[SECURITY] [DLA 1953-1] clamav security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : clamav
Version : 0.101.4+dfsg-0+deb8u1
CVE ID : CVE-2019-12625 CVE-2019-12900
Debian Bug : 34359
It was discovered that clamav, the open source antivirus engine, is affected by
the following security vulnerabilities:
CVE-2019-12625
Denial of Service (DoS) vulnerability, resulting from excessively long scan
times caused by non-recursive zip bombs. Among others, this issue was
mitigated by introducing a scan time limit.
CVE-2019-12900
Out-of-bounds write in ClamAV's NSIS bzip2 library when attempting
decompression in cases where the number of selectors exceeded the max limit
set by the library.
This update triggers a transition from libclamav7 to libclama9. As a result,
several other packages will be recompiled against the fixed package after the
release of this update: dansguardian, havp, python-pyclamav, c-icap-modules.
For Debian 8 "Jessie", these problems have been fixed in version
0.101.4+dfsg-0+deb8u1.
We recommend that you upgrade your clamav packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQGzBAEBCgAdFiEEeDb9QWtkMa2LX4zREeMFjl5EGkIFAl2fDS0ACgkQEeMFjl5E
GkLxrAwArgwYlqhbWd15AMnGY4xS1cefVV3XYR9kZ2HJbeql+ygS3Twr5gKbzzqQ
XM1W/yxJV/3rlbXr8ygOVRQ8uv+X1ib7jlZY/rumnDj4yrGK2I75gLxOgFHaCKzc
9jhVgagtv4Tob2kP6FT6V0sChtqDlcqzKS+UERVWhKR6lznhQYVSmAfL/iDyVO9s
o9BgXTYRmk63El33APzdgUiG93iH08A/bvcW0djJ9pniUbZuR6w/BPZHm3sPAfKx
L+wi9Cd7iR/7Ts0EeCkneBlfww6L1Yh/TXYOlTFG1ehY8V5kipcFy1knyBSvA+4H
OJFSR167Xh6XBAQ1z1KE6fgLc2Mo2fPONQY3CjSfng3rPOAjRLaanzfVAjtI7fty
bhGZQZIVSu+bEEhmwQem/W+HMp3E4NeionS65TOf0kksPdIqxK7vWdcVcqMqhyt/
IQol0ByOAmBsdU13HTMjTXt68rnXreNH0NvNpdFxbLdgoHtDeazn0kcHEjr+/npi
Wwdiyjw2
=qTUn
-----END PGP SIGNATURE-----
Reply to: