|
File Multiple Denial of Service Vulnerabilities
Solution: The vendor released an advisory and updates to address these issues. NOTE: As reported by AMaViS, both of these issues (as they affect AMaViS products) are due to previous patch errors. Information on the original issues can be found in CVE-2007-1536 and CVE-2007-2026. The issues have been fixed with the latest release of AMaViSD-New 2.5.1 and File 4.21. - AMaViS contains a denial-of-service vulnerability. This issue was purportedly resolved with the release of 'file-4.21', yet the vulnerability in the POSIX regex(3) library remained present due to an oversight in the AMaViS patch. The issue has been corrected in the latest version. - AMaViS contains a buffer-overflow vulnerability in 'file(1)'. Reportedly, the AMaViS fix for the original security issue in file(1) utility version 4.20 (CVE-2007-1536) introduced an entirely new integer underflow. The new issue is outlined in CVE-2007-2799. The issue has been corrected in the latest version. Please see the vendor references for more information. OpenBSD OpenBSD 4.0
Apple Mac OS X 10.4.11
Apple Mac OS X Server 10.4.11
Apple Mac OS X 10.5.2
Apple Mac OS X Server 10.5.2 |
|
|
Privacy Statement |
