Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2016-0402)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2016.0402

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2016-0402)

Resumen: The remote host is missing an update for the 'clamav' package(s) announced via the MGASA-2016-0402 advisory.

Descripción: Summary:
The remote host is missing an update for the 'clamav' package(s) announced via the MGASA-2016-0402 advisory.

Vulnerability Insight:
ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause
a denial of service (application crash) via a crafted mew packer
executable (CVE-2016-1371).

ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause
a denial of service (application crash) via a crafted 7z file
(CVE-2016-1372).

libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware
Protection (AMP) on Cisco Email Security Appliance (ESA) devices before
9.7.0-125 and Web Security Appliance (WSA) devices before 9.0.1-135 and
9.1.x before 9.1.1-041, allows remote attackers to cause a denial of
service (AMP process restart) via a crafted document (CVE-2016-1405).

The clavav package has been updated to version 0.99.2, fixing these issues
and other bugs. See the upstream release announcements for details.

Affected Software/OS:
'clamav' package(s) on Mageia 5.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2016-1371
BugTraq ID: 93222
http://www.securityfocus.com/bid/93222
https://foxglovesecurity.com/2016/06/13/finding-pearls-fuzzing-clamav/
http://www.ubuntu.com/usn/USN-3093-1
Common Vulnerability Exposure (CVE) ID: CVE-2016-1372
BugTraq ID: 93221
http://www.securityfocus.com/bid/93221
Common Vulnerability Exposure (CVE) ID: CVE-2016-1405
BugTraq ID: 90968
http://www.securityfocus.com/bid/90968
Cisco Security Advisory: 20160531 Cisco ESA and WSA AMP ClamAV Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160531-wsa-esa
https://github.com/vrtadmin/clamav-devel/blob/master/ChangeLog
http://www.securitytracker.com/id/1035993
http://www.securitytracker.com/id/1035994

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2016.0402
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2016-0402)
Resumen:	The remote host is missing an update for the 'clamav' package(s) announced via the MGASA-2016-0402 advisory.
Descripción:	Summary: The remote host is missing an update for the 'clamav' package(s) announced via the MGASA-2016-0402 advisory. Vulnerability Insight: ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted mew packer executable (CVE-2016-1371). ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted 7z file (CVE-2016-1372). libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware Protection (AMP) on Cisco Email Security Appliance (ESA) devices before 9.7.0-125 and Web Security Appliance (WSA) devices before 9.0.1-135 and 9.1.x before 9.1.1-041, allows remote attackers to cause a denial of service (AMP process restart) via a crafted document (CVE-2016-1405). The clavav package has been updated to version 0.99.2, fixing these issues and other bugs. See the upstream release announcements for details. Affected Software/OS: 'clamav' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-1371 BugTraq ID: 93222 http://www.securityfocus.com/bid/93222 https://foxglovesecurity.com/2016/06/13/finding-pearls-fuzzing-clamav/ http://www.ubuntu.com/usn/USN-3093-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-1372 BugTraq ID: 93221 http://www.securityfocus.com/bid/93221 Common Vulnerability Exposure (CVE) ID: CVE-2016-1405 BugTraq ID: 90968 http://www.securityfocus.com/bid/90968 Cisco Security Advisory: 20160531 Cisco ESA and WSA AMP ClamAV Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160531-wsa-esa https://github.com/vrtadmin/clamav-devel/blob/master/ChangeLog http://www.securitytracker.com/id/1035993 http://www.securitytracker.com/id/1035994
Copyright	Copyright (C) 2022 Greenbone AG