The Clamav development team released version 0.90 of their open-source antivirus toolkit today. This version contains fixes for security vulnerabilities described in a number of iDefense advisories that were simultaneously published.
ClamAV CAB File Denial of Service Vulnerability (CVE-2007-0898)
ClamAV MIME Parsing Directory Traversal Vulnerability (CVE-2007-0897)
Both vulnerabilities were resolved in ClamAV's new stable 0.90 release. Do note that users that automatically download and install signature updates are not automatically covered. When vulnerabilities in anti virus software are addressed, it is important to understand whether they are fixed in the signatures or scanning engines. Depending on the solution in use, most setups are configured to automatically update the former, while the latter may require separate upgrades.
Feb 15th 2007
1 decade ago