Bug 461845

Probably SELINUX targeted policy, and Selinux Memory check, mitigate this
but it necessary to upgrade anyway.
 -------------------------------------------------------------------
    Package               /  Vulnerable  /                 Unaffected
   -------------------------------------------------------------------
    clamav    < 0.95.2                      >= 0.95.2

Description
===========

Multiple vulnerabilities have been found in ClamAV:

* The vendor reported a Divide-by-zero error in the PE ("Portable
 Executable"; Windows .exe) file handling of ClamAV (CVE-2008-6680).

* Jeffrey Thomas Peckham found a flaw in libclamav/untar.c, possibly
 resulting in an infinite loop when processing TAR archives in clamd
 and clamscan (CVE-2009-1270).

* Martin Olsen reported a vulnerability in the CLI_ISCONTAINED macro
 in libclamav/others.h, when processing UPack archives
 (CVE-2009-1371).

* Nigel disclosed a stack-based buffer overflow in the
 "cli_url_canon()" function in libclamav/phishcheck.c when processing
 URLs (CVE-2009-1372).

Impact
======

A remote attacker could entice a user or automated system to process a
specially crafted UPack archive or a file containing a specially
crafted URL, possibly resulting in the remote execution of arbitrary
code with the privileges of the user running the application, or a
Denial of Service. Furthermore, a remote attacker could cause a Denial
of Service by supplying a specially crafted TAR archive or PE
executable to a Clam AntiVirus instance.

superseded by #532695??

oceanic:/etc# freshclam 
ClamAV update process started at Fri Apr 16 10:27:29 2010
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.95.3 Recommended version: 0.96
DON'T PANIC! Read http://www.clamav.net/support/faq
Connecting via w3cache.wsisiz.edu.pl
Downloading main-52.cdiff [100%]
main.cld updated (version: 52, sigs: 704727, f-level: 44, builder: sven)
Connecting via w3cache.wsisiz.edu.pl
WARNING: getfile: daily-9956.cdiff not found on remote server (IP: 213.135.44.126)
WARNING: getpatch: Can't download daily-9956.cdiff from database.clamav.net
WARNING: getfile: daily-9956.cdiff not found on remote server (IP: 213.135.44.126)
WARNING: getpatch: Can't download daily-9956.cdiff from database.clamav.net
WARNING: getfile: daily-9956.cdiff not found on remote server (IP: 213.135.44.126)
WARNING: getpatch: Can't download daily-9956.cdiff from database.clamav.net
WARNING: getfile: daily-9956.cdiff not found on remote server (IP: 213.135.44.126)
WARNING: getpatch: Can't download daily-9956.cdiff from database.clamav.net
WARNING: getfile: daily-9956.cdiff not found on remote server (IP: 213.135.44.126)
WARNING: getpatch: Can't download daily-9956.cdiff from database.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
Downloading daily.cvd [100%]
daily.cvd updated (version: 10751, sigs: 52057, f-level: 51, builder: guitar)
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Current functionality level = 44, recommended = 51
DON'T PANIC! Read http://www.clamav.net/support/faq
Database updated (756784 signatures) from database.clamav.net

*** This bug has been marked as a duplicate of bug 579370 ***