Debians sikkerhedsbulletin
DSA-1616-2 clamav -- lammelsesangreb
- Rapporteret den:
- 26. jul 2008
- Berørte pakker:
- clamav
- Sårbar:
- Ja
- Referencer i sikkerhedsdatabaser:
- I Debians fejlsporingssystem: Fejl 490925.
I Mitres CVE-ordbog: CVE-2008-2713, CVE-2008-3215. - Yderligere oplysninger:
-
Damian Put opdagede en sårbarhed i antivirusværktøjet ClamAVs fortolkning af Petite-pakkede eksekvérbare Win32-filer. Svagheden fører til ugyldig hukommelsestilgang, og kunne gøre det muligt for en angriber at få clamav til at gå ned ved at levere en ondsindet fremstillet Petite-komprimeret binær fil til scanning. I nogle opsætninger, så som når clamav anvendes i kombination med mailservere, kunne dette føre til en
fail open
på systemet, muliggørende et opfølgende virusangreb.En tidligere version af denne bulletin refererede pakker, der var opbygget ukorrekt og manglende den tilsigtede rettelse. Problemet blev i pakkerne i -2-revisionen af denne bulletin.
Projektet Common Vulnerabilities and Exposures har registreret denne svaghed som CVE-2008-2713 og CVE-2008-3215.
I den stabile distribution (etch), er dette problem rettet i version 0.90.1dfsg-3.1+etch14.
I den ustabile distribution (sid), er dette problem rettet i version 0.93.1.dfsg-1.1.
Vi anbefaler at du opgraderer dine clamav-pakker.
- Rettet i:
-
Debian GNU/Linux 4.0 (etch)
- Kildekode:
- http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg.orig.tar.gz
- http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3.1+etch14.diff.gz
- http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3.1+etch14.dsc
- http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3.1+etch14.diff.gz
- Arkitekturuafhængig komponent:
- http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.90.1dfsg-3.1+etch14_all.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.90.1dfsg-3.1+etch14_all.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.90.1dfsg-3.1+etch14_all.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.90.1dfsg-3.1+etch14_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3.1+etch14_alpha.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3.1+etch14_alpha.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3.1+etch14_alpha.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3.1+etch14_alpha.deb
- http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3.1+etch14_alpha.deb
- http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3.1+etch14_alpha.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3.1+etch14_alpha.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3.1+etch14_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3.1+etch14_amd64.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3.1+etch14_amd64.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3.1+etch14_amd64.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3.1+etch14_amd64.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3.1+etch14_amd64.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3.1+etch14_amd64.deb
- http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3.1+etch14_amd64.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3.1+etch14_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3.1+etch14_arm.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3.1+etch14_arm.deb
- http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3.1+etch14_arm.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3.1+etch14_arm.deb
- http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3.1+etch14_arm.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3.1+etch14_arm.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3.1+etch14_arm.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3.1+etch14_arm.deb
- HP Precision:
- http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3.1+etch14_hppa.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3.1+etch14_hppa.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3.1+etch14_hppa.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3.1+etch14_hppa.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3.1+etch14_hppa.deb
- http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3.1+etch14_hppa.deb
- http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3.1+etch14_hppa.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3.1+etch14_hppa.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3.1+etch14_i386.deb
- http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3.1+etch14_i386.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3.1+etch14_i386.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3.1+etch14_i386.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3.1+etch14_i386.deb
- http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3.1+etch14_i386.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3.1+etch14_i386.deb
- http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3.1+etch14_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3.1+etch14_ia64.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3.1+etch14_ia64.deb
- http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3.1+etch14_ia64.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3.1+etch14_ia64.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3.1+etch14_ia64.deb
- http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3.1+etch14_ia64.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3.1+etch14_ia64.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3.1+etch14_ia64.deb
- Big-endian MIPS:
- http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3.1+etch14_mips.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3.1+etch14_mips.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3.1+etch14_mips.deb
- http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3.1+etch14_mips.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3.1+etch14_mips.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3.1+etch14_mips.deb
- http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3.1+etch14_mips.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3.1+etch14_mips.deb
- Little-endian MIPS:
- http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3.1+etch14_mipsel.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3.1+etch14_mipsel.deb
- http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3.1+etch14_mipsel.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3.1+etch14_mipsel.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3.1+etch14_mipsel.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3.1+etch14_mipsel.deb
- http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3.1+etch14_mipsel.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3.1+etch14_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3.1+etch14_powerpc.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3.1+etch14_powerpc.deb
- http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3.1+etch14_powerpc.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3.1+etch14_powerpc.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3.1+etch14_powerpc.deb
- http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3.1+etch14_powerpc.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3.1+etch14_powerpc.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3.1+etch14_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3.1+etch14_s390.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3.1+etch14_s390.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3.1+etch14_s390.deb
- http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3.1+etch14_s390.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3.1+etch14_s390.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3.1+etch14_s390.deb
- http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3.1+etch14_s390.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3.1+etch14_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3.1+etch14_sparc.deb
- http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3.1+etch14_sparc.deb
- http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3.1+etch14_sparc.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3.1+etch14_sparc.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3.1+etch14_sparc.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3.1+etch14_sparc.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3.1+etch14_sparc.deb
- http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3.1+etch14_sparc.deb
MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.