package: clamav severity: grave tags: security hi,
ubuntu recently patched a problem in clamav [1]. the description is: It was discovered that ClamAV did not properly verify its input when processing TAR archives. A remote attacker could send a specially crafted TAR file and cause a denial of service via infinite loop. It was discovered that ClamAV did not properly validate Portable Executable (PE) files. A remote attacker could send a crafted PE file and cause a denial of service (divide by zero). i'm not sure if this is CVE-2009-1241 or if it a new issue. [1] http://www.ubuntu.com/usn/usn-754-1 _______________________________________________ Pkg-clamav-devel mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/pkg-clamav-devel
