[VUA 4-1] Updated clamav packages fixes potential DoS
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ---------------------------------------------------------------------------
Debian Volatile Update Announcement VUA 4-1 http://volatile.debian.net
debian-volatile@lists.debian.org Andreas Barth
July 26th, 2005
- ---------------------------------------------------------------------------
Package : clamav
Version : 0.86.2-0volatile1
Importance : high
CVE IDs : <unassigned>
Some security flaws were found and fixed in clamav:
<unassigned> : libclamav/others.c: cli_rmdirs: fix possible infinite loop
<unassigned> : libclamav/mspack: Some cab archives were not properly decompressed
<unassigned> : libclamav/fsg.c: Fix possible integer overflow
<unassigned> : libclamav/others.c: Check for 0 byte allocations in cli_(m|c|re)alloc
<unassigned> : libclamav/chmunpack.c: Fix possible malloc overflow
<unassigned> : libclamav/tnef.c: Fix possible crash if the length field is 0 or negative
We are sorry that there are no cvs ids currently, which makes it a bit
harder to compare which bugs are fixed and which not.
For sarge, an updated clamav package is available in sarge/volatile
as version 0.86.2-0volatile1. We recommend that you update your system.
Upgrade Instructions
- --------------------
You can get the updated packages at
http://volatile.debian.net/debian-volatile/pool/volatile/main/c/clamav/
and install them with dpkg, or add
deb http://volatile.debian.net/debian-volatile sarge/volatile main
deb-src http://volatile.debian.net/debian-volatile sarge/volatile main
to your /etc/apt/sources.list. You can also use any of our mirrors.
Please see http://volatile.debian.net/mirrors.html for the full list
of mirrors. The archive signing key can be downloaded from
http://volatile.debian.net/ziyi-2005.asc
For further information about debian-volatile, please refer to
http://volatile.debian.net/.
If there are any issues, please don't hesitate to get in touch with the
volatile team.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFC53CImdOZoew2oYURArzdAJsFdKNmgc389z/oMJ6QYLumyjp2zgCeI/1X
gpFfRFh+Ikq/GMbcNPRXd74=
=XxsN
-----END PGP SIGNATURE-----
Reply to: