Debian testing security team - Advisory
DTSA-19-1
Date Reported:
September 22nd, 2005
Affected Package:
clamav
Vulnerability:
buffer overflow and infinate loop problems
Problem-Scope:
remote
Debian-specific:
No
CVE:
CVE-2005-2919
CVE-2005-2920
More information:
Multiple security holes were found in clamav:
CVE-2005-2919
A possible infinate loop has been discovered in libclamav/fsg.c
CVE-2005-2920
A possible buffer overflow has been found in libclamav/upx.c
Thanks to Stephen Granan
for the updated packages
For the testing distribution (etch) this is fixed in version 0.86.2-4etch2
For the unstable distribution (sid) this is fixed in version 0.87-1
This upgrade is recommended if you use clamav.
If you have the secure testing lines in your sources.list, you can update by running this command as root:
apt-get update && apt-get upgrade
To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:
deb http://secure-testing-mirrors.debian.net/debian-secure-testing etch/security-updates main contrib non-free
deb-src http://secure-testing-mirrors.debian.net/debian-secure-testing etch/security-updates main contrib non-free
The archive signing key can be downloaded from
http://secure-testing.debian.net/ziyi-2005-7.asc