lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <20060818173944.A2710FDAF@finlandia.home.infodrom.org> Date: Fri, 18 Aug 2006 19:39:44 +0200 (CEST) From: joey@...odrom.org (Martin Schulze) To: bugtraq@...urityfocus.com Subject: [SECURITY] [DSA 1153-1] New ClamAV packages fix arbitrary code execution -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1153-1 security@...ian.org http://www.debian.org/security/ Martin Schulze August 18th, 2006 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : clamav Vulnerability : buffer overflow Problem type : remote Debian-specific: no CVE ID : CVE-2006-4018 BugTraq ID : 19381 Damian Put discovered a heap overflow vulneravility in the UPX unpacker of the ClamAV anti-virus toolkit which could allow remote attackers to execute arbitrary code or cause denial of service. For the stable distribution (sarge) this problem has been fixed in version 0.84-2.sarge.10. For the stable distribution (sarge) this problem has been fixed in version 0.88.4-0volatile1 in the volatile archive. For the unstable distribution (sid) this problem has been fixed in version 0.88.4-2. We recommend that you upgrade your clamav packages. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.10.dsc Size/MD5 checksum: 874 579ac9552dbc0075d4d087042c231804 http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.10.diff.gz Size/MD5 checksum: 176298 01bb523d1fd48f70a3277e12b965d426 http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84.orig.tar.gz Size/MD5 checksum: 4006624 c43213da01d510faf117daa9a4d5326c Architecture independent components: http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.84-2.sarge.10_all.deb Size/MD5 checksum: 154834 aa3600fb1bccc896debdf371c6b94979 http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.84-2.sarge.10_all.deb Size/MD5 checksum: 694360 6cd87074ba63f69e7cf065af1665839f http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.84-2.sarge.10_all.deb Size/MD5 checksum: 123846 317f7c5a1fcba2c7502a7011edf07640 Alpha architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.10_alpha.deb Size/MD5 checksum: 74756 ee20948ad40b44d08ea016becd29c59d http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.10_alpha.deb Size/MD5 checksum: 48832 1f24a23e371f0c7cec48123dbc62d87f http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.10_alpha.deb Size/MD5 checksum: 2176454 f76987654e839526da6d30ef50678fee http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.10_alpha.deb Size/MD5 checksum: 42108 ca5ad43ec67d02f425db4cde24ea359c http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.10_alpha.deb Size/MD5 checksum: 255698 b0c02ebb16c838039d25c837887e2b20 http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.10_alpha.deb Size/MD5 checksum: 285520 b7e6deae0b3f715ce64bd450fa1bed55 AMD64 architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.10_amd64.deb Size/MD5 checksum: 68854 eeca1c599d8423fedbd7458c2823e675 http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.10_amd64.deb Size/MD5 checksum: 44190 a9ffbdbf3145ed7ee1b09f754f6f1cba http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.10_amd64.deb Size/MD5 checksum: 2173266 b2bbfd444309513e0fbb0ffae9f7ca6f http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.10_amd64.deb Size/MD5 checksum: 39992 c69a8afe5eb511d6d8fda40f4430acc4 http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.10_amd64.deb Size/MD5 checksum: 176430 114e0b901947b5c05e14863372b20371 http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.10_amd64.deb Size/MD5 checksum: 259648 34f48f60ab045c94bccdb2ef545c58bf ARM architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.10_arm.deb Size/MD5 checksum: 63940 0149c2854989385bc91dd7f3857c22de http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.10_arm.deb Size/MD5 checksum: 39602 3069d8dbd7134cdbe2aafbee73f394eb http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.10_arm.deb Size/MD5 checksum: 2171302 36abc779119678735260f262abd46b14 http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.10_arm.deb Size/MD5 checksum: 37320 1a2b2bf609209bf679f1dc0595c014f5 http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.10_arm.deb Size/MD5 checksum: 174866 dd1d6ecdae9b72d4370269553de7822c http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.10_arm.deb Size/MD5 checksum: 249684 ea978f5d747b263abbab696f3ee43d84 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.10_i386.deb Size/MD5 checksum: 65192 65526868baf4727a43f50c3fc9d5bfaf http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.10_i386.deb Size/MD5 checksum: 40314 3dcbd76b10f316cb966c9d0481c86d95 http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.10_i386.deb Size/MD5 checksum: 2171614 56f381689bb923aff94ea1c089c972e6 http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.10_i386.deb Size/MD5 checksum: 38036 0ba3584e974098cacb54356f01ba5b81 http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.10_i386.deb Size/MD5 checksum: 159624 f1df89303a47b8feadb0cc34a3af524e http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.10_i386.deb Size/MD5 checksum: 254320 fa8338410aacfed8a7699cb2e89f2f24 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.10_ia64.deb Size/MD5 checksum: 81812 24394b30b3d05645157d681e31e4a334 http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.10_ia64.deb Size/MD5 checksum: 55236 0547745bea0ea7c00874cb28bb8c6076 http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.10_ia64.deb Size/MD5 checksum: 2180240 bb88c2a0b8d3954e4c8c0bb2eb254626 http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.10_ia64.deb Size/MD5 checksum: 49200 e89b9424d435e4b54b5541310df54d18 http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.10_ia64.deb Size/MD5 checksum: 252048 307a1171d4d24ec18b405300c8abc8c3 http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.10_ia64.deb