=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2006/VULN151
_____________________________________________________________________

DATE                      : 06/04/2006

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running ClamAV prior to 0.88.1.

======================================================================

Dear ClamAV users,

this version fixes a number of minor bugs and provides code updates
to improve virus detection.

Here is the full ChangeLog:

Tue Apr 4 12:04:07 CEST 2006
-----------------------------

   V 0.88.1
   * Bugfixes:
     - libclamav/matcher.c: properly handle partial reads in cli_scandesc()
     - libclamav/mbox.c: sync with CVS, fixes detection of Worm.Bagle.CT
     - freshclam: fix support for LocalIPAddress
       Patch by Anton Yuzhaninov <citrin*citrin.ru>
     - docs/man: multiple manpage typo fixes
       Patch by A. Costa <agcosta*gis.net>)
     - shared/output.c: properly handle return value of vsnprintf
       Thanks to Anton Yuzhaninov <citrin*rambler-co.ru>
     - libclamav/htmlnorm.c: fix typo spotted by Gianluigi Tiesi
       <sherpya*netfarm.it>
     - sigtool/sigtool.c: fix possible crash in build(), thanks to Sven
     - clamd/session.c: remove static timeout (5s) for SESSION
       Pointed out by Joseph Benden <joe*thrallingpenguin.com>
     - libclamav/pe.c: fix possible integer overflow reported by Damian Put
       Note: only exploitable if file size limit (ArchiveMaxFileSize) disabled
     - libclamav/scanners.c: properly report archive unpacking errors
       Problem spotted by David F. Skoll <dfs*roaringpenguin.com>
     - libclamav/others.c: fix possible crash in cli_bitset_test()
       Reported by David Luyer <david_luyer*pacific.net.au>
     - libclamav/zziplib: fix possible crash on FreeBSD
       Reported by Robert Rebbun <robert*desertsurf.com>
     - clamav-milter: fall back if sendfile() fails



--
The ClamAV team (http://www.clamav.net/team.html)


======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================