9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.162 Low
EPSS
Percentile
95.5%
Sebastian Harl uploaded new packages for clamav which fixed the
following security problems:
CVE-2008-5050, Debian BTS #505134
Moritz Jodeit discovered that ClamAV, an anti-virus solution, suffers
from an off-by-one-error in its VBA project file processing, leading
to a heap-based buffer overflow and potentially arbitrary code
execution.
CVE-2008-5314, Debian BTS #507624
Ilja van Sprundel discovered that ClamAV contains a denial of service
condition in its JPEG file processing because it does not limit the
recursion depth when processing JPEG thumbnails.
For the etch-backports distribution the problems have been fixed in
version 0.94.dfsg.2-1~bpo40+1.
For the etch-volatile distribution the problems have been fixed in
versions 0.94.dfsg.1-1~volatile1 and 0.94.dfsg.2-1~volatile1.
For the stable distribution (etch), these problems have been fixed in
version 0.90.1dfsg-4etch16
For the testing and unstable distributions (lenny and sid) the problems
have been fixed in versions 0.94.dfsg.1-1 and 0.94.dfsg.2-1.
If you don't use pinning (see [1]) you have to update the package manually via
"apt-get -t etch-backports install <packagelist>" with the packagelist of your
installed packages affected by this update.
[1] http://backports.org/dokuwiki/doku.php?id=instructions
We recommend to pin the backports repository to 200 so that new versions of
installed backports will be installed automatically.
Package: *
Pin: release a=etch-backports
Pin-Priority: 200
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 4 | all | clamav-docs | < 0.90.1dfsg-4etch16 | clamav-docs_0.90.1dfsg-4etch16_all.deb |
Debian | 4 | all | libclamav2 | < 0.90.1dfsg-4etch16 | libclamav2_0.90.1dfsg-4etch16_all.deb |
Debian | 4 | all | clamav-dbg | < 0.90.1dfsg-4etch16 | clamav-dbg_0.90.1dfsg-4etch16_all.deb |
Debian | 4 | all | clamav-daemon | < 0.90.1dfsg-4etch16 | clamav-daemon_0.90.1dfsg-4etch16_all.deb |
Debian | 4 | all | clamav-freshclam | < 0.90.1dfsg-4etch16 | clamav-freshclam_0.90.1dfsg-4etch16_all.deb |
Debian | 4 | all | clamav-milter | < 0.90.1dfsg-4etch16 | clamav-milter_0.90.1dfsg-4etch16_all.deb |
Debian | 4 | all | clamav | < 0.90.1dfsg-4etch16 | clamav_0.90.1dfsg-4etch16_all.deb |
Debian | 4 | all | clamav-base | < 0.90.1dfsg-4etch16 | clamav-base_0.90.1dfsg-4etch16_all.deb |
Debian | 4 | all | clamav-testfiles | < 0.90.1dfsg-4etch16 | clamav-testfiles_0.90.1dfsg-4etch16_all.deb |
Debian | 4 | all | libclamav-dev | < 0.90.1dfsg-4etch16 | libclamav-dev_0.90.1dfsg-4etch16_all.deb |