Several vulnerabilities have been discovered in the ClamAV anti-virus toolkit: CVE-2008-6680 Attackers can cause a denial of service (crash) via a crafted EXE file that triggers a divide-by-zero error. CVE-2009-1270 Attackers can cause a denial of service (infinite loop) via a crafted tar file that causes (1) clamd and (2) clamscan to hang. (no CVE Id yet) Attackers can cause a denial of service (crash) via a crafted EXE file that crashes the UPack unpacker. For the old stable distribution (etch), these problems have been fixed in version 0.90.1dfsg-4etch19. For the stable distribution (lenny), these problems have been fixed in version 0.94.dfsg.2-1lenny2. For the unstable distribution (sid), these problems have been fixed in version 0.95.1+dfsg-1. We recommend that you upgrade your clamav packages.
Several vulnerabilities have been discovered in the ClamAV anti-virus toolkit:
Attackers can cause a denial of service (crash) via a crafted EXE file that triggers a divide-by-zero error.
Attackers can cause a denial of service (infinite loop) via a crafted tar file that causes (1) clamd and (2) clamscan to hang.
(no CVE Id yet)
Attackers can cause a denial of service (crash) via a crafted EXE file that crashes the UPack unpacker.
For the old stable distribution (etch), these problems have been fixed in version 0.90.1dfsg-4etch49.
For the stable distribution (lenny), these problems have been fixed in version 0.94.dfsg.2-1lenny2.
For the unstable distribution (sid), these problems have been fixed in version 0.95.1+dfsg-1.
We recommend that you upgrade your clamav packages.
MD5 checksums of the listed files are available in the original advisory.