Upstream information
Description
The qtm_decompress function in libclamav/mspack.c in ClamAV before 0.96 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted CAB archive that uses the Quantum (aka .Q) compression format. NOTE: some of these details are obtained from third party information.NVD CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Novell/SUSE information
Novell Bugzilla entry: 587363 SUSE Security Advisories:- SUSE-SR:2010:010, published Tue, 27 Apr 2010 13:00:00 +0000
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| SUSE Linux Enterprise Desktop 10 SP3 for AMD64 and Intel EM64T SUSE Linux Enterprise Desktop 10 SP3 for x86 SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3 |
| sle10-sp3-sdk.ia64 sles10-sp3.ia64 sle10-sp3-sdk.x86-64 sles10-sp3.x86 sle10-sp3-sdk.s390x sles10-sp3.ppc sled10-sp3.x86 sle10-sp3-sdk.x86 sle10-sp3-sdk.ppc sles10-sp3.x86-64 sled10-sp3.x86-64 sles10-sp3.s390x ZYPP Patch Nr: 6990 |
| Open Enterprise Server |
| core9.x86-64 core9.ia64 sles9-oes.x86 core9.s390x core9.x86 core9.ppc core9.s390 sles9-nlpos.x86 YOU Patch Nr: 12610 |
| SUSE Linux Enterprise SDK 10 SP2 |
| sles10-sp2.ia64 sle10-sp2-sdk.x86 sle10-sp2-sdk.s390x sle10-sp2-sdk.x86-64 sled10-sp2.x86-64 sled10-sp2.x86 sles10-sp2.s390x sles10-sp2.x86-64 sle10-sp2-sdk.ia64 sles10-sp2.x86 sles10-sp2.ppc sle10-sp2-sdk.ppc ZYPP Patch Nr: 6983 |