[VUA 6-1] Updated clamav packages fixes potential DoS
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ---------------------------------------------------------------------------
Debian Volatile Update Announcement VUA 6-1 http://volatile.debian.net
debian-volatile@lists.debian.org Martin Zobel-Helas
September 18th, 2005
- ---------------------------------------------------------------------------
Package : clamav
Version : 0.87-0volatile1
Importance : high
CVE IDs : CAN-2005-2920 CAN-2005-2919
Some security flaws were found and fixed in clamav:
CAN-2005-2920 : libclamav/upx.c: fix possible buffer overflow
CAN-2005-2919 : libclamav/fsg.c: fix possible infinite loop
Also support for PE files, Zip and Cabinet archives has been improved
and a new option "--on-outdated-execute" has been added to freshclam
to run a command when the system reports a new engine version.
For sarge, an updated clamav package is available in sarge/volatile
as version 0.87-0volatile1. We recommend that you update your system.
Upgrade Instructions
- --------------------
You can get the updated packages at
http://volatile.debian.net/debian-volatile/pool/volatile/main/c/clamav/
and install them with dpkg, or add
deb http://volatile.debian.net/debian-volatile sarge/volatile main
deb-src http://volatile.debian.net/debian-volatile sarge/volatile main
to your /etc/apt/sources.list. You can also use any of our mirrors.
Please see http://volatile.debian.net/mirrors.html for the full list
of mirrors. The archive signing key can be downloaded from
http://volatile.debian.net/ziyi-2005.asc
For further information about debian-volatile, please refer to
http://volatile.debian.net/.
If there are any issues, please don't hesitate to get in touch with the
volatile team.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDLJp/ST77jl1k+HARAr9yAJ9pVRxTS7yA8cVIoglrwr1I/g10uQCgoWCc
95tDnIrJjnE8rd1KaD05JzM=
=vZyy
-----END PGP SIGNATURE-----
Reply to: