[qmailtoaster] Current simscan problems due to clamav issues

Fri, 26 Jan 2018 10:12:58 -0800 

Dear all!

I have seen the same issues as you have seen today. Attackers send e-mails 
containing PDFs causing DoS problems.

German readers might read 
https://www.heise.de/security/meldung/Jetzt-patchen-Angriffe-auf-Viren-Scanner-ClamAV-3951801.html

Everyone should update to 0.99.3 asap. This is openSUSEs current log for the 
latest clamav version covering several issues:

- Update to security release 0.99.3 (bsc#1077732)
  * CVE-2017-12376 (ClamAV Buffer Overflow in handle_pdfname Vulnerability)
  * CVE-2017-12377 (ClamAV Mew Packet Heap Overflow Vulnerability)
  * CVE-2017-12379 (ClamAV Buffer Overflow in messageAddArgument Vulnerability)
    - these vulnerabilities could have allowed an unauthenticated,
      remote attacker to cause a denial of service (DoS) condition
      or potentially execute arbitrary code on an affected device.
  * CVE-2017-12374 (ClamAV use-after-free Vulnerabilities)
  * CVE-2017-12375 (ClamAV Buffer Overflow Vulnerability)
  * CVE-2017-12378 (ClamAV Buffer Over Read Vulnerability)
  * CVE-2017-12380 (ClamAV Null Dereference Vulnerability)
    - these vulnerabilities could have allowed an unauthenticated,
      remote attacker to cause a denial of service (DoS) condition on an 
affected device.
  * CVE-2017-6420 (bsc#1052448)
    - this vulnerability allowed remote attackers to cause a denial of service
      (use-after-free) via a crafted PE file with WWPack compression.
  * CVE-2017-6419 (bsc#1052449)
    - ClamAV allowed remote attackers to cause a denial of service
      (heap-based buffer overflow and application crash) or possibly
      have unspecified other impact via a crafted CHM file.
  * CVE-2017-11423 (bsc#1049423)
    - The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha
      allowed remote attackers to cause a denial of service
      (stack-based buffer over-read and application crash) via a crafted CAB 
file.
  * CVE-2017-6418 (bsc#1052466)
    - ClamAV 0.99.2 allowed remote attackers to cause a denial
      of service (out-of-bounds read) via a crafted e-mail message.


--
Johannes Weberhofer
Weberhofer GmbH, Austria, Vienna

---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Reply via email to