Test ID:	1.3.6.1.4.1.25623.1.0.61533
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDVSA-2008:189 (clamav)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to clamav announced via advisory MDVSA-2008:189. Multiple vulnerabilities were discovered in ClamAV and corrected with the 0.94 release, including: A vulnerability in ClamAV's chm-parser allowed remote attackers to cause a denial of service (application crash) via a malformed CHM file (CVE-2008-1389). A vulnerability in libclamav would allow attackers to cause a denial of service via vectors related to an out-of-memory condition (CVE-2008-3912). Multiple memory leaks were found in ClamAV that could possibly allow attackers to cause a denial of service via excessive memory consumption (CVE-2008-3913). A number of unspecified vulnerabilities in ClamAV were reported that have an unknown impact and attack vectors related to file descriptor leaks (CVE-2008-3914). Other bugs have also been corrected in 0.94 which is being provided with this update. Because this new version has increased the major of the libclamav library, updated dependent packages are also being provided. Affected: 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2008:189 Risk factor : Critical CVSS Score: 10.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-1389 http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html BugTraq ID: 30994 http://www.securityfocus.com/bid/30994 BugTraq ID: 31681 http://www.securityfocus.com/bid/31681 https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00332.html https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00348.html http://security.gentoo.org/glsa/glsa-200809-18.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:189 http://int21.de/cve/CVE-2008-1389-clamav-chd.html http://www.securitytracker.com/id?1020805 http://secunia.com/advisories/31725 http://secunia.com/advisories/31906 http://secunia.com/advisories/31982 http://secunia.com/advisories/32030 http://secunia.com/advisories/32222 http://secunia.com/advisories/32699 SuSE Security Announcement: SUSE-SR:2008:018 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html http://www.vupen.com/english/advisories/2008/2484 http://www.vupen.com/english/advisories/2008/2564 http://www.vupen.com/english/advisories/2008/2780 Common Vulnerability Exposure (CVE) ID: CVE-2008-3912 BugTraq ID: 31051 http://www.securityfocus.com/bid/31051 Debian Security Information: DSA-1660 (Google Search) http://www.debian.org/security/2008/dsa-1660 https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1141 http://www.openwall.com/lists/oss-security/2008/09/03/2 http://www.openwall.com/lists/oss-security/2008/09/04/13 http://www.securitytracker.com/id?1020828 http://secunia.com/advisories/32424 XForce ISS Database: clamav-libclamav-dos(45056) https://exchange.xforce.ibmcloud.com/vulnerabilities/45056 Common Vulnerability Exposure (CVE) ID: CVE-2008-3913 XForce ISS Database: clamav-manager-dos(45057) https://exchange.xforce.ibmcloud.com/vulnerabilities/45057 Common Vulnerability Exposure (CVE) ID: CVE-2008-3914 XForce ISS Database: clamav-multiple-unspecified(45058) https://exchange.xforce.ibmcloud.com/vulnerabilities/45058
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.