|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 3054 CVE : CVE-2007-4510 SecurityRisk : Medium  (About) Remote Exploit : No Local Exploit : Yes Exploit Available : No Credit : Kolab Security Published : 26.08.2007
Advisory Content : -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Kolab Security Issue 17 20070821 ================================ Package: Kolab Server, ClamAV Vulnerability: various Kolab Specific: no Dependent Packages: none Summary ~~~~~~~ A list of fixes relevant for Kolab installations: - libclamav/rtf.c: fix possible NULL dereference (bb#611) - libclamav/ole2_extract.c: properly initialise hdr.max_block_no (bb#603) - libclamav/htmlnorm.c: fix possible NULL dereference (bb#582), thanks to Stefanos Stamatis - libclamav/htmlnorm.c: fix call to tolower() (bb#580) - libclamav/filetypes.c: some embedded PEs were not being detected - libclamav/pdf.c: Bug 618, --block-max not always honoured - libclamav/pdf.c: Bug 608 - libclamav/matcher-ac.c: fix matching of patterns with prefixes and some other issues spotted by Glen <daineng*gmail.com> Affected Versions ~~~~~~~~~~~~~~~~~ This affects versions of ClamAV up to version 0.91.1. Kolab Server 2.1.0 and previous releases of the 2.1 branch are affected. Kolab Server 2.0.4 and previous releases of the 2.0 branch are affected. Kolab Server 2.2-beta1 is affected. Fix ~~~ Upgrade to ClamAV 0.91.2. The ClamAV source RPM is available from the Kolab download mirrors as: security-updates/20070821/clamav-0.91.2-20070821_kolab.src.rpm A binary RPM for Kolab Server 2.1.0 (ix86 Debian GNU/Linux Sarge) is available: security-updates/20070821/clamav-0.91.2-20070821_kolab.ix86-debian3.1-kolab .rpm All other server versions: Please build from the src.rpm. The mirrors are listed on http://kolab.org/mirrors.html While the mirrors are catching up, you can also get the package via rsync: # rsync -tvP rsync://rsync.kolab.org/kolab/server/security-updates/20070821/clamav-0.91. 2-20070821_kolab.src.rpm . # rsync -tvP rsync://rsync.kolab.org/kolab/server/security-updates/20070821/clamav-0.91. 2-20070821_kolab.ix86-debian3.1-kolab.rpm . MD5 sums: 99f228b485e05b7e84990a3da5eaf946 clamav-0.91.2-20070821_kolab.src.rpm afd3608730b39e0b5aa66585226d822a clamav-0.91.2-20070821_kolab.ix86-debian3.1-kolab.rpm The package can be installed on your Kolab Server with # /kolab/bin/openpkg rpm --rebuild clamav-0.91.2-20070821_kolab.src.rpm # /kolab/bin/openpkg rpm -Uvh /kolab/RPM/PKG/clamav-0.91.2-20070821_kolab.<ARCH>-<OS>-kolab.rpm # rm /kolab/etc/clamav/clamd.conf.rpmsave # /kolab/bin/openpkg rc clamav restart # su - kolab-r $ freshclam For Kolab Server 2.0.4 you have to copy the new /kolab/etc/clamav/clamd.conf to /kolab/etc/kolab/templates/clamd.conf.template so it will not be overwritten by kolabconf. Do NOT copy this file with Kolab Server 2.1 or 2.2! Details ~~~~~~~ http://sourceforge.net/project/shownotes.php?release_id=533658 ClamAV 0.91.2 release notes Timeline ~~~~~~~~ 20070821 ClamAV release 0.91.2. 20070821 OpenPKG 0.91.2 package release. 20070821 Kolab Server security advisory published. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFGyxf7W7P1GVgWeRoRArWCAJ4sxOMgGgxS1Bt5BqzT+XBrExiziwCfZ8Wh b/FwiCPRuVFSWM5kgHN5wF8= =ZDHG -----END PGP SIGNATURE-----  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
| PHP | |
|
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |