-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : clamav Version : 0.99.2+dfsg-0+deb7u3 CVE ID : CVE-2017-6418 CVE-2017-6420
clamav is vulnerable to multiple issues that can lead to denial of service when processing untrusted content. CVE-2017-6418 out-of-bounds read in libclamav/message.c, allowing remote attackers to cause a denial of service via a crafted e-mail message. CVE-2017-6420 use-after-free in the wwunpack function (libclamav/wwunpack.c), allowing remote attackers to cause a denial of service via a crafted PE file with WWPack compression. For Debian 7 "Wheezy", these problems have been fixed in version 0.99.2+dfsg-0+deb7u3. We recommend that you upgrade your clamav packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEE5LpPtQuYJzvmooL3LVy48vb3khkFAlnFdpEACgkQLVy48vb3 khkktggAj2ypS5W9mbo6JY/DPUrH7vFRillZKHifwWnbqZ6NdSLo94chCasrSGeQ uT4JBLouAeTxFMSEwMWa66KKgrpO951NU4LycZlGdZUDJ+gEI2pwVEEk3BpQRcip UzhhUyk6KxK/0xaddVnW3qm+UDUn2MkAO160m/qcQnTFbBWWpGhkCn/WdPLsywn2 ovpQrR+w+gBtqXC9w8pzYPYuNVOEIy9TB13aZQgG9tX2X/TRnhpv5LgftIYS+bzp 45LcsUcrcotA3gafhLMJ01P0uaXjrczglxMmhm9fq+oqeVIXQIqVfyW0KMBLuxun x4+wKbBS8k5PEm1rSNYMPXH9p0e8Sg== =j3iE -----END PGP SIGNATURE-----