headers
Andreas Barth | 8 Aug 16:58

[VUA 19-1] Updated clamav packages fixes security flaw


---------------------------------------------------------------------------
Debian Volatile Update Announcement VUA 19-1     http://volatile.debian.net
debian-volatile <at> lists.debian.org                              Andreas Barth
August 8th, 2006
---------------------------------------------------------------------------

Package              : clamav
Version              : 0.88.4-0volatile1
Importance           : high
CVE IDs              : [ not assigned yet ]

The following security flaw was found and fixed in clamav:

[ not assigned yet ]:

    Damian Put has discovered a vulnerability in Clam AntiVirus, which can be
    exploited by malicious people to cause a DoS (Denial of Service) and
    potentially compromise a vulnerable system.

    The vulnerability is caused due to an boundary error in the "pefromupx()"
    function in libclamav/upx.c when unpacking PE executable files compressed
    with UPX. This can be exploited to cause a heap-based buffer overflow via a
    specially crafted UPX compressed file.

    This vulnerability has been published without assigning an CVE ID. We are
    sorry for the inconvenience.

For sarge, an updated clamav package is available in sarge/volatile
as version 0.88.4-0volatile1. We recommend that you update your system.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Andreas Barth | 8 Aug 21:39

[VUA 19-2] Updated clamav packages fixes security flaw


---------------------------------------------------------------------------
Debian Volatile Update Announcement VUA 18-2     http://volatile.debian.net
debian-volatile <at> lists.debian.org                              Andreas Barth
August 8th, 2006
---------------------------------------------------------------------------

[ This update just adds the CVE ID CVE-2006-4018. ]

Package              : clamav
Version              : 0.88.4-0volatile1
Importance           : high
CVE IDs              : CVE-2006-4018

The following security flaw was found and fixed in clamav:

CVE-2006-4018:

    Damian Put has discovered a vulnerability in Clam AntiVirus, which can be
    exploited by malicious people to cause a DoS (Denial of Service) and
    potentially compromise a vulnerable system.

    The vulnerability is caused due to an boundary error in the "pefromupx()"
    function in libclamav/upx.c when unpacking PE executable files compressed
    with UPX. This can be exploited to cause a heap-based buffer overflow via a
    specially crafted UPX compressed file.

    This vulnerability has been published without assigning an CVE ID. We are
    sorry for the inconvenience.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Martin Zobel-Helas | 24 Aug 00:04
Picon
Favicon

[VUA 20-1] Updated spamassassin package adds new features and fixes some minor bugs


---------------------------------------------------------------------------
Debian Volatile Update Announcement VUA 20-1     http://volatile.debian.net
debian-volatile <at> lists.debian.org                         Martin Zobel-Helas
August 23th, 2006
---------------------------------------------------------------------------

Package              : spamassassin
Version              : 3.1.4-0volatile1
Importance           : medium
CVE IDs              : n/a

Spam filtering is a fast moving target. For this reason, spamassassin
was updated upstream recently. However, this required an larger amount of
changes than we're usually willing to accept into volatile. Also, some
configuration options have been changed in the past.

For this reasons, this package was accepted into the sloppy section of the
volatile archiv, means: updates are not installed automatically until the
package is pinned up accordingly.

  * Non-Debian specific bug fixes:
    - Deal properly with ports
    - Better handling of quoted text when stripping emails
    - Increased requirements for Archive::Tar and IO::Zlib. Sarge delivers
      them in the right version, so there should be no problem
    - "spamassassin --lint" implies "-x"
    - "spamc -y" prints a blank line on error
    - Add support for Postfix 2.3 auth headers
    - Misspellings and typos
(Continue reading)

Permalink | Reply | 0 comments |

Gmane