This is the latest news from US-CERT regarding ClamAV: <><><><><><><><><><><><><><><><><><><><><><><><><>
Multiple ClamAV Vulnerabilities Original release date: April 14, 2008 at 3:32 pm Last revised: April 15, 2008 at 12:45 pm Clam AntiVirus has released ClamAV 0.93 to address multiple vulnerabilities. Two of these vulnerabilities are due to buffer overflow conditions in the handling of Upack executables in libclamav/pe.c and PeSpin packed executables in libclamav/spin.c. There are two additional vulnerabilities due to improper handling of ARJ and RAR archives. Exploitation of these vulnerabilities may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users to review the changelog and update to ClamAV 0.93 to help mitigate the risks. Relevant Url(s): <http://www.clamav.org/download/sources> <http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog> ==== This entry is available at http://www.us-cert.gov/current/index.html#clamav_pe_scanning_vulnerability -- Gerard [EMAIL PROTECTED] "What do you do when your real life exceeds your wildest fantasies?" "You keep it to yourself." Broadcast News
signature.asc
Description: PGP signature
_______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
