control: fixed -1 0.99.3~beta2+dfsg-1 On 2018-01-26 09:35:25 [+0000], Rob N wrote: > Package: clamav > Version: 0.99.2+dfsg-0+deb8u2 > Severity: important > > 0.99.3 has been released, see > http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html. > > This fixed a number of overflow bugs, each of which has assigned CVE numbers > due to the potential for denial of service. > > We've have started seeing unexpected clamd crashes on a high-traffic mail > system today, though I've been unable to isolate a test case. It's seems like > too much of a coincidence that these crashes start happening the day after a > security release was announced. We've implemented mitigations but an updated > package would be even better.
I *think* the crashes you obsereved might be due to FD desc issue. This was fixed in Stretch by chance but not in Jessie. However the remaining CVEs were not addressed yet and I'm looking into it… [0] http://blog.clamav.net/2018/01/update-on-recent-file-descriptors-issue.html > Cheers! > Rob N. Sebastian
