[clamav-users] CVE fix status
Zetan Drableg
zetan.drableg at gmail.com
Mon Nov 20 19:54:51 UTC 2017
Hi,
Anyone know when these CVEs will be fixed? Does clamav provide a 0.99.2
security fix branch or I need to consume 0.99.3 devel? Does EPEL backport
fixes?
CVE-2017-6418
CVE-2017-6419
CVE-2017-6420
It was discovered that ClamAV incorrectly handled parsing certain e-mail
messages. A remote attacker could possibly use this issue to cause ClamAV
to crash, resulting in a denial of service. (CVE-2017-6418
<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6418>)
It was discovered that ClamAV incorrectly handled certain malformed CHM
files. A remote attacker could use this issue to cause ClamAV to crash,
resulting in a denial of service, or possibly execute arbitrary code. This
issue only affected Ubuntu 14.04 LTS. In the default installation,
attackers would be isolated by the ClamAV AppArmor profile. (CVE-2017-6419
<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6419>)
It was discovered that ClamAV incorrectly handled parsing certain PE files
with WWPack compression. A remote attacker could possibly use this issue to
cause ClamAV to crash, resulting in a denial of service. (CVE-2017-6420
<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6420>)
Thank you
More information about the clamav-users
mailing list