***UNCHECKED*** clamav remote code injection

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

***UNCHECKED*** clamav remote code injection

Florian Gleixner
Hi,

there are reports from email service providers, that there are attempts
to exploit clamav using prepared pdf documents in mails. See (in german):

https://www.heise.de/security/meldung/Jetzt-patchen-Angriffe-auf-Viren-Scanner-ClamAV-3951801.html

I hope, the opensuse security team will release a update for clamav soon.







signature.asc (188 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: ***UNCHECKED*** clamav remote code injection

Andreas Stieger-2
Hello,

On 01/27/2018 11:48 AM, Florian Gleixner wrote:
> there are reports from email service providers, that there are attempts
> to exploit clamav using prepared pdf documents in mails. See (in german):
>
> https://www.heise.de/security/meldung/Jetzt-patchen-Angriffe-auf-Viren-Scanner-ClamAV-3951801.html
>
> I hope, the opensuse security team will release a update for clamav soon.

Yes, follow https://bugzilla.suse.com/show_bug.cgi?id=1077732

Andreas

--
Andreas Stieger <[hidden email]>
Project Manager Security
SUSE Linux GmbH, GF: Felix Imend├Ârffer, Jane Smithard, Graham Norton,
HRB 21284 (AG N├╝rnberg)
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]