Size/MD5 checksum: 317632 f26a3c8aa9686fe1325f19ceb21ae876 HP Precision architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.10_hppa.deb Size/MD5 checksum: 68266 53f9a7dc51264112fa03824a6f159a55 http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.10_hppa.deb Size/MD5 checksum: 43282 2cd52c92c09be751c18871aa1779e412 http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.10_hppa.deb Size/MD5 checksum: 2173738 3b5b881e2c5a9e68ea3ef9181acb8f00 http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.10_hppa.deb Size/MD5 checksum: 39448 452a3eca157ec974030633ecd149f1d7 http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.10_hppa.deb Size/MD5 checksum: 202646 f11e31f03249e881007664e1fe68e575 http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.10_hppa.deb Size/MD5 checksum: 283402 84b6b57ffe3d653db556102896b32d73 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.10_m68k.deb Size/MD5 checksum: 62518 cc621b1387c92be1ac653e05f3ca5971 http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.10_m68k.deb Size/MD5 checksum: 38206 36154fc4bd779e3ab9ac3eb51ea0f833 http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.10_m68k.deb Size/MD5 checksum: 2170522 8b576066f0b981f9e55b4400f6ecbe69 http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.10_m68k.deb Size/MD5 checksum: 35060 61a22458f305bd2c28834c62cdaa9e9a http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.10_m68k.deb Size/MD5 checksum: 146266 0fbd30a2c656ef6ec0d75c010aedb5a4 http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.10_m68k.deb Size/MD5 checksum: 250410 8b804dadd0fc35420d477228d254d543 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.10_mips.deb Size/MD5 checksum: 67948 5c5216d18d7d584a5f0859f0094aa417 http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.10_mips.deb Size/MD5 checksum: 43792 512afdde1b2da6791bd463de827449f4 http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.10_mips.deb Size/MD5 checksum: 2173022 48dae648fe0713d6afc79127838d5271 http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.10_mips.deb Size/MD5 checksum: 37672 e34c78057e3f92367bd8591364550e3c http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.10_mips.deb Size/MD5 checksum: 195464 1fb3cda50e0d5c2db77ae4fb985516e7 http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.10_mips.deb Size/MD5 checksum: 257498 0262d853aa80aa7a58d19a2eca3b44e8 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.10_mipsel.deb Size/MD5 checksum: 67554 4185522ad02b337b9da6663cbd1024ac http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.10_mipsel.deb Size/MD5 checksum: 43592 fb26021b07612a92028d8830f6ff3804 http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.10_mipsel.deb Size/MD5 checksum: 2173004 9193ea804f2b7c19548417165178ca05 http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.10_mipsel.deb Size/MD5 checksum: 37960 2030dcaed3d04a2d7a918940e310d280 http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.10_mipsel.deb Size/MD5 checksum: 191886 2b3158916a4251c4d5a5381ebb49c838 http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.10_mipsel.deb Size/MD5 checksum: 255096 3bf9a5cee57791754a88bbb96a2c6fc0 PowerPC architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.10_powerpc.deb Size/MD5 checksum: 69290 63e95304cf75bbc09fdcdc74b5065e81 http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.10_powerpc.deb Size/MD5 checksum: 44666 000b1226fe5f62d5dab412f302ee2624 http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.10_powerpc.deb Size/MD5 checksum: 2173672 d72f0dbd55ddf72f68b7455b39318593 http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.10_powerpc.deb Size/MD5 checksum: 38866 3cbd90828e563181db163c8f2be59dbf http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.10_powerpc.deb Size/MD5 checksum: 187672 529b30228ccd9858381953ef29a1a799 http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.10_powerpc.deb Size/MD5 checksum: 264866 3b4f8f04c88d0ae27db4c37d43adb7b8 IBM S/390 architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.10_s390.deb Size/MD5 checksum: 67900 6025940acf3fd7317140990d3b767598 http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.10_s390.deb Size/MD5 checksum: 43556 9121cc8c74337e8fc8df83b6f4d317aa http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.10_s390.deb Size/MD5 checksum: 2172970 b76417d453c968451ca19abff7f3b1cf http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.10_s390.deb Size/MD5 checksum: 38934 c6ba23cdab5a45fd0ed314ac85537ad6 http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.10_s390.deb Size/MD5 checksum: 182620 0d27f0ef5d3e2e530486ec2391f1ee0d http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.10_s390.deb Size/MD5 checksum: 269456 272e24025e52efd9c7b1f41c3f92765e Sun Sparc architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.10_sparc.deb Size/MD5 checksum: 64430 6a3177a86caaf0b5a1a9709c85e56749 http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.10_sparc.deb Size/MD5 checksum: 39468 81982545aa069ecface4252e0892f57e http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.10_sparc.deb Size/MD5 checksum: 2171174 a7f6fb7b6e0948a598d7a85c12c5f1d5 http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.10_sparc.deb Size/MD5 checksum: 36856 37da7d38dfbeebdcb933892eb7826cab http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.10_sparc.deb Size/MD5 checksum: 175820 3af502c16ea8a016050d84a24bc9278f http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.10_sparc.deb Size/MD5 checksum: 264768 d9b5237456cfe44294020c771982b8c3 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@...ts.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFE5ftfW5ql+IAeqTIRArDyAKC8A5mdy2k4wONCRvpmKGhaqjaptACeKhgk MjqSKTY2xKx8TEHZowHp6Uk= =5f5g -----END PGP SIGNATURE-----