Several remote vulnerabilities have been discovered in the Clam anti-virus
toolkit. The Common Vulnerabilities and Exposures project identifies the
following problems:
CVE-2007-1745
It was discovered that a file descriptor leak in the CHM handler may lead to
denial of service.
CVE-2007-1997
It was discovered that a buffer overflow in the CAB handler may lead to the
execution of arbitrary code.
CVE-2007-2029
It was discovered that a file descriptor leak in the PDF handler may lead to
denial of service.
For the testing distribution (lenny) this is fixed in version 0.90.1-3lenny2
For the unstable distribution (sid) this is fixed in version 0.90.2-1
This upgrade is recommended if you use clamav.
If you have the secure testing lines in your sources.list, you can update by running this command as root:
apt-get update && apt-get upgrade
To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:
deb http://security.debian.org/ testing/updates main contrib non-free
deb-src http://security.debian.org/ testing/updates main contrib non-free