RE: [qmailtoaster] (another) Vulnerability in clamav

2008-11-17 Thread David Sánchez Martín 
Thanks Erik, really fast as allways,

List, please, update ASAP (i'll do it in next maintenance window) with this
new package.

Regards,

-Mensaje original-
De: Alberto Guzzetti [mailto:[EMAIL PROTECTED] 
Enviado el: lunes, 17 de noviembre de 2008 10:35
Para: qmailtoaster-list@qmailtoaster.com
Asunto: Re: [qmailtoaster] (another) Vulnerability in clamav

Thanks Erik,
you always provide a great support!

Kindly Regards,
Alberto.

Erik A. Espinoza ha scritto:
> New clamav is released on the main page.
>
> Erik
>
> On Sun, Nov 16, 2008 at 11:58 PM, David Sánchez Martín
> <[EMAIL PROTECTED]> wrote:
>   
>> Hi list,
>>
>>  For our own common interest:
>>
>>  http://www.securityfocus.com/bid/32207/discuss
>>
>>
>>  ClamAV is prone to an off-by-one heap-based buffer-overflow
vulnerability
>> because the application fails to perform adequate boundary checks on
>> user-supplied data.
>>
>>  Successfully exploiting this issue will allow attackers to execute
>> arbitrary code within the context of the affected application. Failed
>> exploit attempts will result in a denial-of-service condition.
>>
>>  Versions prior to ClamAV 0.94.1 are vulnerable.
>>
>>  Current clamav-toaster is 0.94, so, there's a chance we are affected by
>> this issue.
>>
>>  May be it's time to let clamav package be updated via OS updates?
>>
>>
>>  Best regards,
>>
>> ---
>> David Sanchez Martin
>> Administrador de Sistemas
>> [EMAIL PROTECTED]
>> GPG Key ID: 0x37E7AC1F
>>
>> E2000 Nuevas Tecnologías
>> Tel : +34 902 830500
>>
>>
>>
>> 
>
> -
>  QmailToaster hosted by: VR Hosted <http://www.vr.org>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
>   


-
 QmailToaster hosted by: VR Hosted <http://www.vr.org>
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



smime.p7s
Description: S/MIME cryptographic signature

Re: [qmailtoaster] (another) Vulnerability in clamav

2008-11-17 Thread Alberto Guzzetti 

Thanks Erik,
you always provide a great support!

Kindly Regards,
Alberto.

Erik A. Espinoza ha scritto:

New clamav is released on the main page.

Erik

On Sun, Nov 16, 2008 at 11:58 PM, David Sánchez Martín
<[EMAIL PROTECTED]> wrote:
  

Hi list,

 For our own common interest:

 http://www.securityfocus.com/bid/32207/discuss


 ClamAV is prone to an off-by-one heap-based buffer-overflow vulnerability
because the application fails to perform adequate boundary checks on
user-supplied data.

 Successfully exploiting this issue will allow attackers to execute
arbitrary code within the context of the affected application. Failed
exploit attempts will result in a denial-of-service condition.

 Versions prior to ClamAV 0.94.1 are vulnerable.

 Current clamav-toaster is 0.94, so, there's a chance we are affected by
this issue.

 May be it's time to let clamav package be updated via OS updates?


 Best regards,

---
David Sanchez Martin
Administrador de Sistemas
[EMAIL PROTECTED]
GPG Key ID: 0x37E7AC1F

E2000 Nuevas Tecnologías
Tel : +34 902 830500






-
 QmailToaster hosted by: VR Hosted 
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



  



-
QmailToaster hosted by: VR Hosted 
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [qmailtoaster] (another) Vulnerability in clamav

2008-11-17 Thread Erik A. Espinoza 
New clamav is released on the main page.

Erik

On Sun, Nov 16, 2008 at 11:58 PM, David Sánchez Martín
<[EMAIL PROTECTED]> wrote:
>
> Hi list,
>
>  For our own common interest:
>
>  http://www.securityfocus.com/bid/32207/discuss
>
>
>  ClamAV is prone to an off-by-one heap-based buffer-overflow vulnerability
> because the application fails to perform adequate boundary checks on
> user-supplied data.
>
>  Successfully exploiting this issue will allow attackers to execute
> arbitrary code within the context of the affected application. Failed
> exploit attempts will result in a denial-of-service condition.
>
>  Versions prior to ClamAV 0.94.1 are vulnerable.
>
>  Current clamav-toaster is 0.94, so, there's a chance we are affected by
> this issue.
>
>  May be it's time to let clamav package be updated via OS updates?
>
>
>  Best regards,
>
> ---
> David Sanchez Martin
> Administrador de Sistemas
> [EMAIL PROTECTED]
> GPG Key ID: 0x37E7AC1F
>
> E2000 Nuevas Tecnologías
> Tel : +34 902 830500
>
>
>

-
 QmailToaster hosted by: VR Hosted 
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[qmailtoaster] (another) Vulnerability in clamav

2008-11-16 Thread David Sánchez Martín 

Hi list,

  For our own common interest:

  http://www.securityfocus.com/bid/32207/discuss


  ClamAV is prone to an off-by-one heap-based buffer-overflow vulnerability
because the application fails to perform adequate boundary checks on
user-supplied data.

  Successfully exploiting this issue will allow attackers to execute
arbitrary code within the context of the affected application. Failed
exploit attempts will result in a denial-of-service condition.

 Versions prior to ClamAV 0.94.1 are vulnerable. 
  
 Current clamav-toaster is 0.94, so, there's a chance we are affected by
this issue.

 May be it's time to let clamav package be updated via OS updates?


 Best regards,

---
David Sanchez Martin
Administrador de Sistemas
[EMAIL PROTECTED]
GPG Key ID: 0x37E7AC1F

E2000 Nuevas Tecnologías
Tel : +34 902 830500




smime.p7s
Description: S/MIME cryptographic signature