already was fixed see https://bugs.edge.launchpad.net/ubuntu/+source/clamav/+bug/191150

Report a bug

This report contains Public Security information

Everyone can see this security related information.

Duplicate of bug #191150 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuclamav package