Debian-Sicherheitsankündigung

DSA-1616-2 clamav -- Diensteverweigerung

Datum des Berichts:

26. Jul 2008

Betroffene Pakete:

clamav

Verwundbar:

Sicherheitsdatenbanken-Referenzen:

In der Debian-Fehlerdatenbank: Fehler 490925.
In Mitres CVE-Verzeichnis: CVE-2008-2713, CVE-2008-3215.

Weitere Informationen:

Damian Put hat eine Verwundbarkeit im ClamAV Anti-Virus-Toolkit während des Einlesens von Petite-gepackten ausführbaren Win32-Dateien entdeckt. Diese Schwachstelle führt zu einem ungültigen Speicherzugriff und könnte es einem Angreifer ermöglichen, ClamAV zum Absturz zu bringen, indem er eine bösartig vorbereitete Petite-gepackte Datei zum Scannen ausliefert. Bei einigen Konfigurationen, so zum Beispiel wenn ClamAV in Kombination mit einem E-Mail-Server eingesetzt wird, kann dies bei einem System zu einem fail open führen, was einen anschließenden Viren-Angriff erleichtert.

In einer vorausgegangenen Version dieser Ankündigung, wurde auf Pakete Bezug genommen, die nicht korrekt gebaut wurden und denen die gewünschte Korrektur fehlte. Dieses Problem wurde bei den Pakten korrigiert, auf die in Version -2 der Ankündigung Bezug genommen wird.

Das Common Vulnerabilities and Exposures-Projekt hat diese Schwachstellen als CVE-2008-2713 und CVE-2008-3215 identifiziert.

Für die Stable-Distribution (Etch) wurde dieses Problem in Version 0.90.1dfsg-3.1+etch14 behoben.

Für die Unstable-Distribution (Sid) wurde dieses Problem in Version 0.93.1.dfsg-1.1 behoben.

Wir empfehlen Ihnen, Ihre clamav-Pakete zu aktualisieren.

Behoben in:

Debian GNU/Linux 4.0 (etch)

Quellcode:: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg.orig.tar.gz; http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3.1+etch14.diff.gz; http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3.1+etch14.dsc
Architektur-unabhängige Dateien:: http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.90.1dfsg-3.1+etch14_all.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.90.1dfsg-3.1+etch14_all.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.90.1dfsg-3.1+etch14_all.deb
Alpha:: http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3.1+etch14_alpha.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3.1+etch14_alpha.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3.1+etch14_alpha.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3.1+etch14_alpha.deb; http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3.1+etch14_alpha.deb; http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3.1+etch14_alpha.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3.1+etch14_alpha.deb
AMD64:: http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3.1+etch14_amd64.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3.1+etch14_amd64.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3.1+etch14_amd64.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3.1+etch14_amd64.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3.1+etch14_amd64.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3.1+etch14_amd64.deb; http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3.1+etch14_amd64.deb
ARM:: http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3.1+etch14_arm.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3.1+etch14_arm.deb; http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3.1+etch14_arm.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3.1+etch14_arm.deb; http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3.1+etch14_arm.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3.1+etch14_arm.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3.1+etch14_arm.deb
HP Precision:: http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3.1+etch14_hppa.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3.1+etch14_hppa.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3.1+etch14_hppa.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3.1+etch14_hppa.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3.1+etch14_hppa.deb; http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3.1+etch14_hppa.deb; http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3.1+etch14_hppa.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3.1+etch14_i386.deb; http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3.1+etch14_i386.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3.1+etch14_i386.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3.1+etch14_i386.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3.1+etch14_i386.deb; http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3.1+etch14_i386.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3.1+etch14_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3.1+etch14_ia64.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3.1+etch14_ia64.deb; http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3.1+etch14_ia64.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3.1+etch14_ia64.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3.1+etch14_ia64.deb; http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3.1+etch14_ia64.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3.1+etch14_ia64.deb
Big-endian MIPS:: http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3.1+etch14_mips.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3.1+etch14_mips.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3.1+etch14_mips.deb; http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3.1+etch14_mips.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3.1+etch14_mips.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3.1+etch14_mips.deb; http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3.1+etch14_mips.deb
Little-endian MIPS:: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3.1+etch14_mipsel.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3.1+etch14_mipsel.deb; http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3.1+etch14_mipsel.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3.1+etch14_mipsel.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3.1+etch14_mipsel.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3.1+etch14_mipsel.deb; http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3.1+etch14_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3.1+etch14_powerpc.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3.1+etch14_powerpc.deb; http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3.1+etch14_powerpc.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3.1+etch14_powerpc.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3.1+etch14_powerpc.deb; http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3.1+etch14_powerpc.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3.1+etch14_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3.1+etch14_s390.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3.1+etch14_s390.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3.1+etch14_s390.deb; http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3.1+etch14_s390.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3.1+etch14_s390.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3.1+etch14_s390.deb; http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3.1+etch14_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3.1+etch14_sparc.deb; http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3.1+etch14_sparc.deb; http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3.1+etch14_sparc.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3.1+etch14_sparc.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3.1+etch14_sparc.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3.1+etch14_sparc.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3.1+etch14_sparc.deb

MD5-Prüfsummen der aufgeführten Dateien stehen in der ursprünglichen Sicherheitsankündigung zur Verfügung.

Diese Seite gibt es auch in den folgenden Sprachen:

dansk English français 日本語 (Nihongo) svenska

Wie stellt man die Standardsprache ein

Um Probleme mit der Website zu melden, schreiben Sie bitte eine E-Mail auf Englisch an debian-www@lists.debian.org. Rechtschreibfehler in der deutschen Übersetzung senden Sie bitte an debian-l10n-german@lists.debian.org. Weitere Kontaktinformationen finden Sie auf Debians Kontaktseite.