[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[Backports-security-announce] Security Update for clamav

Sebastian Harl uploaded new packages for clamav which fixed the
following security problems:

CVE-2008-5050, Debian BTS #505134

  Moritz Jodeit discovered that ClamAV, an anti-virus solution, suffers
  from an off-by-one-error in its VBA project file processing, leading
  to a heap-based buffer overflow and potentially arbitrary code

CVE-2008-5314, Debian BTS #507624

  Ilja van Sprundel discovered that ClamAV contains a denial of service
  condition in its JPEG file processing because it does not limit the
  recursion depth when processing JPEG thumbnails.

For the etch-backports distribution the problems have been fixed in
version 0.94.dfsg.2-1~bpo40+1.

For the etch-volatile distribution the problems have been fixed in
versions 0.94.dfsg.1-1~volatile1 and 0.94.dfsg.2-1~volatile1.

For the stable distribution (etch), these problems have been fixed in
version 0.90.1dfsg-4etch16

For the testing and unstable distributions (lenny and sid) the problems
have been fixed in versions 0.94.dfsg.1-1 and 0.94.dfsg.2-1.

Upgrade instructions

If you don't use pinning (see [1]) you have to update the package manually via
"apt-get -t etch-backports install <packagelist>" with the packagelist of your
installed packages affected by this update.
[1] http://backports.org/dokuwiki/doku.php?id=instructions

We recommend to pin the backports repository to 200 so that new versions of
installed backports will be installed automatically. 

  Package: *
  Pin: release a=etch-backports
  Pin-Priority: 200

Attachment: signature.asc
Description: Digital signature

Reply to: