[Bug 245219] New: clamav < 0.90.3 multiple vulnerabilities
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245219
Summary: clamav < 0.90.3 multiple vulnerabilities
Product: Fedora
Version: f7
Platform: All
OS/Version: Linux
Status: NEW
Severity: medium
Priority: medium
Component: clamav
AssignedTo: enrico.scholz(a)informatik.tu-chemnitz.de
ReportedBy: ville.skytta(a)iki.fi
QAContact: extras-qa(a)fedoraproject.org
CC: fedora-security-list(a)redhat.com
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3023
"unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not properly
calculate the end of a certain buffer, with unknown impact and remote attack
vectors."
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3024
"libclamav/others.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 uses
insecure permissions for temporary files that are created by the
cli_gentempstream function in clamd/clamdscan, which might allow local users to
read sensitive files."
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3122
"The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows
remote attackers to bypass scanning via a RAR file with a header flag value of
10, which can be processed by WinRAR."
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3123
"unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows
remote attackers to cause a denial of service (core dump) via a crafted RAR file
with a modified vm_codesize value, which triggers a heap-based buffer overflow."
Not checked whether 0.88.x in FC-6 and earlier are affected.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
16 years, 5 months
[Bug 237449] CVE-2007-5715 Login attempts as root may go unnoticed
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: CVE-2007-5715 Login attempts as root may go unnoticed
Alias: CVE-2007-5715
https://bugzilla.redhat.com/show_bug.cgi?id=237449
bugzilla(a)redhat.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Product|Fedora Extras |Fedora
thoger(a)redhat.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Alias| |CVE-2007-5715
Summary|Login attempts as root may |CVE-2007-5715 Login attempts
|go unnoticed |as root may go unnoticed
------- Additional Comments From thoger(a)redhat.com 2007-10-31 09:20 EST -------
CVE id CVE-2007-5715 was assigned to this old issue.
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
16 years, 5 months
Separate list for commits
by Lubomir Kundrak
Hi all,
Wit the volume of the commit messagaes and bugzilla mails this list
became less suited for discussions. Would anyone mind creating another
list, say fedora-security-commits-list, where would that sort of mails
go?
Regards,
--
Lubomir Kundrak (Security Response Team)
Red Hat Czech s.r.o., Purkynova 99/71, 612 45 Brno, Czech Republic
Registered in Brno under #CZ27690016
16 years, 6 months