Security Vulnerability May Cause Remote Code Execution in clamav < 0.97.3
http://www.gentoo.org/security/en/glsa/glsa-201110-20.xml
https://bugs.gentoo.org/show\_bug.cgi?id=387521
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3627 (not yet avail)
Affected:
- All Alpine releases including upcoming 2.3 and Edge.
To be backported to 2.2 and 2.1 at least.
Not affected:
- NA
(from redmine: issue id 780, created on 2011-10-24, closed on 2011-11-22)
- Changesets:
- Revision 805d15bf by Carlo Landmeter on 2011-10-24T19:34:04Z:
main/clamav: upgrade to 0.97.3
ref #780
- Revision 08776d53 by Natanael Copa on 2011-10-25T08:09:37Z:
main/clamav: security upgrade to 0.97.3 (CVE-2011-3627)
ref #780
http://www.gentoo.org/security/en/glsa/glsa-201110-20.xml
https://bugs.gentoo.org/show_bug.cgi?id=387521
- Revision d3125a44 by Natanael Copa on 2011-11-21T14:32:48Z:
main/clamav: security upgrade to 0.96.5 + fixes
Fixed with 0.96.5:
CVE-2010-4260
CVE-2010-4261
CVE-2010-4479
Additional fixes:
CVE-2011-1003
CVE-2011-3627
Unafected:
CVE-2011-2721 (bug was introduced with http://git.clamav.net/gitweb?p=clamav-devel.git;a=blobdiff;f=libclamav/matcher-hash.c;h=f400072368facb6da4823e347d686bb1109f1cb5;hp=f649a1e320774f596400b71d1d208dc68376a92f;hb=096cea46001153a5ac59ba9d530ae3fc89e9b4a0;hpb=bb2f6b0bda9df5b44902aacfe577e86ccaffe19a)
fixes #780