headers
Felipe Augusto van de Wiel (faw | 16 Feb 17:35
Picon
Favicon

[VUA 25-1] Updated clamav package fixes security flaw


---------------------------------------------------------------------------
Debian Volatile Update Announcement VUA 25-1     http://volatile.debian.net
debian-volatile <at> lists.debian.org                 Felipe Augusto van de Wiel
February 16th, 2007.
---------------------------------------------------------------------------

Package              : clamav
Version              : 0.88.7-0volatile2
Importance           : high
CVE IDs              : CVE-2007-0897
		       CVE-2007-0898
		       CVE-2007-0899

The following security flaws were found and fixed in clamav:

CVE-2007-0897: CAB File Denial of Service Vulnerability
CVE-2007-0898: MIME Parsing Directory Traversal Vulnerability
CVE-2007-0899: Possible heap overflow in libclamav/fsg.c

For sarge, an updated clamav package is available in sarge/volatile
as version 0.88.7-0volatile2. We recommend that you update your system.

Important to note that this is _NOT_ the new clamav upstream version 0.90
but for now only a security fix of 0.88.7-0volatile1.

This advisory was sent out without builds for m68k, mipsel and s390
architectures being available. They will be released as soon as they are
available.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Felipe Augusto van de Wiel (faw | 21 Feb 03:55
Picon
Favicon

[VUA 26-1] Updated spamassassin packages fixes denial of service


---------------------------------------------------------------------------
Debian Volatile Update Announcement VUA 26-1     http://volatile.debian.net
debian-volatile <at> lists.debian.org                 Felipe Augusto van de Wiel
February 21th, 2007 				     and Martin Zobel-Helas
---------------------------------------------------------------------------

Package              : spamassassin
Version              : 3.1.4-0volatile2
Importance           : high
CVE IDs              : CVE-2007-0451

A remotely exploitable vulnerability has been found in SpamAssassin, which
could cause a denial of service when when handling messages containing
overly long URLs.

For sarge, an updated spamassassin package is available in
sarge/volatile-sloppy as version 3.1.4-0volatile2.

This advisory was sent out without builds for mips and mipsel architectures
being available. They will be released as soon as they are available.

Upgrade Instructions
--------------------

You can get the updated packages at

http://volatile.debian.net/debian-volatile/pool/volatile/main/s/spamassassin/

and install them with dpkg, or add
(Continue reading)

Permalink | Reply | 0 comments |

Gmane