Bugzilla – Bug 640812
clamav 0.96.3
Last modified: 2017-12-03 09:02:33 UTC
clamav 0.96.3 was released. Mainly to fix the bzip2 issue in the internal bzip2 copy. We use the system libbz2 though. So usual clamav version update.
The SWAMPID for this issue is 35995. This issue was rated as moderate. Please submit fixed packages until 2010-10-05. Also create a patchinfo file using this link: https://swamp.suse.de/webswamp/wf/35995
Update started as a recommended update. Be so kind and submit the fixed sources and a patchinfo.
CVE-2010-3434 was assigned to the changelog entry * libclamav/pdf.c: Add missing boundscheck to pdf code (bb #2226) security details are unknown yet as the bug report is not accessible
looks like it could only cause a crash http://git.clamav.net/gitweb?p=clamav-devel.git;a=commitdiff;h=dc5143b4669ae39c79c9af50d569c28c798f33da
> security details are unknown yet as the bug report is not accessible The ClamAV-Team just opened it: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2226
Update released for: clamav, clamav-db, clamav-debuginfo, clamav-debugsource Products: openSUSE 11.1 (debug, i586, ppc, x86_64) openSUSE 11.2 (debug, i586, x86_64) openSUSE 11.3 (debug, i586, x86_64)
Should this ("Status: New" and "Priority: P5 - None") bug not be marked as resolved? clamav update to version 0.96.3 : clamav-3230 (noarch): "This update is needed to fix a security vulnerability with this package. clamav version 0.96.3 fixes problems when scanning pdf files (CVE-2010-3434) and also contains numerous other bug fixes. For more information about bugs fixed by this update please visit this website: • https://bugzilla.novell.com/show_bug.cgi?id=640812 . For more information about this security update please visit this website: • http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3434 ."[Spaces added]
its still open for SLE.
Update released for: clamav, clamav-db, clamav-debuginfo, clamav-debugsource Products: SLE-DEBUGINFO 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLE-DESKTOP 11-SP1 (i386, x86_64) SLE-SERVER 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLES4VMWARE 11-SP1 (i386, x86_64)
Update released for: clamav, clamav-db, clamav-debuginfo, clamav-debugsource Products: SLE-DEBUGINFO 11 (i386, ia64, ppc64, s390x, x86_64) SLE-DESKTOP 11 (i386, x86_64) SLE-SERVER 11 (i386, ia64, ppc64, s390x, x86_64)
Update released for: clamav, clamav-db, clamav-debuginfo Products: SLE-DESKTOP 10-SP3 (i386, x86_64) SLE-SAP-APL 10-SP3 (x86_64) SLE-SDK 10-SP3 (i386, ia64, ppc, s390x, x86_64) SLE-SERVER 10-SP3 (i386, ia64, ppc, s390x, x86_64)
released
Update released for: clamav, clamav-db Products: Novell-Linux-POS 9 (i386) Open-Enterprise-Server 9 (i386) SUSE-CORE 9 (i386, ia64, ppc, s390, s390x, x86_64)
This is an autogenerated message for OBS integration: This bug (640812) was mentioned in https://build.opensuse.org/request/show/547654 15.0 / clamav