clamav

Several remote vulnerabilities have been discovered in the Clam anti-virus
toolkit. The Common Vulnerabilities and Exposures project identifies the
following problems:

• CVE-2007-2650
  It was discovered that the OLE2 parser can be tricked into an infinite
  loop and memory exhaustion.
• CVE-2007-3023
  It was discovered that the NsPack decompression code performed
  insufficient sanitising on an internal length variable, resulting in
  a potential buffer overflow.
• CVE-2007-3024
  It was discovered that temporary files were created with insecure
  permissions, resulting in information disclosure.
• CVE-2007-3122
  It was discovered that the decompression code for RAR archives allows
  bypassing a scan of a RAR archive due to insufficient validity checks.
• CVE-2007-3123
  It was discovered that the decompression code for RAR archives performs
  insufficient validation of header values, resulting in a buffer overflow.

For the oldstable distribution (sarge) these problems have been fixed in
version 0.84-2.sarge.17. Please note that the fix for CVE-2007-3024 hasn’t
been backported to oldstable.

For the stable distribution (etch) these problems have been fixed
in version 0.90.1-3etch1.

For the unstable distribution (sid) these problems have been fixed in
version 0.90.2-1.

We recommend that you upgrade your clamav packages. An updated package
for oldstable/powerpc is not yet available. It will be provided later.