----------------------------------------------------------------------- Debian Stable Updates Announcement SUA 159-1 https://www.debian.org [email protected] Scott Kitterman March 30th, 2019 -----------------------------------------------------------------------
Package : clamav
Version : 0.100.3+dfsg-0+deb9u1
Importance : medium
ClamAV is an AntiVirus toolkit for Unix.
Upstream published version 0.100.3.
This is a mostly a bug-fix release. The changes are not strictly
required for operation.
Changes since 0.100.2 currently in stretch include fixes for
three security issues.
CVE-2019-1787
An out-of-bounds heap read condition may occur when scanning PDF
documents. The defect is a failure to correctly keep track of
the number of bytes remaining in a buffer when indexing file
data.
CVE-2019-1788
An out-of-bounds heap write condition may occur when scanning OLE2
files such as Microsoft Office 97-2003 documents. The invalid write
happens when an invalid pointer is mistakenly used to initialize a
32-bit integer to zero. This is likely to crash the application.
CVE-2019-1789
An out-of-bounds heap read condition may occur when scanning PE
files (i.e. Windows EXE and DLL files) that have been packed using
Aspack, as a result of inadequate bounds-checking.
If you use clamav, we recommend that you install this update.
Upgrade Instructions
--------------------
You can get the updated packages by adding the stable-updates archive
for your distribution to your /etc/apt/sources.list:
deb http://deb.debian.org/debian stretch-updates main
deb-src http://deb.debian.org/debian stretch-updates main
You can also use any of the Debian archive mirrors. See
https://www.debian.org/mirrors/list for the full list of mirrors.
For further information about stable-updates, please refer to
https://lists.debian.org/debian-devel-announce/2011/03/msg00010.html
If you encounter any issues, please don't hesitate to get in touch with
the Debian Release Team at [email protected]
signature.asc
Description: This is a digitally signed message part
