----------------------------------------------------------------------- Debian Stable Updates Announcement SUA 146-1 https://www.debian.org debian-release@lists.debian.org Sebastian A. Siewior July 31st, 2018 ----------------------------------------------------------------------- Package : clamav Version : 0.100.1+dfsg-0+deb9u1 Importance : medium ClamAV is an AntiVirus toolkit for Unix. Upstream published version 0.100.1. This is a mostly a bug-fix release. The changes are not strictly required for operation, but users of the previous version in stretch may not be able to make use of all current virus signatures and might get warnings. Changes since 0.100.0 currently in stretch include fixes for two security issues. CVE-2018-0360 ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. CVE-2018-0361 ClamAV before 0.100.1 lacks a PDF object length check, resulting in an unreasonably long time to parse a relatively small file. If you use clamav, we recommend that you install this update. Upgrade Instructions -------------------- You can get the updated packages by adding the stable-updates archive for your distribution to your /etc/apt/sources.list: deb http://ftp.debian.org/debian stretch-updates main deb-src http://ftp.debian.org/debian stretch-updates main You can also use any of the Debian archive mirrors. See https://www.debian.org/mirrors/list for the full list of mirrors. For further information about stable-updates, please refer to https://lists.debian.org/debian-devel-announce/2011/03/msg00010.html If you encounter any issues, please don't hesitate to get in touch with the Debian Release Team at debian-release@lists.debian.org
Attachment:
signature.asc
Description: This is a digitally signed message part