Novell Home

CVE-2010-1311

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2010-1311 at MITRE

Description

The qtm_decompress function in libclamav/mspack.c in ClamAV before 0.96 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted CAB archive that uses the Quantum (aka .Q) compression format. NOTE: some of these details are obtained from third party information.

NVD CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Novell/SUSE information

Novell Bugzilla entry: 587363

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 10 SP3 for AMD64 and Intel EM64T
SUSE Linux Enterprise Desktop 10 SP3 for x86
SUSE Linux Enterprise SDK 10 SP3
SUSE Linux Enterprise Server 10 SP3
SUSE Linux Enterprise Server for SAP 10 SP3
  • clamav >= 0.96-0.6.1
sle10-sp3-sdk.ia64
sles10-sp3.ia64
sle10-sp3-sdk.x86-64
sles10-sp3.x86
sle10-sp3-sdk.s390x
sles10-sp3.ppc
sled10-sp3.x86
sle10-sp3-sdk.x86
sle10-sp3-sdk.ppc
sles10-sp3.x86-64
sled10-sp3.x86-64
sles10-sp3.s390x
ZYPP Patch Nr: 6990
Open Enterprise Server
  • clamav >= 0.96-2.1
core9.x86-64
core9.ia64
sles9-oes.x86
core9.s390x
core9.x86
core9.ppc
core9.s390
sles9-nlpos.x86
YOU Patch Nr: 12610
SUSE Linux Enterprise SDK 10 SP2
  • clamav >= 0.96-0.4.2
sles10-sp2.ia64
sle10-sp2-sdk.x86
sle10-sp2-sdk.s390x
sle10-sp2-sdk.x86-64
sled10-sp2.x86-64
sled10-sp2.x86
sles10-sp2.s390x
sles10-sp2.x86-64
sle10-sp2-sdk.ia64
sles10-sp2.x86
sles10-sp2.ppc
sle10-sp2-sdk.ppc
ZYPP Patch Nr: 6983

© 2014 Novell