headers
Philipp Kern | 2 Apr 12:54
Picon
Favicon

[VUA 2-2] Discontinuation of clamav-data

---------------------------------------------------------------------------
Debian Volatile Update Announcement VUA 2-2      http://volatile.debian.org
debian-volatile <at> lists.debian.org                               Philipp Kern
Apr  2, 2009
---------------------------------------------------------------------------

Package              : clamav-data

Since July 2005 volatile contained current ClamAV Virus Databases through
the clamav-data package.  Those were autobuilt and uploaded several times
a day and intended for computers which cannot access the internet through
HTTP but only a local package mirror.

This service will be discontinued in about a month when volatile moves
to Debian's FTP master server and the official mirror network.  Users of
the package are advised to set up a local HTTP mirror which can then be
used with freshclam.

A suggestion about how to set up such a mirror can be found in the ClamAV
developers' Frequently Asked Questions:

  http://www.clamav.net/support/faq/

Furthermore kudos go to Marc 'Zugschlus' Haber who maintained this service
for almost four years.

About Debian Volatile
---------------------

For further information about debian-volatile, please refer to
(Continue reading)

Permalink | Reply | 0 comments |
headers
Martin Zobel-Helas | 14 Apr 17:43
Picon
Gravatar

[VUA 54-1] Updated clamav package fixes security flaw

---------------------------------------------------------------------------
Debian Volatile Update Announcement VUA 54-1     http://volatile.debian.org
debian-volatile <at> lists.debian.org                         Michael Tautschnig
April 14, 2009
---------------------------------------------------------------------------

Package              : clamav
Version              : 0.94.dfsg.2-1~volatile3
Importance           : high
CVE IDs              : CVE-2008-6680, CVE-2009-1270 and unkown

The following security flaws were found and fixed in the ClamAV 
anti-virus toolkit:

CVE-2008-6680

    libclamav/pe.c in ClamAV before 0.95 allows remote attackers to 
    cause a denial of service (crash) via a crafted EXE file that 
    triggers a divide-by-zero error.

CVE-2009-1270

    libclamav/untar.c in ClamAV before 0.95 allows remote attackers 
    to cause a denial of service (infinite loop) via a crafted file 
    that causes (1) clamd and (2) clamscan to hang.

no CVE yet
    libclamav/other.h in ClamAV before 0.95.1 allows remote attackers 
    to cause a denial of service (crash) via crafted EXE files packed 
    using UPack.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Philipp Kern | 29 Apr 10:21
Picon
Favicon

[VUA 55-1] Updated clamav version

---------------------------------------------------------------------------
Debian Volatile Update Announcement VUA 55-1     http://volatile.debian.org
debian-volatile <at> lists.debian.org                               Stephen Gran
Apr 29, 2009
---------------------------------------------------------------------------

Package              : clamav
Version              : 0.95.1+dfsg-0volatile2 (Etch),
                       0.95.1+dfsg-1volatile2 (Lenny)
Importance           : medium
CVE IDs              : CVE-2008-6680, CVE-2009-1270

Upstream published version 0.95.1.

Though the changes are not strictly required for operation, users of the
previous version in volatile might get warnings.

The new version contains these enhancements:

    - Google Safe Browsing support: in addition to the heuristic and signature
      based phishing detection mechanisms already available in ClamAV, the
      scanner can now make use of the Google's blacklists of suspected
      phishing and malware sites. The ClamAV Project distributes a constantly
      updated Safe Browsing database, which can be automatically fetched by
      freshclam. For more information, please see freshclam.conf(5) and
      http://safebrowsing.clamav.net.

    - New clamav-milter: The program has been redesigned and rewritten from
      scratch. The most notable difference is that the internal mode has been
      dropped which means that now a working clamd companion is required.
(Continue reading)

Permalink | Reply | 0 comments |

Gmane