Debian testing security team

	Debian testing security team - Advisory
	Debian testing security team - Advisory

DTSA-19-1

Date Reported:: September 22nd, 2005
Affected Package:: clamav
Vulnerability:: buffer overflow and infinate loop problems
Problem-Scope:: remote
Debian-specific:: No
CVE:: CVE-2005-2919 CVE-2005-2920
More information:: Multiple security holes were found in clamav:

CVE-2005-2919

A possible infinate loop has been discovered in libclamav/fsg.c

CVE-2005-2920

A possible buffer overflow has been found in libclamav/upx.c

Thanks to Stephen Granan for the updated packages
For the testing distribution (etch) this is fixed in version 0.86.2-4etch2
For the unstable distribution (sid) this is fixed in version 0.87-1
This upgrade is recommended if you use clamav.

If you have the secure testing lines in your sources.list, you can update by running this command as root:: apt-get update && apt-get upgrade
To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:
: deb http://secure-testing-mirrors.debian.net/debian-secure-testing etch/security-updates main contrib non-free; deb-src http://secure-testing-mirrors.debian.net/debian-secure-testing etch/security-updates main contrib non-free
The archive signing key can be downloaded from
: http://secure-testing.debian.net/ziyi-2005-7.asc