Bug 253780 - (CVE-2007-4510) clamav-0.91.2 is available
clamav-0.91.2 is available
Product: Fedora
Classification: Fedora
Component: clamav (Show other bugs)
All Linux
medium Severity high
: ---
: ---
Assigned To: Enrico Scholz
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2007-08-21 17:09 EDT by FEver
Modified: 2007-11-30 17:12 EST (History)
1 user (show)

See Also:
Fixed In Version: 0.91.2-2.fc7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-09-07 13:18:31 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description FEver 2007-08-21 17:09:53 EDT
clamav-0.91.2 is already available. Repo version is 0.91.1.
Please update the package.

If you have any questions or suggestions related to Fever,
feel free to write them in this bug or have a look at

Don't send any messages to fevapp at o2.pl please.
Comment 1 Tomas Hoger 2007-08-24 03:08:05 EDT
New upstream version fixes multiple DoS vulnerabilities (hence severity: high),
as described e.g. here:


No CVE name was assigned to those issue yet.
Comment 2 Tomas Hoger 2007-08-24 03:57:39 EDT
Found CVE name: CVE-2007-4510


ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and
other products, allows remote attackers to cause a denial of service
(application crash) via (1) a crafted RTF file, which triggers a NULL
dereference in the cli_scanrtf function in libclamav/rtf.c; or (2) a
crafted HTML document with a data: URI, which triggers a NULL
dereference in the cli_html_normalise function in
libclamav/htmlnorm.c. NOTE: some of these details are obtained from
third party information.
Comment 3 Bojan Smojver 2007-09-04 01:12:52 EDT
Could you push this package (if it is ready) to F7 updates:

Comment 4 Fedora Update System 2007-09-07 13:18:30 EDT
clamav-0.91.2-2.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 5 akaki akakijevic 2007-09-10 02:31:36 EDT
Found CVE name: CVE-2007-4560

Description (c/p from http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4560):

clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows
remote attackers to execute arbitrary commands via shell metacharacters that are
used in a certain popen call, involving the "recipient field of sendmail."

Note You need to log in before you can comment on or make changes to this bug.