more on dns CVE-2008-1447

Nas mailling lists diz-se que os ataques começaram…

in <http://permalink.gmane.org/gmane.linux.redhat.fedora.general/306278> we see this text:

The DNS attacks are starting!!! Below is a snippet of a logwatch from last night. Be sure all DNS servers are updated if at all possible. The spooks are out in full on this security vulnerability in force. THIS IS YOUR LAST WARNING…!!! Patch or Upgrade NOW! … this ought to be an interesting weekend.

— Paul Vixie

clamav, my nightmare

Falha de segurança de 2007, mas isto está a falhar demasiadas vezes para ser considerado um problema normal.

Mon, Sep 03 14:55:00 CEST 2007

Security Update for clamav

Sebastian Harl uploaded new packages for clamav which fixed the following security problems:

CVE-2007-4510

  It was discovered that the RTF and RFC2397 parsers can be tricked
into dereferencing a NULL pointer, resulting in denial of service.

CVE-2007-4560

  It was discovered clamav-milter performs insufficicient input
sanitising, resulting in the execution of arbitrary shell commands.