SuSE Update for clamav SUSE-SA:2007:017

remote denial of service
Please Install the Updated Packages.
The anti-virus scan engine ClamAV was updated to the version 0.90 to fix various bugs including 2 security bugs: CVE-2007-0897: A file descriptor leak in the handling of CAB files can lead to a denial of service attack against the clamd scanner daemon caused by remote attackers. CVE-2007-0898: A directory traversal in handling of MIME E-Mail headers could be used by remote attackers to overwrite local files owned by the user under which clamd is running. Since clamd is running as &quot vscan&quot user on SUSE, it would only be able to overwrite files owned by &quot vscan&quot .
clamav on SUSE LINUX 10.1, openSUSE 10.2, SUSE SLES 9, Open Enterprise Server, Novell Linux POS 9, SUSE SLES 10