diff options
| author | Ryan Steinmetz <zi@FreeBSD.org> | 2012-06-16 13:35:48 +0000 |
|---|---|---|
| committer | Ryan Steinmetz <zi@FreeBSD.org> | 2012-06-16 13:35:48 +0000 |
| commit | 15acbaeb2073ebf82c2e10db42581d9c8e895ec7 (patch) | |
| tree | 5d9582bd2eefbf91abcf94109b1ee3635137f9c0 | |
| parent | - Update to 0.1.5.1 (diff) | |
- Document recent vulnerabilities in security/clamav: CVE-2012-1419, CVE-2012-1457, CVE-2012-1458, CVE-2012-1459
Notes
Notes:
svn path=/head/; revision=299404
| -rw-r--r-- | security/vuxml/vuln.xml | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 5dac06777f67..6d70bf5f991f 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -52,6 +52,59 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="eb12ebee-b7af-11e1-b5e0-000c299b62e1"> + <topic>clamav -- multiple vulnerabilities</topic> + <affects> + <package> + <name>clamav</name> + <range><lt>0.97.5</lt></range> + </package> + <package> + <name>clamav-devel</name> + <range><lt>20120612</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>MITRE Advisories report:</p> + <blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1419"> + <p>The TAR parser allows remote attackers to bypass malware detection + via a POSIX TAR file with an initial [aliases] character sequence.</p> + </blockquote> + <blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1457"> + <p>The TAR parser allows remote attackers to bypass malware detection + via a TAR archive entry with a length field that exceeds the total + TAR file size.</p> + </blockquote> + <blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1458"> + <p>The Microsoft CHM file parser allows remote attackers to bypass + malware detection via a crafted reset interval in the LZXC header + of a CHM file.</p> + </blockquote> + <blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1459"> + <p>The TAR file parser allows remote attackers to bypass malware + detection via a TAR archive entry with a length field + corresponding to that entire entry, plus part of the header ofxi + the next entry.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2012-1419</cvename> + <cvename>CVE-2012-1457</cvename> + <cvename>CVE-2012-1458</cvename> + <cvename>CVE-2012-1459</cvename> + <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1419</url> + <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1457</url> + <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1458</url> + <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1459</url> + </references> + <dates> + <discovery>2012-03-19</discovery> + <entry>2012-06-16</entry> + </dates> + </vuln> + <vuln vid="3c8d1e5b-b673-11e1-be25-14dae9ebcf89"> <topic>asterisk -- remote crash vulnerability</topic> <affects> |