Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security (at) gentoo (dot) org [email concealed] or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2010 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
Gentoo Linux Security Advisory GLSA 201009-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Clam AntiVirus: Multiple vulnerabilities
Date: September 07, 2010
Bugs: #314087, #321157
ID: 201009-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been reported in Clam AntiVirus.
Background
==========
Clam AntiVirus (short: ClamAV) is an anti-virus toolkit for UNIX,
designed especially for e-mail scanning on mail gateways.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-antivirus/clamav < 0.96.1 >= 0.96.1
Description
===========
Multiple vulnerabilities were discovered in Clam AntiVirus. For further
information, please consult the CVE entries referenced below.
Impact
======
A remote attacker could possibly bypass virus detection or cause a
Denial of Service.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Clam AntiVirus users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.96.1"
References
==========
[ 1 ] CVE-2010-0098
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0098
[ 2 ] CVE-2010-1311
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1311
[ 3 ] CVE-2010-1639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1639
[ 4 ] CVE-2010-1640
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1640
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201009-06.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security (at) gentoo (dot) org [email concealed] or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2010 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
iQIcBAEBCAAGBQJMhpFIAAoJEByNLmvcM7Du65kQAJbe9ZWNVjWNmgW8yH/lbZzr
0zX68FXR2eupIfmVU48h4rSa+tXRqTJE0DlTXylOiIDU9ns1z+VTBvEPPlefbjzg
K/IG6JIfNXTWd4ahNN6S9VFPEFkBdiYmluc0yFCuJ7KwpcccU0g6O7a+Soy54aD8
jan5zdOWO510zDyOYoYDwJU1lp3i4tUh2QxxgZGHN54BfpswRrdQQm5JnMeicorC
5wD8dexfNL1zaopUIb7QVy5pZ1L5wks0z4N+Eiw/IswrCGjk5xKBHEP/IEpVessK
3uOXZCtNsm3GjYANMaEUctMJeeuAYvGrzBjplJtbsDWimEeBO7FXpanKxw9wxLqx
3OeEF+SKEmGuauv3cyJKLv0WMnByjBEXUdgptQ1tjT714AcoOhoatJg1FQS8Ge00
jXdWR3/CL8qpm2qmJ26Ex+xLyW68mWnTw/ljSEz6BhkpHxgiMmfWjvxg5RZFulGi
6ob4hOWPfUSAx1zm3Ea0VQgdnEvCZJqcloVnvwihpdYRykGw7kzXHAiRvXMGPV5I
eVYeN+8UAjx7+6w09FxqogxiKymdJCDYBR4r+wztY2FJ13rc+7O0SHbzQAXknFpE
G4N0dLrDI3aVw8qwCdj5IWUZcsMJKbT42SFrDacOXVbPlDxfVYDKWX93wRCSc9EC
M/Om1dJinFOTq2O2rXli
=ZHaH
-----END PGP SIGNATURE-----
[ reply ]