<?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200909-04"> <title>Clam AntiVirus: Multiple vulnerabilities</title> <synopsis> Multiple vulnerabilities in ClamAV allow for the remote execution of arbitrary code or Denial of Service. </synopsis> <product type="ebuild">clamav</product> <announced>2009-09-09</announced> <revised count="01">2009-09-09</revised> <bug>264834</bug> <bug>265545</bug> <access>remote</access> <affected> <package name="app-antivirus/clamav" auto="yes" arch="*"> <unaffected range="ge">0.95.2</unaffected> <vulnerable range="lt">0.95.2</vulnerable> </package> </affected> <background> <p> Clam AntiVirus (short: ClamAV) is an anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. </p> </background> <description> <p> Multiple vulnerabilities have been found in ClamAV: </p> <ul> <li>The vendor reported a Divide-by-zero error in the PE ("Portable Executable"; Windows .exe) file handling of ClamAV (CVE-2008-6680).</li> <li>Jeffrey Thomas Peckham found a flaw in libclamav/untar.c, possibly resulting in an infinite loop when processing TAR archives in clamd and clamscan (CVE-2009-1270).</li> <li>Martin Olsen reported a vulnerability in the CLI_ISCONTAINED macro in libclamav/others.h, when processing UPack archives (CVE-2009-1371).</li> <li>Nigel disclosed a stack-based buffer overflow in the "cli_url_canon()" function in libclamav/phishcheck.c when processing URLs (CVE-2009-1372).</li> </ul> </description> <impact type="normal"> <p> A remote attacker could entice a user or automated system to process a specially crafted UPack archive or a file containing a specially crafted URL, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application, or a Denial of Service. Furthermore, a remote attacker could cause a Denial of Service by supplying a specially crafted TAR archive or PE executable to a Clam AntiVirus instance. </p> </impact> <workaround> <p> There is no known workaround at this time. </p> </workaround> <resolution> <p> All Clam AntiVirus users should upgrade to the latest version: </p> <code> # emerge --sync # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.95.2"</code> </resolution> <references> <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6680">CVE-2008-6680</uri> <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1270">CVE-2009-1270</uri> <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1371">CVE-2009-1371</uri> <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1372">CVE-2009-1372</uri> </references> <metadata tag="requester" timestamp="2009-06-01T22:30:28Z"> keytoaster </metadata> <metadata tag="submitter" timestamp="2009-08-28T09:13:38Z"> a3li </metadata> <metadata tag="bugReady" timestamp="2009-08-31T03:38:38Z"> a3li </metadata> </glsa>