X-Spam-Check-By: sourceware.org
Message-Id: <announce.440984AE.5030607@x-ray.at>
Date: Sat, 04 Mar 2006 12:14:38 +0000
From: Reini Urban <rurban AT x-ray DOT at>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; de-AT; rv:1.8.0.1) Gecko/20060130 SeaMonkey/1.0
MIME-Version: 1.0
To: cygwin AT cygwin DOT com
Subject: [ANNOUNCEMENT] Security update: clamav-0.88-1
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Reply-To: cygwin AT cygwin DOT com
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

Heap-based buffer overflow in libclamav/upx.c in Clam Antivirus (ClamAV)
before 0.88 allows remote attackers to cause a denial of service (crash)
and possibly execute arbitrary code via crafted UPX files.
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0162

Solution: Update to 0.88-1

About:
Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of
this software is the integration with mail servers (attachment
scanning). The package provides a flexible and scalable multi-threaded
daemon, a commandline scanner, and a tool for automatic updating via
Internet. The programs are based on a shared library distributed with
the Clam AntiVirus package, which you can use in your own software.

Changes:
 Security fixes
 See http://www.clamav.net/doc/0.88/ChangeLog

See http://freshmeat.net/projects/clamav/

I've encountered libtool problems with detecting import libs, so this
release deletes /usr/bin/cygclamav-1.dll and uses statically linked
exe's. I hope to get these problems fixed for the next release.

========================================================================

To update your installation, click on the "Install Cygwin now" link on
the http://cygwin.com/ web page.  This downloads setup.exe to your
system.  Then, run setup and answer all of the questions.

               *** CYGWIN-ANNOUNCE UNSUBSCRIBE INFO ***

If you want to unsubscribe from the cygwin-announce mailing list, look
at the "List-Unsubscribe: " tag in the email header of this message.
Send email to the address specified there.  It will be in the format:

cygwin-announce-unsubscribe-you=yourdomain DOT com AT cygwin DOT com

If you need more information on unsubscribing, start reading here:

http://sources.redhat.com/lists.html#unsubscribe-simple

Please read *all* of the information on unsubscribing that is available
starting at this URL.


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/