[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DSA 824-1] New ClamAV packages fix denial of service



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 824-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
September 29th, 2005                    http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : clamav
Vulnerability  : infinite loop, buffer overflow
Problem type   : remote
Debian-specific: no
CVE ID         : CAN-2005-2919 CAN-2005-2920
Debian Bug     : 328660

Two vulnerabilities have been discovered in Clam AntiVirus, the
antivirus scanner for Unix, designed for integration with mail servers
to perform attachment scanning.  The following problems were
identified:

CAN-2005-2919

    A potentially infinite loop could lead to a denial of service.

CAN-2005-2920

    A buffer overflow could lead to a denial of service.

The old stable distribution (woody) does not contain ClamAV packages.

For the stable distribution (sarge) these problems have been fixed in
version 0.84-2.sarge.4.

For the unstable distribution (sid) these problems have been fixed in
version 0.87-1.

We recommend that you upgrade your clamav package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4.dsc
      Size/MD5 checksum:      872 1a1aaa3318ae10c6806f582588e307bb
    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4.diff.gz
      Size/MD5 checksum:   175215 e44e7c828b916a87c94985cf8eae3d13
    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84.orig.tar.gz
      Size/MD5 checksum:  4006624 c43213da01d510faf117daa9a4d5326c

  Architecture independent components:

    http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.84-2.sarge.4_all.deb
      Size/MD5 checksum:   154302 764277db36650876f13658e2e5f0751b
    http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.84-2.sarge.4_all.deb
      Size/MD5 checksum:   689924 e5aba73a0a6f949f7ddf2e6efa6b0aeb
    http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.84-2.sarge.4_all.deb
      Size/MD5 checksum:   123298 5792bbcedba7c7b19b118976c23d7dff

  Alpha architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_alpha.deb
      Size/MD5 checksum:    74672 e6725d68591dd710cce840b8020647c9
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_alpha.deb
      Size/MD5 checksum:    48792 ab341735b610360d211d93aae21f8c04
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_alpha.deb
      Size/MD5 checksum:  2176364 57135c04ea09bb8571e1fcb31db492e0
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_alpha.deb
      Size/MD5 checksum:    42112 d9881a7457c16df6c279e3de6715a8c1
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_alpha.deb
      Size/MD5 checksum:   254516 d8dff4ba494bb9dcfa1a2be51c0b3a8c
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_alpha.deb
      Size/MD5 checksum:   283868 4cf4e2c9a673c679af6d53cd19fd86e2

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_amd64.deb
      Size/MD5 checksum:    68858 e1cf55557564afe9eb85b8028ed95576
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_amd64.deb
      Size/MD5 checksum:    44188 f043d16b9b1fa8755fb27b97b24bfa6c
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_amd64.deb
      Size/MD5 checksum:  2173194 9c1766d7351dea3e1c6529b77c03e3e4
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_amd64.deb
      Size/MD5 checksum:    40006 2407a0b2ca24d6bf745c2bd9c509a7e8
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_amd64.deb
      Size/MD5 checksum:   175354 2fb4df2228763488f9fbb5b6ae52d38e
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_amd64.deb
      Size/MD5 checksum:   257910 ce9eef9c38187a70582528ef6a99f9e6

  ARM architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_arm.deb
      Size/MD5 checksum:    63824 d6cb239e323084cfc6b5a30f36a52c01
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_arm.deb
      Size/MD5 checksum:    39520 76997f2c09141dfc517570f0c0f77598
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_arm.deb
      Size/MD5 checksum:  2171212 6b64588c64a58e275b226a8289cbffd3
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_arm.deb
      Size/MD5 checksum:    37304 8f29746edb67c02477b662b473ac4234
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_arm.deb
      Size/MD5 checksum:   173526 02a315f3ad72931252a2fcfaf7682561
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_arm.deb
      Size/MD5 checksum:   248328 7de5f21da6ebd76b9e6bce64b1935df9

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_i386.deb
      Size/MD5 checksum:    65124 f53eadb97b80d0b2f7c8a8f6d15c7fcc
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_i386.deb
      Size/MD5 checksum:    40194 11affc953259da108bb6ac9015703c9a
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_i386.deb
      Size/MD5 checksum:  2171518 136c46a06385fbb5e8d896d642bc0f05
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_i386.deb
      Size/MD5 checksum:    38030 ef402381cb175820ea4b0c01d2974b54
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_i386.deb
      Size/MD5 checksum:   158546 89741c1bf059281f1ca2aa0dd7f40861
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_i386.deb
      Size/MD5 checksum:   252594 60e13cb2197362fbda1d8d122b841cfe

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_ia64.deb
      Size/MD5 checksum:    81706 8267ad55e4b5b58bf80911973a635e02
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_ia64.deb
      Size/MD5 checksum:    55102 f90bc4bac2fed23429feecdbe92fb850
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_ia64.deb
      Size/MD5 checksum:  2180084 0200268cac161cc694f2eb87e050521a
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_ia64.deb
      Size/MD5 checksum:    49208 f143c1c98036aa4d404c8c9c9b533e33
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_ia64.deb
      Size/MD5 checksum:   250412 12a7b80cc296d1825ff40c297f7b2592
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_ia64.deb
      Size/MD5 checksum:   315812 a8e46a8c22ab740d51b80da4edcbde8d

