| Weekly edition | Kernel | Security | Distributions | Search |
| Archives | Calendar | Subscribe | Write for LWN | LWN.net FAQ |
Fedora alert FEDORA-2008-3900 (clamav)
| From: | updates@fedoraproject.org | |
| To: | fedora-package-announce@redhat.com | |
| Subject: | [SECURITY] Fedora 9 Update: clamav-0.93-1.fc9 | |
| Date: | Wed, 14 May 2008 22:09:25 +0000 | |
| Message-ID: | <200805142209.m4EM9PRD000623@bastion.fedora.phx.redhat.com> |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2008-3900 2008-05-14 20:59:32 -------------------------------------------------------------------------------- Name : clamav Product : Fedora 9 Version : 0.93 Release : 1.fc9 URL : http://www.clamav.net Summary : End-user tools for the Clam Antivirus scanner Description : Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use with your own software. The virus database is based on the virus database from OpenAntiVirus, but contains additional signatures (including signatures for popular polymorphic viruses, too) and is KEPT UP TO DATE. -------------------------------------------------------------------------------- Update Information: Security update - upgrade to upstream version 0.93: CVE-2008-1100 (#442360): Upack Processing Buffer Overflow Vulnerability CVE-2008-1387 (#442525): Endless loop / hang with crafted arj CVE-2008-0314 (#442740): PeSpin Heap Overflow Vulnerability CVE-2008-1836 (#442744): DoS via not null terminated string in rfc2231. -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 14 2008 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.93-1 - updated to final 0.93 - removed daily.inc + main.inc directories; they are now replaced by *.cld containers - trimmed down MAILTO list of cronjob to 'root' again; every well configured system has an alias for this recipient -------------------------------------------------------------------------------- References: [ 1 ] Bug #442360 - CVE-2008-1100 clamav: Upack Processing Buffer Overflow Vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=442360 [ 2 ] Bug #442744 - CVE-2008-1836 clamav: DoS via not null terminated string in rfc2231 https://bugzilla.redhat.com/show_bug.cgi?id=442744 [ 3 ] Bug #442525 - CVE-2008-1387 clamav: Endless loop / hang with crafted arj https://bugzilla.redhat.com/show_bug.cgi?id=442525 [ 4 ] Bug #442740 - CVE-2008-0314 clamav: PeSpin Heap Overflow Vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=442740 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update clamav' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at http://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-ann...
(Log in to post comments)