AERAsec - Network Security - Current Security Messages

Most of the links lead to the corresponding files at CERT or other organisations. So changes take place immediately, especially which patches should be installed or which changes in the configuration should be made to avoid this vulnerability. Some of the files are transferred by FTP.

By the way: If we're not publishing well-known risks inheritant in any widely used platform or program that doesn't mean this particular platform or program is safe to use!

Here you find our network security search engine!

This is some information you send:
Your Browser	CCBot/2.0
Your IP address	ec2-50-17-109-248.compute-1.amazonaws.com [50.17.109.248]
Your referer	(filtered or not existing)

Current month, Last month, Last 10 messages, Last 20 messages (index only)

Chosen message with ID ae-201206-051

System:	Mandriva Linux
Topic:	Vulnerabilities in ClamAV and Java
Links:	MDVSA-2012:094, CVE-2012-1457, CVE-2012-1458, CVE-2012-1459, MDVSA-2012:095, CVE-2012-1711, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717, CVE-2012-1718, CVE-2012-1719, CVE-2012-1723, CVE-2012-1724, CVE-2012-1725
ID:	ae-201206-051

The TAR file parser in ClamAV 0.96.4 allows remote attackers to bypass malware detection via a TAR archive entry. The Microsoft CHM file parser in ClamAV allows remote attackers to bypass malware detection using a crafted reset interval in the LZXC header of a CHM file.
Multiple vulnerabilities exist in Java for Red Hat Enterprise Linux. They allow remote attackers unautorised access as well as remote code execution and to initiate a Denial-of-Service (DoS).
Updated packages address these issues.