Hi list, For our own common interest:
http://www.securityfocus.com/bid/32207/discuss ClamAV is prone to an off-by-one heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Successfully exploiting this issue will allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. Versions prior to ClamAV 0.94.1 are vulnerable. Current clamav-toaster is 0.94, so, there's a chance we are affected by this issue. May be it's time to let clamav package be updated via OS updates? Best regards, --- David Sanchez Martin Administrador de Sistemas [EMAIL PROTECTED] GPG Key ID: 0x37E7AC1F E2000 Nuevas Tecnologías Tel : +34 902 830500
smime.p7s
Description: S/MIME cryptographic signature
