Clamav 0.88.4 and prior DoS



According to incidents.org a denial of service vulnerability has been noted in all versions of clamav prior to 0.88.4 (inclusive). At incidents last report the download for 0.88.4 was back after disappearing for a while which seemed to indicate a fix, however. I wasn’t aware 0.88.4 had been released before today (?). It looks as though http://www.clamav.net/ has perhaps a re-release of 0.88.4? that fixes it? Clamav is a popular open source antivirus scanning engine.

–UPDATED AND CORRECTED – looking at the Secunia advisory version 0.88.3 and 0.88.2 are vulnerable others may be – and I suspect that 0.88.4 is the version that will fix it – so it looks as though 0.88.4 will be the fixed version. AGAIN – it looks as though 0.88.4 FIXES the DoS vulnerability.

   Send article as PDF   

Similar Posts