Debian Security Advisory DSA 1320-1 (clamav)

The remote host is missing an update to clamav announced via advisory DSA 1320-1.

Several remote vulnerabilities have been discovered in the Clam anti-virus toolkit. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-2650 It was discovered that the OLE2 parser can be tricked into an infinite loop and memory exhaustion. CVE-2007-3023 It was discovered that the NsPack decompression code performed insufficient sanitising on an internal length variable, resulting in a potential buffer overflow. CVE-2007-3024 It was discovered that temporary files were created with insecure permissions, resulting in information disclosure. CVE-2007-3122 It was discovered that the decompression code for RAR archives allows bypassing a scan of a RAR archive due to insufficient validity checks. CVE-2007-3123 It was discovered that the decompression code for RAR archives performs insufficient validation of header values, resulting in a buffer overflow. For the oldstable distribution (sarge) these problems have been fixed in version 0.84-2.sarge.17. Please note that the fix for CVE-2007-3024 hasn't been backported to oldstable. For the stable distribution (etch) these problems have been fixed in version 0.90.1-3etch1. For the unstable distribution (sid) these problems have been fixed in version 0.90.2-1. We recommend that you upgrade your clamav packages. An updated package

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201320-1