In association with heise online

11 April 2009, 14:05

Security Update for open source virus scanner

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The developers of the open source virus scanner ClamAV have released version 0.95.1, denoting is as simply a "bugfix release" with no security warnings. However, security service providers such as Secunia and the French Vupen (formerly FrIST) classify it as a critical safety update.

This assessment is primarily due to a potential buffer overflow in the cli_url_canon() function used to process URLs. It can be exploited with specially crafted URLs to allow attackers to compromise and execute code through the virus scanner. Updating from older versions of ClamAV is strongly advised.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit