[SECURITY] [DLA 1105-1] clamav security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : clamav
Version : 0.99.2+dfsg-0+deb7u3
CVE ID : CVE-2017-6418 CVE-2017-6420
clamav is vulnerable to multiple issues that can lead
to denial of service when processing untrusted content.
CVE-2017-6418
out-of-bounds read in libclamav/message.c, allowing remote attackers
to cause a denial of service via a crafted e-mail message.
CVE-2017-6420
use-after-free in the wwunpack function (libclamav/wwunpack.c), allowing
remote attackers to cause a denial of service via a crafted PE file with
WWPack compression.
For Debian 7 "Wheezy", these problems have been fixed in version
0.99.2+dfsg-0+deb7u3.
We recommend that you upgrade your clamav packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEE5LpPtQuYJzvmooL3LVy48vb3khkFAlnFdpEACgkQLVy48vb3
khkktggAj2ypS5W9mbo6JY/DPUrH7vFRillZKHifwWnbqZ6NdSLo94chCasrSGeQ
uT4JBLouAeTxFMSEwMWa66KKgrpO951NU4LycZlGdZUDJ+gEI2pwVEEk3BpQRcip
UzhhUyk6KxK/0xaddVnW3qm+UDUn2MkAO160m/qcQnTFbBWWpGhkCn/WdPLsywn2
ovpQrR+w+gBtqXC9w8pzYPYuNVOEIy9TB13aZQgG9tX2X/TRnhpv5LgftIYS+bzp
45LcsUcrcotA3gafhLMJ01P0uaXjrczglxMmhm9fq+oqeVIXQIqVfyW0KMBLuxun
x4+wKbBS8k5PEm1rSNYMPXH9p0e8Sg==
=j3iE
-----END PGP SIGNATURE-----
Reply to: