[SECURITY] Fedora 9 Update: clamav-0.93-1.fc9

updates at fedoraproject.org updates at fedoraproject.org
Wed May 14 22:09:25 UTC 2008 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-3900
2008-05-14 20:59:32
--------------------------------------------------------------------------------

Name        : clamav
Product     : Fedora 9
Version     : 0.93
Release     : 1.fc9
URL         : http://www.clamav.net
Summary     : End-user tools for the Clam Antivirus scanner
Description :
Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this
software is the integration with mail servers (attachment scanning). The
package provides a flexible and scalable multi-threaded daemon, a command
line scanner, and a tool for automatic updating via Internet. The programs
are based on a shared library distributed with the Clam AntiVirus package,
which you can use with your own software. The virus database is based on
the virus database from OpenAntiVirus, but contains additional signatures
(including signatures for popular polymorphic viruses, too) and is KEPT UP
TO DATE.

--------------------------------------------------------------------------------
Update Information:

Security update - upgrade to upstream version 0.93:  CVE-2008-1100 (#442360):
Upack Processing Buffer Overflow Vulnerability  CVE-2008-1387 (#442525): Endless
loop / hang with crafted arj  CVE-2008-0314 (#442740): PeSpin Heap Overflow
Vulnerability  CVE-2008-1836 (#442744): DoS via not null terminated string in
rfc2231.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Apr 14 2008 Enrico Scholz <enrico.scholz at informatik.tu-chemnitz.de> - 0.93-1
- updated to final 0.93
- removed daily.inc + main.inc directories; they are now replaced by
  *.cld containers
- trimmed down MAILTO list of cronjob to 'root' again; every well
  configured system has an alias for this recipient
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #442360 - CVE-2008-1100 clamav: Upack Processing Buffer Overflow Vulnerability
        https://bugzilla.redhat.com/show_bug.cgi?id=442360
  [ 2 ] Bug #442744 - CVE-2008-1836 clamav: DoS via not null terminated string in rfc2231
        https://bugzilla.redhat.com/show_bug.cgi?id=442744
  [ 3 ] Bug #442525 - CVE-2008-1387 clamav: Endless loop / hang with crafted arj
        https://bugzilla.redhat.com/show_bug.cgi?id=442525
  [ 4 ] Bug #442740 - CVE-2008-0314 clamav: PeSpin Heap Overflow Vulnerability
        https://bugzilla.redhat.com/show_bug.cgi?id=442740
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update clamav' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the Fedora-package-announce mailing list