Mandrake Local Security Checks : Mandrake Security Advisory MDVSA-2008:239 (clamav)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.62909

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDVSA-2008:239 (clamav)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to clamav
announced via advisory MDVSA-2008:239.

Ilja van Sprundel found that ClamAV contained a denial of service
vulnerability in how it handled processing JPEG files, due to it
not limiting the recursion depth when processing JPEG thumbnails
(CVE-2008-5314).

Other bugs have also been corrected in 0.94.2 which is being provided
with this update.

Affected: 2008.0, 2008.1, 2009.0, Corporate 3.0, Corporate 4.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2008:239

Risk factor : Medium

CVSS Score:
4.3

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-5314
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
BugTraq ID: 32555
http://www.securityfocus.com/bid/32555
Debian Security Information: DSA-1680 (Google Search)
http://www.debian.org/security/2008/dsa-1680
https://www.exploit-db.com/exploits/7330
http://security.gentoo.org/glsa/glsa-200812-21.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:239
http://lurker.clamav.net/message/20081126.150241.55b1e092.en.html
http://www.openwall.com/lists/oss-security/2008/12/01/8
http://osvdb.org/50363
http://www.securitytracker.com/id?1021296
http://secunia.com/advisories/32926
http://secunia.com/advisories/32936
http://secunia.com/advisories/33016
http://secunia.com/advisories/33195
http://secunia.com/advisories/33317
http://secunia.com/advisories/33937
SuSE Security Announcement: SUSE-SR:2008:028 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html
http://www.ubuntu.com/usn/usn-684-1
http://www.vupen.com/english/advisories/2008/3311
http://www.vupen.com/english/advisories/2009/0422
XForce ISS Database: clamav-special-dos(46985)
https://exchange.xforce.ibmcloud.com/vulnerabilities/46985

Copyright Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.62909
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2008:239 (clamav)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to clamav announced via advisory MDVSA-2008:239. Ilja van Sprundel found that ClamAV contained a denial of service vulnerability in how it handled processing JPEG files, due to it not limiting the recursion depth when processing JPEG thumbnails (CVE-2008-5314). Other bugs have also been corrected in 0.94.2 which is being provided with this update. Affected: 2008.0, 2008.1, 2009.0, Corporate 3.0, Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2008:239 Risk factor : Medium CVSS Score: 4.3
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-5314 http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html BugTraq ID: 32555 http://www.securityfocus.com/bid/32555 Debian Security Information: DSA-1680 (Google Search) http://www.debian.org/security/2008/dsa-1680 https://www.exploit-db.com/exploits/7330 http://security.gentoo.org/glsa/glsa-200812-21.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:239 http://lurker.clamav.net/message/20081126.150241.55b1e092.en.html http://www.openwall.com/lists/oss-security/2008/12/01/8 http://osvdb.org/50363 http://www.securitytracker.com/id?1021296 http://secunia.com/advisories/32926 http://secunia.com/advisories/32936 http://secunia.com/advisories/33016 http://secunia.com/advisories/33195 http://secunia.com/advisories/33317 http://secunia.com/advisories/33937 SuSE Security Announcement: SUSE-SR:2008:028 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html http://www.ubuntu.com/usn/usn-684-1 http://www.vupen.com/english/advisories/2008/3311 http://www.vupen.com/english/advisories/2009/0422 XForce ISS Database: clamav-special-dos(46985) https://exchange.xforce.ibmcloud.com/vulnerabilities/46985
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com