LxCenter HyperVM & Kloxo Support

Forum



Members   Search      Help    Register    Login    Home
Home » Archive » Product Security » ClamAV PDF Processing Denial of Service Vulnerability(Vulnerability is reported in 0.96. Other versions may also be affected.)
icon4.gif  ClamAV PDF Processing Denial of Service Vulnerability [message #74650] Fri, 21 May 2010 16:39 Go to next message
Ice-Man is currently offline Ice-Man  Switzerland
Messages: 93
Registered: September 2008
Valuable Member
 
A vulnerability has been reported in ClamAV, which can be exploited
by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error within the "cli_pdf()"
function in libclamav/pdf.c when processing certain PDF files. This
can be exploited to e.g. cause a crash via specially crafted PDF
files.

The vulnerability is reported in version 0.96. Other versions may
also be affected.


version 0.96.1 available --> http://www.clamav.net/lang/en/download/sources/

Report message to a moderator

Re: ClamAV PDF Processing Denial of Service Vulnerability [message #74657 is a reply to message #74650] Fri, 21 May 2010 19:04 Go to previous messageGo to next message
LxCenter_Danny is currently offline LxCenter_Danny  Netherlands
Messages: 2068
Registered: July 2007
Location: Netherlands
Grandmaster
LxCenter Core Team Member
LxCenter Representative
Thanx will look into it asap.



LxCenter - System Operations

Report message to a moderator

Re: ClamAV PDF Processing Denial of Service Vulnerability [message #74684 is a reply to message #74657] Sat, 22 May 2010 22:44 Go to previous messageGo to next message
LxCenter_Danny is currently offline LxCenter_Danny  Netherlands
Messages: 2068
Registered: July 2007
Location: Netherlands
Grandmaster
LxCenter Core Team Member
LxCenter Representative
The rpm packages depends on sources of qmailtoaster website.
They have not released a new clamav-toaster source yet.
Altho they have seem their own problems with website hosting, maybe things are slowed down because of that.

If it takes too long than i consider take a look in the source and apply .1 myself if possible.



Please do watch the qmailtoaster website also and notify back any new packages. ( i dont look at the site every day )



LxCenter - System Operations

Report message to a moderator

Re: ClamAV PDF Processing Denial of Service Vulnerability [message #74928 is a reply to message #74650] Tue, 01 June 2010 17:24 Go to previous messageGo to next message
Ice-Man is currently offline Ice-Man  Switzerland
Messages: 93
Registered: September 2008
Valuable Member
Hi Danny,

clamav-0.96.1-1.3.36 source rpm is available:
http://mirrors.qmailtoaster.net/clamav-toaster-0.96.1-1.3.36 .src.rpm

Report message to a moderator

Re: ClamAV PDF Processing Denial of Service Vulnerability [message #74929 is a reply to message #74928] Tue, 01 June 2010 18:10 Go to previous message
LxCenter_Danny is currently offline LxCenter_Danny  Netherlands
Messages: 2068
Registered: July 2007
Location: Netherlands
Grandmaster
LxCenter Core Team Member
LxCenter Representative
http://project.lxcenter.org/issues/240



LxCenter - System Operations

Report message to a moderator

Previous Topic:ClamAV 0.94 an older will stop working April 15th
Next Topic:What is the current state of affairs?
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Tue May 21 02:18:04 EDT 2013

Total time taken to generate the page: 0.01106 seconds
.:: Contact :: Home :: Privacy ::.

Click here to lend your support to: LxCenter and make a donation at www.pledgie.com !

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software