ClamAV update patches two vulnerabilities

By
Follow google news

ClamAV users are urged to upgrade to the latest version to correct two vulnerabilities that could crash the free, open-source anti-virus toolkit and lead to an attacker hijacking infected systems.


ClamAV is a popular toolkit for Unix-like operating systems and is mainly deployed to secure email exchange servers.
According to the SANS Internet Storm Center, the more serious of two bugs is related to the handling of PE (portable executable) file format. The other vulnerability is caused by a memory access error in CHM, the file extension for compressed HTML help files, according to Secunia, which has labeled both flaws "highly critical."
For attackers to exploit the two bugs, they must send "specially constructed executable files through a mail gateway or personal anti-virus client utilizing the ClamAV scanning engine."
Users who upgrade to version 0.88.5 should avoid problems. William Salusky, a SANS handler, said in a blog post Monday that alternatively, users could download release candidate v0.90RC1 from the ClamAV site.
 Click here to email Dan Kaplan.

Add iTnews as your trusted source

Add iTnews As Your Trusted Source Add iTnews As Your Trusted Source
Got a news tip for our journalists? Share it with us anonymously here.
Tags:
clamavpatchessecuritytwoupdatevulnerabilities

Sponsored Whitepapers

5 reasons to adopt a mobile first security strategy
5 reasons to adopt a mobile first security strategy
Uncomplicate IT Service Delivery with AI Agents
Uncomplicate IT Service Delivery with AI Agents
Getting ahead of the tech: what’s next for Australian organisations in digital transformation
Getting ahead of the tech: what’s next for Australian organisations in digital transformation
Fintech compliance made fast and secure
Fintech compliance made fast and secure
How to evaluate SIEM solutions Safeguarding your future Get a demo Download guide
How to evaluate SIEM solutions Safeguarding your future Get a demo Download guide

Events

Most Read Articles

NAB is co-designing a SIEM with Databricks

NAB is co-designing a SIEM with Databricks
Australia's critical infrastructure security laws "toothless"

Australia's critical infrastructure security laws "toothless"
Gov proposes disclosure delay for most serious cyberattacks

Gov proposes disclosure delay for most serious cyberattacks
US regulator bans imports of new foreign-made routers

US regulator bans imports of new foreign-made routers
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio

Log In

  |  Forgot your password?