[Bug 279536] New: ClamAV 0.90.3
https://bugzilla.novell.com/show_bug.cgi?id=279536 Summary: ClamAV 0.90.3 Product: openSUSE 10.2 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: max@novell.com QAContact: qa@suse.de --- snip --- ClamAV 0.90.3 has been just released. It's available for *private* download at http://www.clamav.net/clamav-0.90.3.tar.gz It's mainly a security bugfix release: - libclamav/unsp.c: fix end of buffer calculation (bb#464, patch from aCaB) - libclamav/others.c: use strict permissions (0600) for temporary files created in cli_gentempstream() (bb#517). Reported by Christoph Probst. - libclamav/unrar/unrar.c: heap corruption causing DoS with corrupted rar archive, better handle truncated files - libclamav/phishcheck.c: isURL() regex execution hangs on Solaris - libclamav/ole2_extract.c: detect block list loop (bb#466), patch from Trog Please upgrade your packages, thanks. Shortly we'll release also 0.91-rc1 which contains major changes in the engine. --- snap --- The security issue has also been published by Heise today: http://www.heise.de/security/news/meldung/90438 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=279536 max@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mhoppe@novell.com ------- Comment #1 from max@novell.com 2007-05-31 09:08 MST ------- Submitted packages to sles8, sles9, 9.3, 10.0, sles10, 10.1, 10.2 and STABLE. The update worked smooth on two mail servers that I am maintaining (8.2 and 10.0). Matthias, you can find mbuild packages for testing on our internal servers under nitsch-max-3 (>= 10.1) and nitsch-max-4 (<= 10.0). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
participants (1)
-
bugzilla_noreply@novell.com