Debian 10225 Published by

The following two security updates has been released for Debian 6 LTS:

[DLA 95-1] clamav security update
[DLA 98-1] openvpn security update



[DLA 95-1] clamav security update

Package : clamav
Version : 0.98.1+dfsg-1+deb6u4
CVE ID : CVE-2014-9050 CVE-2013-6497
Debian Bug : #770985

Two bugs were discovered in clamav and are fixed by this release.

One issue is in clamscan, the command line anti-virus scanner included
in the package, which could lead to crashes when scanning certain files
(CVE-2013-6497).
The second issue is in libclamav which caused a heap buffer overflow
when scanning a specially crafted y0da Crypter obfuscated PE file
(CVE-2014-9050). Note that this is remotely exploitable when ClamAV is
used as a mail gateway scanner.

If you use clamav, we highly recommend that you upgrade to this version.

[DLA 98-1] openvpn security update

Package : openvpn
Version : 2.1.3-2+squeeze3
CVE ID : CVE-2014-8104

Dragana Damjanovic discovered that an authenticated client could crash
an OpenVPN server by sending a control packet containing less than
four bytes as payload.

For the oldstable distribution (squeeze), this problem has been fixed in
version 2.1.3-2+squeeze3 in squeeze-lts.

We recommend that you upgrade your openvpn packages.