New clamav is released on the main page. Erik
On Sun, Nov 16, 2008 at 11:58 PM, David Sánchez Martín <[EMAIL PROTECTED]> wrote: > > Hi list, > > For our own common interest: > > http://www.securityfocus.com/bid/32207/discuss > > > ClamAV is prone to an off-by-one heap-based buffer-overflow vulnerability > because the application fails to perform adequate boundary checks on > user-supplied data. > > Successfully exploiting this issue will allow attackers to execute > arbitrary code within the context of the affected application. Failed > exploit attempts will result in a denial-of-service condition. > > Versions prior to ClamAV 0.94.1 are vulnerable. > > Current clamav-toaster is 0.94, so, there's a chance we are affected by > this issue. > > May be it's time to let clamav package be updated via OS updates? > > > Best regards, > > --- > David Sanchez Martin > Administrador de Sistemas > [EMAIL PROTECTED] > GPG Key ID: 0x37E7AC1F > > E2000 Nuevas Tecnologías > Tel : +34 902 830500 > > > --------------------------------------------------------------------- QmailToaster hosted by: VR Hosted <http://www.vr.org> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
