lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <20070724072405.903CE10114@finlandia.home.infodrom.org> Date: Tue, 24 Jul 2007 09:24:05 +0200 (CEST) From: joey@...odrom.org (Martin Schulze) To: bugtraq@...urityfocus.com Subject: [SECURITY] [DSA 1340-1] New ClamAV packages fix denial of service -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1340-1 security@...ian.org http://www.debian.org/security/ Martin Schulze July 24th, 2007 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : clamav Vulnerability : null pointer dereference Problem type : local (remote) Debian-specific: no CVE ID : CVE-2007-3725 A NULL pointer dereference has been discovered in the RAR VM of Clam Antivirus (ClamAV) which allows user-assisted remote attackers to cause a denial of service via a specially crafted RAR archives. We are currently unable to provide fixed packages for the MIPS architectures. Those packages will be installed in the security archive when they become available. The old stable distribution (sarge) is not affected by this problem. For the stable distribution (etch) this problem has been fixed in version 0.90.1-3etch4. For the unstable distribution (sid) this problem has been fixed in version 0.91-1. We recommend that you upgrade your clamav packages. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Source archives: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch4.dsc Size/MD5 checksum: 886 4322482c1fb82b108aa43cb9db54efd1 http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch4.diff.gz Size/MD5 checksum: 201403 a5c2bfc45cc81fd1f85c3bfca605c2eb http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1.orig.tar.gz Size/MD5 checksum: 11643310 cd11c05b5476262eaea4fa3bd7dc25bf Architecture independent components: http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.90.1-3etch4_all.deb Size/MD5 checksum: 201448 cf1df37f823c25b62bb341da58b13cb9 http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.90.1-3etch4_all.deb Size/MD5 checksum: 1003244 fda3003977260e1b5cea1547167d492c http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.90.1-3etch4_all.deb Size/MD5 checksum: 157626 548abf569b73b094e3807888f2f5038d Alpha architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch4_alpha.deb Size/MD5 checksum: 863288 10878c8e050e17086aeea82678293c08 http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch4_alpha.deb Size/MD5 checksum: 184482 cc5eca7ca9f6c3d7c9cb64557b975d8b http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch4_alpha.deb Size/MD5 checksum: 644222 71b240e73b41ea5a62a2e481c3ed3147 http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch4_alpha.deb Size/MD5 checksum: 9303578 91aa4799771e9f6a366a84f8be4a0154 http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch4_alpha.deb Size/MD5 checksum: 179638 16cb1cdf55b0f6cc983ef3c224b6ad42 http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch4_alpha.deb Size/MD5 checksum: 510846 dfd5016fdaa269c808d1585eeb29b682 http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch4_alpha.deb Size/MD5 checksum: 406172 76b0ab23e443a074b089e23f63c1b996 AMD64 architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch4_amd64.deb Size/MD5 checksum: 856292 ae79ee69acb68b7edc2938e74df07572 http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch4_amd64.deb Size/MD5 checksum: 178250 919ffe6a6d8f087f7c64f561de240dcb http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch4_amd64.deb Size/MD5 checksum: 637868 96df7a341a13a1dcfa3726da88270285 http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch4_amd64.deb Size/MD5 checksum: 9301706 97194c4ceb5cc69c897becba8509f5c6 http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch4_amd64.deb Size/MD5 checksum: 176744 e9870bb2dbb4cae1415e7da8043f6d83 http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch4_amd64.deb Size/MD5 checksum: 386328 cb0f86bd159db1925ec39157c345f20e http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch4_amd64.deb Size/MD5 checksum: 367102 f79837717dee7f6a9aaa9c1817fed77e ARM architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch4_arm.deb Size/MD5 checksum: 851824 9fc5cd7039da4dde8f570720c08fdc99 http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch4_arm.deb Size/MD5 checksum: 173452 ce3d61f700ed0607ebb71307928976da http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch4_arm.deb Size/MD5 checksum: 597194 f38f065738f1cafba9a3c42922223709 http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch4_arm.deb Size/MD5 checksum: 9299488 10799147def77a149669c56346cc287a http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch4_arm.deb Size/MD5 checksum: 174552 e16ae0c225af49669e082239fc39a76c http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch4_arm.deb Size/MD5 checksum: 366682 8a95f23f368df1453b461a3da2c7e23c http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch4_arm.deb Size/MD5 checksum: 362572 39aba5c87cc8a8023c512926f095611b HP Precision architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch4_hppa.deb Size/MD5 checksum: 857062 5fa4607f52271c43e9f277c69ea934f6 http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch4_hppa.deb Size/MD5 checksum: 177964 17e85986371220f8bb54a9cd8368309a http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch4_hppa.deb Size/MD5 checksum: 617892 c27423a2aa54314d371cd517f52b0c61 