ClamAV 0.93 patches security holes
The developers of the ClamAV open source virus scanner have published version 0.93, which patches several holes in addition to fixing the security vulnerability made public yesterday in the handling of crafted Windows EXE files compressed with Upack. In addition, the developers have improved a number of components that handle various file formats and added support for new file types.
The change log for ClamAV's version management system states that crafted Windows files compressed with Upack and executable files encrypted and compressed with PESpin can cause an exploitable heap-based buffer overflow.
In the new version the routines that unpack RAR archives no longer crash when they inspect crafted archives from the fuzzing test developed by the University of Oulo and CERT-FI. ClamAV also now handles manipulated ARJ archives properly. Though no details have been published, additional modifications have also been made to the unzip, SIS, cabinet, CHM and SZDD modules. Finally, the developers say that the pattern-searching files have been made more efficient, as has the signature format.
Administrators are advised to install the latest version of ClamAV as soon as possible. Linux distributors will soon be releasing updated packages that users should also install as soon as possible.
See also:
- Change log, overview of the changes in ClamAV 0.93
- Announcing ClamAV 0.93, announcement of the current version of ClamAV
- Download the current version of ClamAV
(mba)