--------------------------------------------------------------------------- Debian Volatile Update Announcement VUA 21-1 http://volatile.debian.net [EMAIL PROTECTED] Stephen Gran October 16th, 2006 ---------------------------------------------------------------------------
Package : clamav Version : 0.88.5-0volatile1 Importance : high CVE IDs : CVE-2006-4182 CVE-2006-5295 The following security flaws were found and fixed in clamav: CVE-2006-4182: A heap overflow error in the "rebuildpe.c" script when rebuilding PE files has been discovered, which could be exploited by attackers or malware to compromise a vulnerable system. CVE-2006-5295: An error in the CHM unpacker (chmunpack.c) when unpacking malformed files has been discovered, which could be exploited by attackers to crash an affected application. For sarge, an updated clamav package is available in sarge/volatile as version 0.88.5-0volatile1. We recommend that you update your system. This advisory was sent out without builds for arm, hppa, ia64, m68k, mips, mipsel and s390 architectures being available. They will be released as soon as they are available. Upgrade Instructions -------------------- You can get the updated packages at http://volatile.debian.net/debian-volatile/pool/volatile/main/c/clamav/ and install them with dpkg, or add deb http://volatile.debian.net/debian-volatile sarge/volatile main deb-src http://volatile.debian.net/debian-volatile sarge/volatile main to your /etc/apt/sources.list. You can also use any of our mirrors. Please see http://www.debian.org/devel/debian-volatile/volatile-mirrors for the full list of mirrors. The archive signing key can be downloaded from http://volatile.debian.net/ziyi-sarge.asc For further information about debian-volatile, please refer to http://volatile.debian.net/ and http://www.debian.org/devel/debian-volatile/. If there are any issues, please don't hesitate to get in touch with the volatile team. -- Martin Zobel-Helas GPG Key-ID: 0x5d64f870 Debian Developer eMail Privat: [EMAIL PROTECTED] Debian Stable Release Manager eMail Debian: [EMAIL PROTECTED]
signature.asc
Description: Digital signature