Hi, Anyone know when these CVEs will be fixed? Does clamav provide a 0.99.2 security fix branch or I need to consume 0.99.3 devel? Does EPEL backport fixes?
CVE-2017-6418 CVE-2017-6419 CVE-2017-6420 It was discovered that ClamAV incorrectly handled parsing certain e-mail messages. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2017-6418 <http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6418>) It was discovered that ClamAV incorrectly handled certain malformed CHM files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. In the default installation, attackers would be isolated by the ClamAV AppArmor profile. (CVE-2017-6419 <http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6419>) It was discovered that ClamAV incorrectly handled parsing certain PE files with WWPack compression. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2017-6420 <http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6420>) Thank you _______________________________________________ clamav-users mailing list [email protected] http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