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_hppa.deb
      Size/MD5 checksum:    68182 9b08058ca6bdfc769a091c7c89a7ce64
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_hppa.deb
      Size/MD5 checksum:    43234 4ebf553bf0a02e8179260d04c7dd7238
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_hppa.deb
      Size/MD5 checksum:  2173616 d8d57d8b12fddd5c9ea61b5affdfb34e
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_hppa.deb
      Size/MD5 checksum:    39450 adffa3c170aea391e410e997f57cf535
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_hppa.deb
      Size/MD5 checksum:   201266 29b0927ba2b89df397423e6e520cfa1f
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_hppa.deb
      Size/MD5 checksum:   281814 4916e2bb671314195cf51e50c375101d

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_m68k.deb
      Size/MD5 checksum:    62456 f83ffc5a1b29336b95d29480976f3229
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_m68k.deb
      Size/MD5 checksum:    38072 237a81f8ae94f568a7ab288b01d7294b
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_m68k.deb
      Size/MD5 checksum:  2170454 38f3c19b1d3600361a3eff93b2c08924
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_m68k.deb
      Size/MD5 checksum:    35068 d54fa55db1fe03921ce0e080946a3006
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_m68k.deb
      Size/MD5 checksum:   145372 27ff086da84d8b2b7e1a7b5e0ec6faad
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_m68k.deb
      Size/MD5 checksum:   249018 8ec76ffcdd22dc2216b29c0a5b0967b2

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_mips.deb
      Size/MD5 checksum:    67858 ff8ac22975ec3987744b41635334032a
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_mips.deb
      Size/MD5 checksum:    43674 3672906fe3fde3bc7a94ad54c47d07d4
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_mips.deb
      Size/MD5 checksum:  2172970 a8580f8e196acba4d9d625c4cc423338
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_mips.deb
      Size/MD5 checksum:    37670 ccdc395e404f330c20598d5b02ddaf49
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_mips.deb
      Size/MD5 checksum:   194320 bb910353a34fea0942afab88a31d7dea
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_mips.deb
      Size/MD5 checksum:   256088 7ec97820fa2470e7b58bf2d3b7d5c696

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_mipsel.deb
      Size/MD5 checksum:    67478 b78451c1753da62285c74c07e0fe263f
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_mipsel.deb
      Size/MD5 checksum:    43488 06e92d862ef6cd8a6ecd20f3537c4d7b
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_mipsel.deb
      Size/MD5 checksum:  2172916 f5a1eee003eb3995b97fe10b4ea09809
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_mipsel.deb
      Size/MD5 checksum:    37958 6cdc8361e786e419383ca407b287c65b
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_mipsel.deb
      Size/MD5 checksum:   190670 c464b1c69c97529361b0317d5db6fdc5
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_mipsel.deb
      Size/MD5 checksum:   253560 b892c53f46239ed94dc23d74c7958b06

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_powerpc.deb
      Size/MD5 checksum:    69226 dd9cc43999a009d6df890de345a692cd
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_powerpc.deb
      Size/MD5 checksum:    44584 58799c4b2e083df36b7a70d6b084d026
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_powerpc.deb
      Size/MD5 checksum:  2173556 bb02308f91a0b63bb560db20973d28f7
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_powerpc.deb
      Size/MD5 checksum:    38876 09a8c78537033a725fba8214735b5882
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_powerpc.deb
      Size/MD5 checksum:   186618 459c027d740cf25932665586f55a68ff
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_powerpc.deb
      Size/MD5 checksum:   263206 5a0fa00dd636ae40a62f0e02d63bc19b

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_s390.deb
      Size/MD5 checksum:    67772 1ec4fd75cf9b37c1b124e14cad82d75e
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_s390.deb
      Size/MD5 checksum:    43434 1e0ce0535300f7176e550df27af61097
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_s390.deb
      Size/MD5 checksum:  2172868 3884882c922c7a32b4d486545400b384
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_s390.deb
      Size/MD5 checksum:    38934 a85a83dfd24e7fd3ebb8236782273c36
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_s390.deb
      Size/MD5 checksum:   181596 c419b59dc3bad8208f6d0c4ff9248e13
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_s390.deb
      Size/MD5 checksum:   267778 00ea85457a4457d7539f9e939fa38524

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_sparc.deb
      Size/MD5 checksum:    64334 9e1a24f503ce5d8ef70798f0dad6714a
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_sparc.deb
      Size/MD5 checksum:    39392 7eaf2f1afd3bd2ab143f5b5f78cdd51b
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_sparc.deb
      Size/MD5 checksum:  2171076 e9e6a7aa3e48315dd9905e407ed6b969
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_sparc.deb
      Size/MD5 checksum:    36854 1d81507b5ee8ae42506dad08b6a9a452
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_sparc.deb
      Size/MD5 checksum:   174900 a6a7fcfed104d7351832f7eba3b5e6b1
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_sparc.deb
      Size/MD5 checksum:   263458 4f26cd6ff0466652766d7ce5ae183a63


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDO9c1W5ql+IAeqTIRAngGAJ0e0cAiQPXIm9Vi0Rp0cSYc8kRQEgCdG8vt
1IRu7XWrqRONnuYZ/JQkEIU=
=zeaO
-----END PGP SIGNATURE-----



Reply to: