Hi, Sebastian Harl uploaded a security update for clamav in etch backports which fixes the following issues: CVE-2007-6335 It was discovered that an integer overflow in the decompression code for MEW archives may lead to the execution of arbitrary code. CVE-2007-6336 It was discovered that on off-by-one in the MS-ZIP decompression code may lead to the execution of arbitrary code. CVE-2007-6337 CVE-2007-6595 It was discovered that temporary files are created insecurely, which may result in local denial of service by overwriting files. CVE-2008-0314 Damian Put discovered that a buffer overflow in the handler for PeSpin binaries may lead to the execution of arbitrary code. CVE-2008-0318 Silvio Cesare discovered an integer overflow in the parser for PE headers. CVE-2008-1100 Alin Rad Pop discovered that a buffer overflow in the handler for Upack PE binaries may lead to the execution of arbitrary code. <unknown> Damian Put and Thomas Pollet discovered that a buffer overflow in the handler for WWPack-compressed PE binaries may lead to the execution of arbitrary code. CVE-2008-1387 CVE-2008-1833 CVE-2008-2713 Damian Put discovered a vulnerability in the ClamAV anti-virus toolkit's parsing of Petite-packed Win32 executables. The weakness leads to an invalid memory access, and could enable an attacker to crash clamav by supplying a maliciously crafted Petite-compressed binary for scanning. In some configurations, such as when clamav is used in combination with mail servers, this could cause a system to "fail open," facilitating a follow-on viral attack. For the etch-backports distribution the problems have been fixed in version 0.93.1.dfsg-1.1~bpo40+1. Please upgrade your clamav package as soon as possible if you use clamav from etch-backports. Alex -- Alexander Wirt, formorer@formorer.de CC99 2DDD D39E 75B0 B0AA B25C D35B BC99 BC7D 020A
Attachment:
signature.asc
Description: Digital signature