-----------------------------------------------------------------------
Debian Stable Updates Announcement SUA 146-1 https://www.debian.org
debian-release@lists.debian.org Sebastian A. Siewior
July 31st, 2018
-----------------------------------------------------------------------
Package : clamav
Version : 0.100.1+dfsg-0+deb9u1
Importance : medium
ClamAV is an AntiVirus toolkit for Unix.
Upstream published version 0.100.1.
This is a mostly a bug-fix release. The changes are not strictly
required for operation, but users of the previous version in stretch
may not be able to make use of all current virus signatures and might
get warnings.
Changes since 0.100.0 currently in stretch include fixes for two
security issues.
CVE-2018-0360
ClamAV before 0.100.1 has an HWP integer overflow with a resultant
infinite loop via a crafted Hangul Word Processor file.
CVE-2018-0361
ClamAV before 0.100.1 lacks a PDF object length check, resulting
in an unreasonably long time to parse a relatively small file.
If you use clamav, we recommend that you install this update.
Upgrade Instructions
--------------------
You can get the updated packages by adding the stable-updates archive
for your distribution to your /etc/apt/sources.list:
deb http://ftp.debian.org/debian stretch-updates main
deb-src http://ftp.debian.org/debian stretch-updates main
You can also use any of the Debian archive mirrors. See
https://www.debian.org/mirrors/list for the full list of mirrors.
For further information about stable-updates, please refer to
https://lists.debian.org/debian-devel-announce/2011/03/msg00010.html
If you encounter any issues, please don't hesitate to get in touch with
the Debian Release Team at debian-release@lists.debian.orgAttachment:
signature.asc
Description: This is a digitally signed message part