On Wed, 2006-12-06 at 15:40 +0100, Hendrik Weimer wrote: > Package: clamav > Version: 0.88.6-1 > Tags: security > Severity: important > > As reported in http://www.quantenblog.net/security/virus-scanner-bypass > ClamAV contains a denial of service vulnerability when fed with a mail > containing a large number of multipart layers. This is due to a > recursion-based stack overflow in the function parseEmailBody > (mbox.c). Arbitrary code execution is proably not possible.
This is already fixed in 0.90RC2. -Nigel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
