Security update: clamav-0.88-1

Security update: clamav-0.88-1

[Reini Urban]

Heap-based buffer overflow in libclamav/upx.c in Clam Antivirus (ClamAV)
before 0.88 allows remote attackers to cause a denial of service (crash)
and possibly execute arbitrary code via crafted UPX files.
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0162

Solution: Update to 0.88-1

About:
Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of
this software is the integration with mail servers (attachment
scanning). The package provides a flexible and scalable multi-threaded
daemon, a commandline scanner, and a tool for automatic updating via
Internet. The programs are based on a shared library distributed with
the Clam AntiVirus package, which you can use in your own software.

Changes:
 Security fixes
 See http://www.clamav.net/doc/0.88/ChangeLog

See http://freshmeat.net/projects/clamav/

I've encountered libtool problems with detecting import libs, so this
release deletes /usr/bin/cygclamav-1.dll and uses statically linked
exe's. I hope to get these problems fixed for the next release.

========================================================================

To update your installation, click on the "Install Cygwin now" link on
the http://cygwin.com/ web page.  This downloads setup.exe to your
system.  Then, run setup and answer all of the questions.

               *** CYGWIN-ANNOUNCE UNSUBSCRIBE INFO ***

If you want to unsubscribe from the cygwin-announce mailing list, look
at the "List-Unsubscribe: " tag in the email header of this message.
Send email to the address specified there.  It will be in the format:

cygwin-announce-unsubscribe-you=yourdomain.com@cygwin.com

If you need more information on unsubscribing, start reading here:

http://sources.redhat.com/lists.html#unsubscribe-simple

Please read *all* of the information on unsubscribing that is available
starting at this URL.