[VUA 7-1] Updated clamav packages fixes several security flaws
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ---------------------------------------------------------------------------
Debian Volatile Update Announcement VUA 7-1 http://volatile.debian.net
debian-volatile@lists.debian.org Martin Zobel-Helas
November 07th, 2005
- ---------------------------------------------------------------------------
Package : clamav
Version : 0.87.1-0volatile.3
Importance : high
CVE IDs : CVE-2005-3239 CVE-2005-3303 CVE-2005-3500 CVE-2005-3501
The following security flaws were found and fixed in clamav:
CVE-2005-3239 : Possible loop in ole2_extract in parsing the property tree
CVE-2005-3303 : Heap overflow in ClamAV's FSG module
CVE-2005-3500 : DoS in CAB parsing
CVE-2005-3501 : DoS in mspack parsing
For sarge, an updated clamav package is available in sarge/volatile
as version 0.87.1-0volatile.3. We recommend that you update your system.
Upgrade Instructions
- - --------------------
You can get the updated packages at
http://volatile.debian.net/debian-volatile/pool/volatile/main/c/clamav/
and install them with dpkg, or add
deb http://volatile.debian.net/debian-volatile sarge/volatile main
deb-src http://volatile.debian.net/debian-volatile sarge/volatile main
to your /etc/apt/sources.list. You can also use any of our mirrors.
Please see http://volatile.debian.net/mirrors.html for the full list
of mirrors. The archive signing key can be downloaded from
http://volatile.debian.net/ziyi-2005.asc
For further information about debian-volatile, please refer to
http://volatile.debian.net/.
If there are any issues, please don't hesitate to get in touch with the
volatile team.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDbvS4ST77jl1k+HARApJ7AJ9UrmtfNtxFlhyTuvfnGKC9s+BmxwCfThMn
4h3mQ5G3dj3hDt1tm1qdmLI=
=TZLM
-----END PGP SIGNATURE-----
Reply to: