[Linux-bruxelles] [Fwd: [Fwd: [rps] ClamAV Multiple Vulnerabilities - Highly critical - Update to version 0.93.]] : aptitude dist-upgrade (Volatile) ?

Didier Misson didier.linux at gmail.com
Mer 16 Avr 00:11:36 CEST 2008 

Bonsoir,

Il est recommandé (fortement) d'upgrader vers ClamAV 0.93

(voir mail plus bas)



J'ai ce sources.list sur un serveur Debian Etch chez OVH :


deb ftp://mir1.ovh.net/debian/ stable main
deb-src ftp://mir1.ovh.net/debian/ stable main
deb http://security.debian.org/ stable/updates main

# Debian Volatile pour logiciels antispam, antivirus

deb http://volatile.debian.org/debian-volatile etch/volatile main
contrib non-free

#
# Debian Backport
#
#deb http://www.backports.org/debian sarge-backports main c




J'ai fait

aptitude update
aptitude dist-upgrade  ...

et rien de neux du côté de ClamAV ...

Je suppose que la version 0.93 va venir dans le dépot Volatile ?
(ou il vaut mieux bricoler d'urgence "hors dépot" ?)


Merci





-------- Message original --------
Sujet: [rps] ClamAV Multiple Vulnerabilities - Highly critical - Update
to version 0.93.
Date: Tue, 15 Apr 2008 16:48:56 +0200
De: EUR-LB <eurenet at gmail.com>
Répondre à: rps at ml.ovh.net
Pour: rps at ml.ovh.net, sd at ml.ovh.net, sd-basic at ml.ovh.net,
sd-pro at ml.ovh.net, 	sd-start at ml.ovh.net

A vos MAJ

- http://secunia.com/advisories/29000/

Description:
Some vulnerabilities have been reported in ClamAV, which can be
exploited by malicious people to cause a DoS (Denial of Service) or to
compromise a vulnerable system.

1) A boundary error exists within the "cli_scanpe()" function in
libclamav/pe.c. This can be exploited to cause a heap-based buffer
overflow via a specially crafted "Upack" executable.

Successful exploitation allows execution of arbitrary code.

2) A boundary error within the processing of PeSpin packed executables
in libclamav/spin.c can be exploited to cause a heap-based buffer
overflow.

Successful exploitation may allow execution of arbitrary code.

3) An unspecified error in the processing of ARJ files can be
exploited to hang ClamAV.

The vulnerabilities are reported in version 0.92.1. Prior versions may
also be affected.

Solution:
Update to version 0.93.

-- 
----
raKoonsKy, ( Anti Virus, Anti Spam, Anti Phishing, Anti DHA )
- http://rakoonsky.fr/pdf/rakoonsky-khss-email-security.pdf
- http://nanolink.fr/KHSS-Video
-----------------------------------------------------------[eof]------

---------------------------------------------------------------------
Desinscription: envoyez un message a: rps-unsubscribe at ml.ovh.net
Pour obtenir de l'aide, ecrivez a: rps-help at ml.ovh.net



-- 
Didier

http://www.les-objets-de-maman.be : objets, meubles et tableau à vendre
http://gallery.les-objets-de-maman.be : les photos des objets

Plus d'informations sur la liste de diffusion Linux-bruxelles