The following two security updates has been released for Debian 6 LTS:
[DLA 95-1] clamav security update
[DLA 98-1] openvpn security update
[DLA 95-1] clamav security update
[DLA 98-1] openvpn security update
[DLA 95-1] clamav security update
Package : clamav
Version : 0.98.1+dfsg-1+deb6u4
CVE ID : CVE-2014-9050 CVE-2013-6497
Debian Bug : #770985
Two bugs were discovered in clamav and are fixed by this release.
One issue is in clamscan, the command line anti-virus scanner included
in the package, which could lead to crashes when scanning certain files
(CVE-2013-6497).
The second issue is in libclamav which caused a heap buffer overflow
when scanning a specially crafted y0da Crypter obfuscated PE file
(CVE-2014-9050). Note that this is remotely exploitable when ClamAV is
used as a mail gateway scanner.
If you use clamav, we highly recommend that you upgrade to this version.
[DLA 98-1] openvpn security update
Package : openvpn
Version : 2.1.3-2+squeeze3
CVE ID : CVE-2014-8104
Dragana Damjanovic discovered that an authenticated client could crash
an OpenVPN server by sending a control packet containing less than
four bytes as payload.
For the oldstable distribution (squeeze), this problem has been fixed in
version 2.1.3-2+squeeze3 in squeeze-lts.
We recommend that you upgrade your openvpn packages.
