---------------------------------------------------------------------------
Debian Volatile Update Announcement VUA 46-1 http://volatile.debian.org
debian-volatile@lists.debian.org Andi Barth
April 18, 2008
---------------------------------------------------------------------------
Package : clamav
Version : 0.92.1~dfsg-1volatile2
Importance : high
CVE IDs : CVE-2008-0314 CVE-2008-1100 and unkown
The following security flaws were found and fixed in clamav:
CVE-2008-0314
Damian Put discovered that a buffer overflow in the handler for
PeSpin binaries may lead to the execution of arbitrary code.
CVE-2008-1100
Alin Rad Pop discovered that a buffer overflow in the handler for
Upack PE binaries may lead to the execution of arbitrary code.
no CVE yet
Damian Put and Thomas Pollet discovered that a buffer overflow in
the handler for WWPack-compressed PE binaries may lead to the
execution of arbitrary code.
For etch, an updated ClamAV package is available in etch/volatile as
version 0.92.1~dfsg-1volatile2.
Upgrade Instructions
--------------------
You can get the updated packages at
http://volatile.debian.org/debian-volatile/pool/volatile/contrib/t/tzdata
and install them with dpkg, or add
deb http://volatile.debian.org/debian-volatile etch/volatile main
deb-src http://volatile.debian.org/debian-volatile etch/volatile main
to your /etc/apt/sources.list. You can also use any of our mirrors. See
http://www.debian.org/volatile/volatile-mirrors for the full list of
mirrors. The archive signing keys can be downloaded from
http://volatile.debian.org/ziyi-etch.asc and additionaly was included in
the stable point release r1 in Debian Etch.
For further information about debian-volatile, please refer to
http://www.debian.org/volatile/.
If there are any issues, please don't hesitate to get in touch with the
debian-volatile team.
--
http://home.arcor.de/andreas-barth/
Attachment:
signature.asc
Description: Digital signature