Pardus: 2011-106: clamav: Denial of Service

Posted by Benjamin D. Thomas
A vulnerability has been fixed in clamav.
------------------------------------------------------------------------
Pardus Linux Security Advisory 2011-106           security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2011-08-08
      Type: Remote
------------------------------------------------------------------------

Summary
======
A vulnerability has been fixed in clamav.


Description
==========
CVE-2011-2721:

An off-by-one error was found in the  way  the  hash  manager  of  Clam
AntiVirus, a GPL anti-virus toolkit for UNIX, performed scan of messages
with certain hashes. A remote attacker could  provide  a  message  with
specially-crafted hash signature in it, leading to  denial  of  service
(clamscan executable crash).



Affected packages:

  Pardus 2009:
    clamav, all before 0.97-44-15
  Pardus 2011:
    clamav, all before 0.97.2-47-p11


Resolution
=========
There are update(s) for clamav. You can update them via Package Manager
or with a single command from console:

  Pardus 2009:
    pisi up clamav

  Pardus 2011:
    pisi up clamav


References
=========
  * http://bugs.pardus.org.tr/show_bug.cgi?id796

------------------------------------------------------------------------