[SUA 159-1] Updated clamav version

To: debian-stable-announce@lists.debian.org
Subject: [SUA 159-1] Updated clamav version
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sat, 30 Mar 2019 19:22:03 +0000
Message-id: <[🔎] 1553973723.2650.17.camel@adam-barratt.org.uk>
Mail-followup-to: debian-release@lists.debian.org
Reply-to: debian-release@lists.debian.org

-----------------------------------------------------------------------
Debian Stable Updates Announcement SUA 159-1     https://www.debian.org
debian-release@lists.debian.org                         Scott Kitterman
March 30th, 2019
-----------------------------------------------------------------------

Package              : clamav
Version              : 0.100.3+dfsg-0+deb9u1
Importance           : medium

ClamAV is an AntiVirus toolkit for Unix.
 
Upstream published version 0.100.3.

This is a mostly a bug-fix release. The changes are not strictly
required for operation.
 
Changes since 0.100.2 currently in stretch include fixes for
three security issues.

CVE-2019-1787

    An out-of-bounds heap read condition may occur when scanning PDF
    documents. The defect is a failure to correctly keep track of
    the number of bytes remaining in a buffer when indexing file
    data.

CVE-2019-1788

    An out-of-bounds heap write condition may occur when scanning OLE2
    files such as Microsoft Office 97-2003 documents. The invalid write
    happens when an invalid pointer is mistakenly used to initialize a
    32-bit integer to zero. This is likely to crash the application.

CVE-2019-1789

    An out-of-bounds heap read condition may occur when scanning PE
    files (i.e. Windows EXE and DLL files) that have been packed using
    Aspack, as a result of inadequate bounds-checking.

If you use clamav, we recommend that you install this update.

Upgrade Instructions
--------------------

You can get the updated packages by adding the stable-updates archive
for your distribution to your /etc/apt/sources.list:

 deb http://deb.debian.org/debian stretch-updates main
 deb-src http://deb.debian.org/debian stretch-updates main

You can also use any of the Debian archive mirrors.  See
https://www.debian.org/mirrors/list for the full list of mirrors.

For further information about stable-updates, please refer to
https://lists.debian.org/debian-devel-announce/2011/03/msg00010.html

If you encounter any issues, please don't hesitate to get in touch with
the Debian Release Team at debian-release@lists.debian.org

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

Prev by Date: [SUA 158-1] Updated python-certbot version
Next by Date: [SUA 160-1] Updated tzdata version
Previous by thread: [SUA 158-1] Updated python-certbot version
Next by thread: [SUA 160-1] Updated tzdata version
Index(es):
- Date
- Thread