Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 27 Apr 2013 15:49:09 -0700
From: Felix Gröbert <groebert@...gle.com>
To: kseifried@...hat.com
Cc: oss-security@...ts.openwall.com, Henri Salo <henri@...v.fi>, 
	Jan Lieskovsky <jlieskov@...hat.com>, "Steven M. Christey" <coley@...us.mitre.org>, draynor@...rcefire.com
Subject: Re: Multiple potential security issues fixed in ClamAV
 0.97.8 - any further details?

Hi,

sorry for the delayed response, I'm OOO.

The bugs should be public now:

https://bugzilla.clamav.net/show_bug.cgi?id=7055
heap corruption, potentially exploitable.

https://bugzilla.clamav.net/show_bug.cgi?id=7053
overflow due to PDF key length computation. Potentially exploitable.

https://bugzilla.clamav.net/show_bug.cgi?id=7054
NULL pointer dereference in sis parsing.

When building clamav I recommend disabling legacy or unneeded features
(e.g. sis). I guess that's common sense though.

Cheers
Felix

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.