[VUA 33-1] Updated clamav package fixes security flaw
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ---------------------------------------------------------------------------
Debian Volatile Update Announcement VUA 33-1 http://volatile.debian.org
debian-volatile@lists.debian.org Stephen Gran
July 26, 2007 Martin Zobel-Helas
- ---------------------------------------------------------------------------
Package : clamav
Version : 0.91.1-0volatile1 and 0.91.1-1~volatile1
Importance : high
CVE IDs : CVE-2007-3725
The following security flaw was found and fixed in clamav:
[CVE-2007-2650]: Null pointer dereference in the unrar VM, causing a DoS.
For sarge, an updated clamav package is available in sarge/volatile
as version 0.91.1-0volatile1.
For etch, an updated clamav package is available in etch/volatile
as version 0.91.1-1~volatile1.
We recommend that you update your system.
This advisory was sent out without builds for arm and s390 architectures
being available for etch/volatile. and without builds for arm, hppa,
m68k, mips, mipsel and sparc being available for sarge/volatile. They
will be released as soon as they are available.
Upgrade Instructions
- --------------------
You can get the updated packages at
http://volatile.debian.org/debian-volatile/pool/volatile/main/c/clamav
and install them with dpkg, or add for sarge
deb http://volatile.debian.org/debian-volatile sarge/volatile main
deb-src http://volatile.debian.org/debian-volatile sarge/volatile main
or for etch
deb http://volatile.debian.org/debian-volatile etch/volatile main
deb-src http://volatile.debian.org/debian-volatile etch/volatile main
to your /etc/apt/sources.list. You can also use any of our mirrors. See
http://www.debian.org/volatile/volatile-mirrors for the full list of
mirrors. The archive signing keys can be downloaded from
http://volatile.debian.org/ziyi-sarge.asc and
http://volatile.debian.org/ziyi-etch.asc
For further information about debian-volatile, please refer to
http://www.debian.org/volatile/.
If there are any issues, please don't hesitate to get in touch with the
debian-volatile team.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGqGFJST77jl1k+HARArr1AKDVQ0HU3bkPUCBdd0fkSvKYympvFgCgw8JW
tK5P8EdPHl94DqeyD3Gt9pE=
=3K6G
-----END PGP SIGNATURE-----
Reply to: