--------------------------------------------------------------------------- Debian Volatile Update Announcement VUA 54-1 http://volatile.debian.org debian-volatile@lists.debian.org Michael Tautschnig April 14, 2009 --------------------------------------------------------------------------- Package : clamav Version : 0.94.dfsg.2-1~volatile3 Importance : high CVE IDs : CVE-2008-6680, CVE-2009-1270 and unkown The following security flaws were found and fixed in the ClamAV anti-virus toolkit: CVE-2008-6680 libclamav/pe.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (crash) via a crafted EXE file that triggers a divide-by-zero error. CVE-2009-1270 libclamav/untar.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (infinite loop) via a crafted file that causes (1) clamd and (2) clamscan to hang. no CVE yet libclamav/other.h in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (crash) via crafted EXE files packed using UPack. For etch, an updated ClamAV package is available in etch/volatile as version 0.94.dfsg.2-1~volatile3 which incorporates only above security fixes for 0.94. An updated package with version 0.95.1 of the ClamAV package will follow soon. Upgrade Instructions -------------------- You can get the updated packages at http://volatile.debian.org/debian-volatile/pool/volatile/main/c/clamav/ and install them with dpkg, or add deb http://volatile.debian.org/debian-volatile etch/volatile main deb-src http://volatile.debian.org/debian-volatile etch/volatile main to your /etc/apt/sources.list. You can also use any of our mirrors. See http://www.debian.org/volatile/volatile-mirrors for the full list of mirrors. The archive signing keys can be downloaded from http://volatile.debian.org/ziyi-etch.asc and additionaly was included in the stable point release r1 in Debian Etch. For further information about debian-volatile, please refer to http://www.debian.org/volatile/. If there are any issues, please don't hesitate to get in touch with the debian-volatile team. -- Martin Zobel-Helas <zobel@debian.org> | Debian System Administrator Debian & GNU/Linux Developer | Debian Listmaster Public key http://zobel.ftbfs.de/5d64f870.asc - KeyID: 5D64 F870 GPG Fingerprint: 5DB3 1301 375A A50F 07E7 302F 493E FB8E 5D64 F870
Attachment:
signature.asc
Description: Digital signature