[VUA 25-1] Updated clamav package fixes security flaw
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ---------------------------------------------------------------------------
Debian Volatile Update Announcement VUA 25-1 http://volatile.debian.net
debian-volatile@lists.debian.org Felipe Augusto van de Wiel
February 16th, 2007.
- ---------------------------------------------------------------------------
Package : clamav
Version : 0.88.7-0volatile2
Importance : high
CVE IDs : CVE-2007-0897
CVE-2007-0898
CVE-2007-0899
The following security flaws were found and fixed in clamav:
CVE-2007-0897: CAB File Denial of Service Vulnerability
CVE-2007-0898: MIME Parsing Directory Traversal Vulnerability
CVE-2007-0899: Possible heap overflow in libclamav/fsg.c
For sarge, an updated clamav package is available in sarge/volatile
as version 0.88.7-0volatile2. We recommend that you update your system.
Important to note that this is _NOT_ the new clamav upstream version 0.90
but for now only a security fix of 0.88.7-0volatile1.
This advisory was sent out without builds for m68k, mipsel and s390
architectures being available. They will be released as soon as they are
available.
Upgrade Instructions
- --------------------
You can get the updated packages at
http://volatile.debian.net/debian-volatile/pool/volatile/main/c/clamav/
and install them with dpkg, or add
deb http://volatile.debian.net/debian-volatile sarge/volatile main
deb-src http://volatile.debian.net/debian-volatile sarge/volatile main
to your /etc/apt/sources.list. You can also use any of our mirrors.
See http://www.debian.org/devel/debian-volatile/volatile-mirrors for
the full list of mirrors. The archive signing key can be downloaded from
http://volatile.debian.net/ziyi-sarge.asc
For further information about debian-volatile, please refer to
http://volatile.debian.net/ and http://www.debian.org/devel/debian-volatile/.
If there are any issues, please don't hesitate to get in touch with the
volatile team.
- --
Felipe Augusto van de Wiel (faw)
"Debian. Freedom to code. Code to freedom!"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFF1d1mCjAO0JDlykYRAnZHAKCp2F7fDeYUfZY9GNCEE2OZQCjABwCeJs04
yXZgibVfSMSyFfdkegx5hs8=
=PlPI
-----END PGP SIGNATURE-----
Reply to: