[Pkg-clamav-devel] Bug#888484: clamav: Security release 0.99.3 available
Sebastian Andrzej Siewior
sebastian at breakpoint.cc
Sat Jan 27 00:08:39 UTC 2018
control: fixed -1 0.99.3~beta2+dfsg-1
On 2018-01-26 09:35:25 [+0000], Rob N wrote:
> Package: clamav
> Version: 0.99.2+dfsg-0+deb8u2
> Severity: important
>
> 0.99.3 has been released, see http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html.
>
> This fixed a number of overflow bugs, each of which has assigned CVE numbers
> due to the potential for denial of service.
>
> We've have started seeing unexpected clamd crashes on a high-traffic mail
> system today, though I've been unable to isolate a test case. It's seems like
> too much of a coincidence that these crashes start happening the day after a
> security release was announced. We've implemented mitigations but an updated
> package would be even better.
I *think* the crashes you obsereved might be due to FD desc issue. This
was fixed in Stretch by chance but not in Jessie. However the remaining
CVEs were not addressed yet and I'm looking into it…
[0] http://blog.clamav.net/2018/01/update-on-recent-file-descriptors-issue.html
> Cheers!
> Rob N.
Sebastian
More information about the Pkg-clamav-devel
mailing list