[VUA 3-1] Updated clamav packages fixes potential DoS
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ---------------------------------------------------------------------------
Debian Volatile Update Announcement VUA 3-1 http://volatile.debian.net
debian-volatile@lists.debian.org Andreas Barth
July 6th, 2005
- ---------------------------------------------------------------------------
Package : clamav
Version : 0.86.1-0volatile2
Importance : high
CVE IDs : CAN-2005-1922, CAN-2005-1923, CAN-2005-2056, CAN-2005-2070
The virus patterns available on clamav.net have started to use newer
patterns. Older scanners will not recognize viruses described by
the newer patterns.
Additionally, some security flaws were found:
CAN-2005-1922: libclamav/scanners.c: fix potential remote DoS
CAN-2005-1923: libclamav/mspack/cabd.c: fix possible infinite loop
CAN-2005-2056: libclamav/mspack/qtmd.c: fix possible crash
CAN-2005-2070: potential DoS to the sendmail interface in clamav-milter
<unassigned> : libclamav/cvd.c: fix potential directory traversal in cvd
unpacker
<unassigned> : libclamav/message.c: fix potential crash with more than one
content-disposition type line
For sarge, an updated clamav package is available in sarge/volatile
as version 0.86.1-0volatile2.
Upgrade Instructions
- --------------------
You can get the updated packages at
http://volatile.debian.net/debian-volatile/pool/volatile/main/c/clamav/
and install them with dpkg, or add
deb http://volatile.debian.net/debian-volatile sarge/volatile main
deb-src http://volatile.debian.net/debian-volatile sarge/volatile main
to your /etc/apt/sources.list. You can also use any of our mirrors.
Please see http://volatile.debian.net/mirrors.html for the full list
of mirrors. The archive signing key can be downloaded from
http://volatile.debian.net/ziyi-2005.asc
For further information about debian-volatile, please refer to
http://volatile.debian.net/.
If there are any issues, please don't hesitate to get in touch with the
volatile team.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFCy38nmdOZoew2oYURAuDLAKCcP8ku8yfOBtn7rUY1G6j1ciQHOwCggaBd
HoTp3qNWythJahHQOiP2vP0=
=xzis
-----END PGP SIGNATURE-----
Reply to: