------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-39 security@pardus.org.tr ------------------------------------------------------------------------ Date: 2008-09-06 Severity: 3 Type: Remote ------------------------------------------------------------------------ Summary ======= There has been discovered multiple vulnerabilities in Clamav including a DoS (Denial of Service) vulnerability and memory leaks. Description =========== The first vulnerability is caused due to an error in libclamav/chmunpack.c when processing malformed CHM files. This can be exploited to cause an invalid memory access via a specially crafted CHM file. Others as follow: * Out-of-memory null dereference (bb#1141) CVE-2008-3912 * Possible invalid memory access (bb#1089) CVE-2008-1389 * Error path memory leaks CVE-2008-3913 * Fd leaks (bb#1141) CVE-2008-3914 Affected packages: Pardus 2008: clamav, all before 0.93.3-28-2 Pardus 2007: clamav, all before 0.93.3-30-29 Resolution ========== There are update(s) for clamav. You can update them via Package Manager or with a single command from console: Pardus 2008: pisi up clamav Pardus 2007: pisi up clamav References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=8110 * http://int21.de/cve/CVE-2008-1389-clamav-chd.html * http://secunia.com/advisories/31725 ------------------------------------------------------------------------ -- Pınar Yanardağ Pardus Security Team http://security.pardus.org.tr _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/