[VUA 4-1] Updated clamav packages fixes potential DoS

To: debian-volatile-announce@lists.debian.org
Subject: [VUA 4-1] Updated clamav packages fixes potential DoS
From: Andreas Barth <aba@not.so.argh.org>
Date: Wed, 27 Jul 2005 13:31:21 +0200
Message-id: <[🔎] 20050727113120.GQ25173@mails.so.argh.org>
Mail-followup-to: Andreas Barth <aba@not.so.argh.org>, debian-volatile-announce@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------------
Debian Volatile Update Announcement VUA 4-1      http://volatile.debian.net
debian-volatile@lists.debian.org                              Andreas Barth
July 26th, 2005
- ---------------------------------------------------------------------------


Package              : clamav
Version              : 0.86.2-0volatile1
Importance           : high
CVE IDs              : <unassigned>

Some security flaws were found and fixed in clamav:
<unassigned> : libclamav/others.c: cli_rmdirs: fix possible infinite loop
<unassigned> : libclamav/mspack: Some cab archives were not properly decompressed
<unassigned> : libclamav/fsg.c: Fix possible integer overflow
<unassigned> : libclamav/others.c: Check for 0 byte allocations in cli_(m|c|re)alloc
<unassigned> : libclamav/chmunpack.c: Fix possible malloc overflow
<unassigned> : libclamav/tnef.c: Fix possible crash if the length field is 0 or negative

We are sorry that there are no cvs ids currently, which makes it a bit
harder to compare which bugs are fixed and which not.

For sarge, an updated clamav package is available in sarge/volatile
as version 0.86.2-0volatile1. We recommend that you update your system.



Upgrade Instructions
- --------------------

You can get the updated packages at

http://volatile.debian.net/debian-volatile/pool/volatile/main/c/clamav/
 
and install them with dpkg, or add

 deb http://volatile.debian.net/debian-volatile sarge/volatile main
 deb-src http://volatile.debian.net/debian-volatile sarge/volatile main

to your /etc/apt/sources.list. You can also use any of our mirrors.
Please see http://volatile.debian.net/mirrors.html for the full list
of mirrors.  The archive signing key can be downloaded from
http://volatile.debian.net/ziyi-2005.asc

For further information about debian-volatile, please refer to
http://volatile.debian.net/.

If there are any issues, please don't hesitate to get in touch with the
volatile team.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFC53CImdOZoew2oYURArzdAJsFdKNmgc389z/oMJ6QYLumyjp2zgCeI/1X
gpFfRFh+Ikq/GMbcNPRXd74=
=XxsN
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: push mirroring available / new sync address volatile-push.turmzimmer.net
Next by Date: [VUA 5-1] Updated jwhois package fixes IP relocations
Previous by thread: push mirroring available / new sync address volatile-push.turmzimmer.net
Next by thread: [VUA 5-1] Updated jwhois package fixes IP relocations
Index(es):
- Date
- Thread