ID de Prueba:	1.3.6.1.4.1.25623.1.0.67437
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2010:110 (clamav)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to clamav announced via advisory MDVSA-2010:110. Multiple vulnerabilities was discovered and fixed in clamav: The cli_pdf function in libclamav/pdf.c in ClamAV before 0.96.1 allows remote attackers to cause a denial of service (crash) via a malformed PDF file, related to an inconsistency in the calculated stream length and the real stream length (CVE-2010-1639). Off-by-one error in the parseicon function in libclamav/pe_icons.c in ClamAV 0.96 allows remote attackers to cause a denial of service (crash) via a crafted PE icon that triggers an out-of-bounds read, related to improper rounding during scaling (CVE-2010-1640). Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 This update provides clamav 0.96.1 which is not vulnerable to these issues. Affected: 2008.0, 2009.0, Corporate 4.0, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2010:110 Risk factor : Medium CVSS Score: 4.3
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-1639 1024017 http://www.securitytracker.com/id?1024017 39895 http://secunia.com/advisories/39895 40317 http://www.securityfocus.com/bid/40317 43752 http://secunia.com/advisories/43752 ADV-2010-1214 http://www.vupen.com/english/advisories/2010/1214 FEDORA-2011-2741 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055771.html FEDORA-2011-2743 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055777.html MDVSA-2010:110 http://www.mandriva.com/security/advisories?name=MDVSA-2010:110 SUSE-SR:2010:014 http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html clamav-clipdf-dos(58824) https://exchange.xforce.ibmcloud.com/vulnerabilities/58824 http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=commitdiff%3Bh=f0eb394501ec21b9fe67f36cbf5db788711d4236#patch2 https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2016 Common Vulnerability Exposure (CVE) ID: CVE-2010-1640 40318 http://www.securityfocus.com/bid/40318 [oss-security] 20100521 CVE Request: off by one DoS in pe_icons.c http://www.openwall.com/lists/oss-security/2010/05/21/7 clamav-parseicon-dos(58825) https://exchange.xforce.ibmcloud.com/vulnerabilities/58825 http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_plain%3Bf=ChangeLog%3Bhb=clamav-0.96.1 http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blobdiff%3Bf=libclamav/pe_icons.c%3Bh=3f1bc5be69d0f9d84e576814d1a3cc6f40c4ff2c%3Bhp=39a714f05968f9e929576bf171dd0eb58bf06bef%3Bhb=7f0e3bbf77382d9782e0189bf80f5f59a95779b3%3Bhpb=f0eb394501ec21b9fe67f36cbf5db788711d4236 https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2031
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.