[Technik] [SECURITY] [DSA 1616-2] New clamav packages fix denial of service
Noèl Köthe
noel at debian.org
Wed Jul 30 00:53:40 CEST 2008
Am Samstag, den 26.07.2008, 04:49 +0000 schrieb Devin Carraway:
> Debian Security Advisory DSA-1616-2 security at debian.org
> http://www.debian.org/security/ Devin Carraway
> July 26, 2008 http://www.debian.org/security/faq
>
> Package : clamav
> Vulnerability : denial of service
> Problem type : remote
> Debian-specific: no
> CVE Id(s) : CVE-2008-2713
> Debian Bug : 490925
clamav auf yuma aktualisiert.
> For the stable distribution (etch), this problem has been fixed in
> version 0.90.1dfsg-3.1+etch14. For the unstable distribution (sid),
changelog:
clamav (0.90.1dfsg-3.1+etch14) stable-security; urgency=high
* Non-maintainer upload by the security team
* Reinstate dropped patch for CVE-2008-2713, which was somehow left
out of 0.90.1dfsg-3etch13 (Closes: #492252)
-- Devin Carraway <devin at debian.org> Thu, 24 Jul 2008 10:02:47 -0700
clamav (0.90.1dfsg-3etch13) stable-security; urgency=high
* Non-maintainer upload by the security team
* Backport upstream fix for CVE-2008-2713, addressing a denial of
service vulnerability in the Petite executable unpacker. A
maliciously crafted petite-packed executable could trigger an
out-of-bound memory read, resulting in a crash. Thanks to Stephen
Gran for his help identifying the problem.
-- Devin Carraway <devin at debian.org> Sat, 19 Jul 2008 06:26:52 +0000
--
Noèl Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : /archiv/technik/attachments/20080730/55dec8d1/attachment.pgp
More information about the Technik
mailing list