https://bugzilla.novell.com/show_bug.cgi?id=279536 Summary: ClamAV 0.90.3 Product: openSUSE 10.2 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: max@novell.com QAContact: qa@suse.de --- snip --- ClamAV 0.90.3 has been just released. It's available for *private* download at http://www.clamav.net/clamav-0.90.3.tar.gz It's mainly a security bugfix release: - libclamav/unsp.c: fix end of buffer calculation (bb#464, patch from aCaB) - libclamav/others.c: use strict permissions (0600) for temporary files created in cli_gentempstream() (bb#517). Reported by Christoph Probst. - libclamav/unrar/unrar.c: heap corruption causing DoS with corrupted rar archive, better handle truncated files - libclamav/phishcheck.c: isURL() regex execution hangs on Solaris - libclamav/ole2_extract.c: detect block list loop (bb#466), patch from Trog Please upgrade your packages, thanks. Shortly we'll release also 0.91-rc1 which contains major changes in the engine. --- snap --- The security issue has also been published by Heise today: http://www.heise.de/security/news/meldung/90438 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.