Alerta de Segurança Debian

DSA-947-2 clamav -- estouro de "heap"

Data do Alerta:

21 Jan 2006

Pacotes Afetados:

Vulnerável:

Sim

Referência à base de dados de segurança:

No sistema de acompanhamento de bugs do Debian: Bug 320014.
Na base de dados do BugTraq (na SecurityFocus): ID BugTraq 16191.
No dicionário CVE do Mitre: CVE-2006-0162.

Informações adicionais:

Um estouro de "heap" foi descoberto no ClamAV, um scanner de vírus, que pode permitir que um atacante execute código arbitrário enviando um executável UPX-encoded cuidadosamente manipulado para um sistema executando o ClamAV. Adicionalmente, outros estouros em potencial foram corrigidos.

Pacotes para arquitetura ARM não estavam disponíveis quando a DSA 947-1 foi publicada; estes pacotes estão agora disponíveis. Além disso, a DSA 947-1 identificou incorretamente a versão do pacote que corrige estas ocorrências na distribuição instável ("sid").

A antiga distribuição estável ("woody") não inclui o ClamAV.

Para a distribuição estável ("sarge") este problema foi corrigido na versão 0.84-2.sarge.7.

Para a distribuição instável ("sid") este problema foi corrigido na versão 0.88-1.

Recomendamos que você atualize seu pacote clamav imediatamente.

Corrigido em:

Debian GNU/Linux 3.1 (sarge)

Fonte:: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.7.dsc; http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.7.diff.gz; http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84.orig.tar.gz
Componente independente de arquitetura:: http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.84-2.sarge.7_all.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.84-2.sarge.7_all.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.84-2.sarge.7_all.deb
Alpha:: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.7_alpha.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.7_alpha.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.7_alpha.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.7_alpha.deb; http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.7_alpha.deb; http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.7_alpha.deb
AMD64:: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.7_amd64.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.7_amd64.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.7_amd64.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.7_amd64.deb; http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.7_amd64.deb; http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.7_amd64.deb
ARM:: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.7_arm.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.7_arm.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.7_arm.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.7_arm.deb; http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.7_arm.deb; http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.7_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.7_i386.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.7_i386.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.7_i386.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.7_i386.deb; http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.7_i386.deb; http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.7_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.7_ia64.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.7_ia64.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.7_ia64.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.7_ia64.deb; http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.7_ia64.deb; http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.7_ia64.deb
HPPA:: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.7_hppa.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.7_hppa.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.7_hppa.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.7_hppa.deb; http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.7_hppa.deb; http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.7_hppa.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.7_m68k.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.7_m68k.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.7_m68k.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.7_m68k.deb; http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.7_m68k.deb; http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.7_m68k.deb
Big endian MIPS:: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.7_mips.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.7_mips.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.7_mips.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.7_mips.deb; http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.7_mips.deb; http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.7_mips.deb
Little endian MIPS:: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.7_mipsel.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.7_mipsel.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.7_mipsel.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.7_mipsel.deb; http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.7_mipsel.deb; http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.7_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.7_powerpc.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.7_powerpc.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.7_powerpc.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.7_powerpc.deb; http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.7_powerpc.deb; http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.7_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.7_s390.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.7_s390.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.7_s390.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.7_s390.deb

Checksums MD5 dos arquivos listados estão disponíveis no alerta original.

Checksums MD5 dos arquivos listados estão disponíveis no alerta revisado.