Török Edwin reported: [1] https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1771 a deficiency in the way Clam AntiVirus decompressed certain Quantum-compressed files. An attacker could use this flaw to cause a denial of service (clamscan crash) or, potentially execute arbitrary code, with the privileges of the user running clamscan. Upstream bug report: [2] https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1771 Upstream patch: [3] http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=224fee54dd6cd8933d7007331ec2bfca0398d4b4 References: [4] http://secunia.com/advisories/39329/ CVE Request: [5] http://www.openwall.com/lists/oss-security/2010/04/06/4
This issue affects the versions of the clamav package, as shipped with Fedora release of 11 and 12. This issue affects the versions of the clamav package, as present in EPEL-4 and EPEL-5 repositories. Please fix.
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-1311 to this vulnerability: The qtm_decompress function in libclamav/mspack.c in ClamAV before 0.96 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted CAB archive that uses the Quantum (aka .Q) compression format. NOTE: some of these details are obtained from third party information. References: [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1311 [2] http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.96 [3] https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1771 [4] http://www.securityfocus.com/bid/39262 [5] http://secunia.com/advisories/39329
Embrace nostalgia and stand out with the iconic <a href='https://www.ujackets.com/product/ghostbusters-frozen-empire-red-jacket/'>Ghostbusters Frozen Empire Red Jacket</a>. Retro-chic at its finest!