http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch4_hppa.deb Size/MD5 checksum: 9303060 034452cd5c442565ec7d150ed5b46e06 http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch4_hppa.deb Size/MD5 checksum: 176816 27a3c13573a79dc97e7aea6a79c53ef4 http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch4_hppa.deb Size/MD5 checksum: 432748 96afeaa27862183bea23b961600d93fe http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch4_hppa.deb Size/MD5 checksum: 404838 0573b674780cbc47d19ac0ddcf183496 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch4_i386.deb Size/MD5 checksum: 853720 51d46ae39ed2a720e584b5b52b2d3409 http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch4_i386.deb Size/MD5 checksum: 174618 d07358cba9e467fdf2159739016d00a7 http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch4_i386.deb Size/MD5 checksum: 603774 2987ddb46e82447f8e6e20d33080aa37 http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch4_i386.deb Size/MD5 checksum: 9300044 d9f5a5d77235452c19669d71a6a13a93 http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch4_i386.deb Size/MD5 checksum: 174752 c863d6372b97823c5cd052b22ade00b0 http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch4_i386.deb Size/MD5 checksum: 367668 b1380aa6e0fe222916605f08a89c16f9 http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch4_i386.deb Size/MD5 checksum: 365686 156a20aba1b91eb24f8a8b668e3a46cd Intel IA-64 architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch4_ia64.deb Size/MD5 checksum: 878298 2a2420da2db40f69e7654689845fa2b0 http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch4_ia64.deb Size/MD5 checksum: 201470 70a6f87e38268e27afd74951851eca94 http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch4_ia64.deb Size/MD5 checksum: 656106 f92e7ef6ab087b48e264e4628b87a785 http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch4_ia64.deb Size/MD5 checksum: 9315074 f72f2a6a7445f23a2ab5652ac79237bc http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch4_ia64.deb Size/MD5 checksum: 191134 f79c94fa3326f59a37546f6e49a25303 http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch4_ia64.deb Size/MD5 checksum: 521332 c5a2c75acf87f4e41160ec1e9fd3af72 http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch4_ia64.deb Size/MD5 checksum: 474822 b5c2e4e6a30d056e05677055d220c283 PowerPC architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch4_powerpc.deb Size/MD5 checksum: 857106 5da0964bfba1524143595c0ea23dfde9 http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch4_powerpc.deb Size/MD5 checksum: 181682 9805bff29a56e84a23a904ef1604723c http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch4_powerpc.deb Size/MD5 checksum: 636886 5a2a9d659d39f9363b0faa092f0ae32f http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch4_powerpc.deb Size/MD5 checksum: 9302070 0d906d48dd85f6ea63263e0580e55de8 http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch4_powerpc.deb Size/MD5 checksum: 175854 2cc7ed815f9882cd268112c4ac8e0aa1 http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch4_powerpc.deb Size/MD5 checksum: 405626 aa7a50f217ddb1a2637c79a3e83aad4a http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch4_powerpc.deb Size/MD5 checksum: 378180 a14d2b513f173bfbf3ce486b45d383bb IBM S/390 architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch4_s390.deb Size/MD5 checksum: 855060 bbf174ba8e4b8185f093a368a4fd3068 http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch4_s390.deb Size/MD5 checksum: 176256 08b08bf7eccd915ced8b284af52e2c0b http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch4_s390.deb Size/MD5 checksum: 627908 2453d58f7113081a6ba90f45c6448dc0 http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch4_s390.deb Size/MD5 checksum: 9300764 19ab312ca93be29295380d0f0f965c97 http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch4_s390.deb Size/MD5 checksum: 176424 c2ed7fde9ba790fb495428f318a4c6a7 http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch4_s390.deb Size/MD5 checksum: 401622 18ea76e737dfa67aebfd7b62b68dbd94 http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch4_s390.deb Size/MD5 checksum: 391172 795d593d6bdfcf5cbf16ba692fc54395 Sun Sparc architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch4_sparc.deb Size/MD5 checksum: 851152 110dd04af9f54ee83c7312e096cd9201 http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch4_sparc.deb Size/MD5 checksum: 171902 53ce9d7055da42e07f28685a03a52592 http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch4_sparc.deb Size/MD5 checksum: 584004 c859bae90ea21251b8faa4114eb7b9df http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch4_sparc.deb Size/MD5 checksum: 9298608 de87f85e9dd4e74fb3f1b3d85bcb53c0 http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch4_sparc.deb Size/MD5 checksum: 173534 9cca508f4a123f194872d6c6f8b5af0b http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch4_sparc.deb Size/MD5 checksum: 389104 5432b26c75aa4ba4579d0c0eaaa42fdd http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch4_sparc.deb Size/MD5 checksum: 377310 0ecb88683024a0cc7ec48f715419cd0e These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@...ts.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGpakUW5ql+IAeqTIRAqbvAJ9vOXlEgRCXOoveSIztfNE3alRAUwCeN6/Z ycgTsKuTI/fIPW5ekwqtGGU= =w//P -----END PGP SIGNATURE-----