----------------------------------------------------------------------- Debian Stable Updates Announcement SUA 180-1 https://www.debian.org [email protected] Sebastian Andrzej Siewior June 4th, 2020 -----------------------------------------------------------------------
Package : clamav
Version : 0.102.3+dfsg-0+deb10u1 [buster]
0.102.3+dfsg-0~deb9u1 [stretch]
Importance : medium
ClamAV is an AntiVirus toolkit for Unix.
Upstream published version 0.102.3.
This is a bug-fix release. The changes are not strictly
required for operation.
Changes since 0.102.2 currently in buster and stretch-updates
include fixes for security issues.
CVE-2020-3327
Improper bounds checking in the ARJ archive parsing module could
lead to a Denial of Service.
CVE-2020-3341
Improper size checking of a buffer used to initialize AES decryption
routines in the PDF parsing module could lead to a Denial of Service.
If you use clamav, we recommend that you install this update.
Upgrade Instructions
--------------------
You can get the updated packages by adding the stable-updates archive
for your distribution to your /etc/apt/sources.list:
deb http://ftp.debian.org/debian buster-updates main
deb-src http://ftp.debian.org/debian buster-updates main
or
deb http://ftp.debian.org/debian stretch-updates main
deb-src http://ftp.debian.org/debian stretch-updates main
You can also use any of the Debian archive mirrors. See
https://www.debian.org/mirrors/list for the full list of mirrors.
For further information about stable-updates, please refer to
https://lists.debian.org/debian-devel-announce/2011/03/msg00010.html
If you encounter any issues, please don't hesitate to get in touch with
the Debian Release Team at [email protected]
signature.asc
Description: This is a digitally signed message part
