--------------------------------------------------------------------------- Debian Volatile Update Announcement VUA 40-1 http://volatile.debian.org debian-volatile@lists.debian.org Andreas Barth December 20th, 2007 --------------------------------------------------------------------------- Package : clamav Version : sarge: 0.92~dfsg-0volatile2; etch: 0.92~dfsg-1~volatile2 Importance : high CVE IDs : CVE-2007-6335, CVE-2007-6336, CVE-2007-6337 The following securitys flaw were found and fixed in clamav: [CVE-2007-6335] MEW PE File Integer Overflow, remote code execution. [CVE-2007-6336] Off-by-one error in LZX_READ_HUFFSYM(), remote code execution. [CVE-2007-6337] bzlib issue, For sarge, an updated ClamAV package is available in sarge/volatile as version 0.92~dfsg-0volatile2. For etch, an updated ClamAV package is available in etch/volatile as version 0.92~dfsg-1~volatile2. Upgrade Instructions -------------------- You can get the updated packages at http://volatile.debian.org/debian-volatile/pool/volatile/main/c/clamav and install them with dpkg, or add deb http://volatile.debian.org/debian-volatile etch/volatile main deb-src http://volatile.debian.org/debian-volatile etch/volatile main respective deb http://volatile.debian.org/debian-volatile sarge/volatile main deb-src http://volatile.debian.org/debian-volatile sarge/volatile main to your /etc/apt/sources.list. You can also use any of our mirrors. See http://www.debian.org/volatile/volatile-mirrors for the full list of mirrors. The archive signing keys is available from http://volatile.debian.org/ziyi-etch.asc, and has been included since the stable point release r1 in Debian Etch. For further information about debian-volatile, please refer to http://www.debian.org/volatile/. If there are any issues, please don't hesitate to get in touch with the debian-volatile team via debian-volatile@lists.debian.org.
Attachment:
signature.asc
Description: Digital signature