[SECURITY] [DLA 3328-1] clamav security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3328-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Emilio Pozuelo Monfort
February 20, 2023 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : clamav
Version : 0.103.8+dfsg-0+deb10u1
CVE ID : CVE-2023-20032 CVE-2023-20052
Two vulnerabilities have been found in the ClamAV antivirus toolkit,
which could result in arbitrary code execution or information disclosure
when parsing maliciously crafted HFS+ or DMG files.
For Debian 10 buster, these problems have been fixed in version
0.103.8+dfsg-0+deb10u1.
We recommend that you upgrade your clamav packages.
For the detailed security status of clamav please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/clamav
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmPzszoACgkQnUbEiOQ2
gwJP0A//bZ6bSegTVHGqOFxYV8ORQZp+tYhhceRwj9BV5z6gZWinD4P54uQ2v4U7
WmPpxo0wVfXt+7i/UH8Hf1AWw0wEnAzI+mnw/bjvk2n2Q3xayCjW+ab2x1Omk8+w
W14TX7kdvBwz2bzkoq8t2IeG11++wrSpgFy6/SkYJZnRrlsVtzBXTpQyK22PbecE
LPcB+F0EznnwDeAzFbcykkx1xw+0RBM3OrFVn6lBS9nqXZ/vI+xbrXPshjnaNwBW
EQ3aHRbw7diE7IHh+FvfNMDoZgVb39AfDac+paGlLuoctQmaiE5gTfWGCWA89Rza
VJzjHvicm439cGi5RsM6M7jRTu/RGo+7C1/QgUmWCI5y4H2jDBPSFBhooWcc27/T
XNNACwBZjaQNu5EOZ1B+oka6eIMNf4lpaOHio9kxjy6WOU2GMA/nnRtA9utbrbKT
F6IPhUrTcs9uBOkjgunGvxuKQO56x2ZCUvxI9GxzICvIiKIscyLc8aRTDU4YooAE
ea3L/qQQrH6AdwlS/622bRIn/xJfULz4Jirmn7YNuY+/j2czhIHwoB6AJJhfDENn
sIffGwNw6ExjRKfhAmz+u/mQuLd93oRl+lgcsST7Uisg2eNR3t1uaXZxAcc1mt0G
i7+5G4sTS8YUOnyB3REyc5zaVwNS6l5Nuc3f6wHp8a9FMt0pxRo=
=cfUo
-----END PGP SIGNATURE-----
Reply to: