This is the mail archive of the
mailing list for the Cygwin project.
[ANNOUNCEMENT] Security update: clamav-0.88-1
- From: Reini Urban <rurban at x-ray dot at>
- To: cygwin at cygwin dot com
- Date: Sat, 04 Mar 2006 12:14:38 +0000
- Subject: [ANNOUNCEMENT] Security update: clamav-0.88-1
- Reply-to: cygwin at cygwin dot com
Heap-based buffer overflow in libclamav/upx.c in Clam Antivirus (ClamAV)
before 0.88 allows remote attackers to cause a denial of service (crash)
and possibly execute arbitrary code via crafted UPX files.
Solution: Update to 0.88-1
Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of
this software is the integration with mail servers (attachment
scanning). The package provides a flexible and scalable multi-threaded
daemon, a commandline scanner, and a tool for automatic updating via
Internet. The programs are based on a shared library distributed with
the Clam AntiVirus package, which you can use in your own software.
I've encountered libtool problems with detecting import libs, so this
release deletes /usr/bin/cygclamav-1.dll and uses statically linked
exe's. I hope to get these problems fixed for the next release.
To update your installation, click on the "Install Cygwin now" link on
the http://cygwin.com/ web page. This downloads setup.exe to your
system. Then, run setup and answer all of the questions.
*** CYGWIN-ANNOUNCE UNSUBSCRIBE INFO ***
If you want to unsubscribe from the cygwin-announce mailing list, look
at the "List-Unsubscribe: " tag in the email header of this message.
Send email to the address specified there. It will be in the format:
If you need more information on unsubscribing, start reading here:
Please read *all* of the information on unsubscribing that is available
starting at this URL.
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html