|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2005-2920: clamav 0.87 | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Marcus Meissner <meissner> |
| Component: | Incidents | Assignee: | Security Team bot <security-team> |
| Status: | RESOLVED FIXED | QA Contact: | Security Team bot <security-team> |
| Severity: | Major | ||
| Priority: | P5 - None | CC: | max, mhoppe, security-team |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | All | ||
| Whiteboard: | CVE-2005-2920: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) | ||
| Found By: | Other | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
Updated packages have been submitted for 9.0, sles9, 9.2, 9.3, 10.0, and STABLE. Mbuild packages are available under /work/built/mbuild/nitsch-max-1, and on ftp://ftp.suse.com/pub/projects/clamav . Matthias, can you please test them on the scan hosts? SWAMPID: 2334 patchinfos submitted. i only submitted for "clamav", we can leave the clamav-db alone, right? Yes, those who use clamav seriously have to use freshclam to keep their virus database up to date, and so they don't need the -db package at all, but unfortunately the authors of ClamAV refused my suggestion to separate the database from the source code distribution. updated on our servers. CAN-2005-2919 CAN-2005-2920 updates and advisory released. CVE-2005-2920: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) |
from clamav announcement: This version fixes vulnerabilities in handling of UPX and FSG compressed executables. >>>> this is security related. Support for PE files, Zip and Cabinet archives has been improved and other small bugfixes have been made. The new option "--on-outdated-execute" allows freshclam to run a command when system reports a new engine version.