A vulnerability has been discovered in ClamAV, allowing for a Denial of Service.
|Package||app-antivirus/clamav on all architectures|
|Affected versions||< 0.91|
|Unaffected versions||>= 0.91|
ClamAV is a GPL virus scanner.
Metaeye Security Group reported a NULL pointer dereference in ClamAV when processing RAR archives.
A remote attacker could send a specially crafted RAR archive to the clamd daemon, resulting in a crash and a Denial of Service.
There is no known workaround at this time.
All ClamAV users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.91"
August 09, 2007
August 09, 2007: 01