----------------------------------------------------------------------- Debian Stable Updates Announcement SUA 181-1 https://www.debian.org debian-release@lists.debian.org Sebastian Andrzej Siewior June 6th, 2020 ----------------------------------------------------------------------- Package : libclamunrar Version : 0.102.3-0+deb10u1 [buster] 0.102.3-0+deb9u1 [stretch] Importance : medium ClamAV is an AntiVirus toolkit for Unix. libclamunrar contains the non-free additional support modules to allow ClamAV to extract RAR files for scanning. This update brings libclamunrar in line with the changes applied to the clamav package in SUA 180-1. The original text from that advisory is: Upstream published version 0.102.3. This is a bug-fix release. The changes are not strictly required for operation. Changes since 0.102.2 currently in buster and stretch-updates include fixes for security issues. CVE-2020-3327 Improper bounds checking in the ARJ archive parsing module could lead to a Denial of Service. CVE-2020-3341 Improper size checking of a buffer used to initialize AES decryption routines in the PDF parsing module could lead to a Denial of Service. If you use libclamunrar, we recommend that you install this update. Upgrade Instructions -------------------- You can get the updated packages by adding the stable-updates archive for your distribution to your /etc/apt/sources.list: deb http://ftp.debian.org/debian buster-updates main deb-src http://ftp.debian.org/debian buster-updates main or deb http://ftp.debian.org/debian stretch-updates main deb-src http://ftp.debian.org/debian stretch-updates main You can also use any of the Debian archive mirrors. See https://www.debian.org/mirrors/list for the full list of mirrors. For further information about stable-updates, please refer to https://lists.debian.org/debian-devel-announce/2011/03/msg00010.html If you encounter any issues, please don't hesitate to get in touch with the Debian Release Team at debian-release@lists.debian.org
Attachment:
signature.asc
Description: This is a digitally signed message part