Bulletin d'alerte Debian
DSA-1680-1 clamav -- Débordement de mémoire tampon, consommation de pile
- Date du rapport :
- 4 décembre 2008
- Paquets concernés :
- clamav
- Vulnérabilité :
- Oui
- Références dans la base de données de sécurité :
- Dans le système de suivi des bogues Debian : Bogue 505134, Bogue 507624.
Dans le dictionnaire CVE du Mitre : CVE-2008-5050, CVE-2008-5314. - Plus de précisions :
-
Moritz Jodeit a découvert que ClamAV, une solution d'anti-virus, souffre d'une erreur « off-by-one-error » dans son analyseur de fichier de projet VBA. Cela peut conduire à débordement de mémoire tampon et éventuellement à l'exécution de code arbitraire (CVE-2008-5050).
Ilja van Sprundel a découvert que ClamAV contient un déni de service dans son analyseur de fichier JPEG car il ne limite pas son algorithme récursif lors de l'analyse de miniature JPEG (CVE-2008-5314).
Pour la distribution stable (Etch), ces problèmes ont été corrigés dans la version 0.90.1dfsg-4etch16.
Pour la distribution unstable (Sid), ces problèmes ont été corrigés dans la version 0.94.dfsg.2-1.
La distribution de test (Lenny) sera corrigé prochainement.
Nous vous recommandons de mettre à jour vos paquets clamav.
- Corrigé dans :
-
Debian GNU/Linux 4.0 (etch)
- Source :
- http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg.orig.tar.gz
- http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch16.dsc
- http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch16.diff.gz
- http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch16.dsc
- Composant indépendant de l'architecture :
- http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.90.1dfsg-4etch16_all.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.90.1dfsg-4etch16_all.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.90.1dfsg-4etch16_all.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.90.1dfsg-4etch16_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-4etch16_alpha.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch16_alpha.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch16_alpha.deb
- http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch16_alpha.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch16_alpha.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-4etch16_alpha.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch16_alpha.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch16_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch16_amd64.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-4etch16_amd64.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch16_amd64.deb
- http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch16_amd64.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch16_amd64.deb
- http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-4etch16_amd64.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch16_amd64.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-4etch16_amd64.deb
- HP Precision:
- http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-4etch16_hppa.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch16_hppa.deb
- http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-4etch16_hppa.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch16_hppa.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch16_hppa.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch16_hppa.deb
- http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch16_hppa.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch16_hppa.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch16_i386.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch16_i386.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-4etch16_i386.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch16_i386.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch16_i386.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch16_i386.deb
- http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-4etch16_i386.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch16_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch16_ia64.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch16_ia64.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch16_ia64.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch16_ia64.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-4etch16_ia64.deb
- http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch16_ia64.deb
- http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-4etch16_ia64.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch16_ia64.deb
- Big-endian MIPS:
- http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch16_mips.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch16_mips.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch16_mips.deb
- http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch16_mips.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-4etch16_mips.deb
- http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-4etch16_mips.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch16_mips.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch16_mips.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch16_powerpc.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch16_powerpc.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-4etch16_powerpc.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch16_powerpc.deb
- http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-4etch16_powerpc.deb
- http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch16_powerpc.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch16_powerpc.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch16_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-4etch16_s390.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch16_s390.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch16_s390.deb
- http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch16_s390.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch16_s390.deb
- http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-4etch16_s390.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch16_s390.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch16_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-4etch16_sparc.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch16_sparc.deb
- http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch16_sparc.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch16_sparc.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch16_sparc.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-4etch16_sparc.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch16_sparc.deb
- http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch16_sparc.deb
Les sommes MD5 des fichiers indiqués sont disponibles sur la page originale de l'alerte de sécurité.