Bugzilla – Bug 117648
VUL-0: CVE-2005-2920: clamav 0.87
Last modified: 2021-11-03 14:53:28 UTC
from clamav announcement: This version fixes vulnerabilities in handling of UPX and FSG compressed executables. >>>> this is security related. Support for PE files, Zip and Cabinet archives has been improved and other small bugfixes have been made. The new option "--on-outdated-execute" allows freshclam to run a command when system reports a new engine version.
Updated packages have been submitted for 9.0, sles9, 9.2, 9.3, 10.0, and STABLE. Mbuild packages are available under /work/built/mbuild/nitsch-max-1, and on ftp://ftp.suse.com/pub/projects/clamav . Matthias, can you please test them on the scan hosts?
SWAMPID: 2334
patchinfos submitted. i only submitted for "clamav", we can leave the clamav-db alone, right?
Yes, those who use clamav seriously have to use freshclam to keep their virus database up to date, and so they don't need the -db package at all, but unfortunately the authors of ClamAV refused my suggestion to separate the database from the source code distribution.
updated on our servers.
CAN-2005-2919 CAN-2005-2920
updates and advisory released.
CVE-2005-2920: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)