lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070901115351.GA4067@galadriel.inutil.org>
Date: Sat, 1 Sep 2007 13:53:51 +0200
From: Moritz Muehlenhoff <jmm@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 1366-1] New clamav packages fix several vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1366-1                    security@...ian.org
http://www.debian.org/security/                         Moritz Muehlenhoff
September 1st, 2007                     http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : clamav
Vulnerability  : several
Problem-Type   : remote
Debian-specific: no
CVE ID         : CVE-2007-4510 CVE-2007-4560

Several remote vulnerabilities have been discovered in the Clam anti-virus
toolkit. The Common Vulnerabilities and Exposures project identifies the
following problems:

CVE-2007-4510

    It was discovered that the RTF and RFC2397 parsers can be tricked
    into dereferencing a NULL pointer, resulting in denial of service.

CVE-2007-4560

    It was discovered clamav-milter performs insufficicient input
    sanitising, resulting in the execution of arbitrary shell commands.

The oldstable distribution (sarge) is only affected by a subset of 
the problems. An update will be provided later.

For the stable distribution (etch) these problems have been fixed
in version 0.90.1-3etch7.

For the unstable distribution (sid) these problems have been fixed in
version 0.91.2-1.

We recommend that you upgrade your clamav packages. 

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7.dsc
      Size/MD5 checksum:      886 76508137da0c93a144d130323f7eca87
    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7.diff.gz
      Size/MD5 checksum:   203232 127d4844eb36f41a52c67d461d554c09
    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1.orig.tar.gz
      Size/MD5 checksum: 11643310 cd11c05b5476262eaea4fa3bd7dc25bf

  Architecture independent components:

    http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.90.1-3etch7_all.deb
      Size/MD5 checksum:   201648 4f87137fc2d9dc12ae774ed149c11080
    http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.90.1-3etch7_all.deb
      Size/MD5 checksum:  1003456 a2aacc240716f6da56c9cda24e288af1
    http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.90.1-3etch7_all.deb
      Size/MD5 checksum:   157834 820e470f5c428c599fc174e0fcadc7ee

  Alpha architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_alpha.deb
      Size/MD5 checksum:   863492 e4bb31adae25ba8270c3a7693a5ac203
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_alpha.deb
      Size/MD5 checksum:   184710 65a6b05e5f59a1373b27524267f81f61
    http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_alpha.deb
      Size/MD5 checksum:   644772 fc182ead4b1858dd9e295a1e774f13c7
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_alpha.deb
      Size/MD5 checksum:  9303850 fccfb44066fd7028855dd92ac61918ca
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_alpha.deb
      Size/MD5 checksum:   180304 d34adfc21674bfd5f804f4c721aff9d5
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_alpha.deb
      Size/MD5 checksum:   511144 223b48dbd9cb9a4003a67dbba4bf265e
    http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_alpha.deb
      Size/MD5 checksum:   406406 6bca766fb1a86d0a58793f7f9603dd85

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_amd64.deb
      Size/MD5 checksum:   856522 cae033c2c4d2245ed0c3742982f9bb67
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_amd64.deb
      Size/MD5 checksum:   178452 cf29bd7447cfc3163974b60cc29955a1
    http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_amd64.deb
      Size/MD5 checksum:   638384 11df3244f048ed156ef97d99ddf13ee2
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_amd64.deb
      Size/MD5 checksum:  9301956 ee98e922039c3ae2e58e00fa46f3682f
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_amd64.deb
      Size/MD5 checksum:   177470 a2fc25aecce75dfd7b506bfd852110cd
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_amd64.deb
      Size/MD5 checksum:   386568 6a1f79b33c45bbf7f63361c5bc3e5301
    http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_amd64.deb
      Size/MD5 checksum:   367274 a313b9e7a274000923f2a4c508ce630d

  ARM architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_arm.deb
      Size/MD5 checksum:   852934 030a5f8950c9917033dd4a73e500d177
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_arm.deb
      Size/MD5 checksum:   171200 c37973b52dbee496410dc338826c89c3
    http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_arm.deb
      Size/MD5 checksum:   598014 2e698cb351c2a6821e4cc4a4c4f39d48
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_arm.deb
      Size/MD5 checksum:  9299226 06ca0c49348eb0deeddac6e1b4d87378
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_arm.deb
      Size/MD5 checksum:   175344 b38253709f390f65a27363f0d41e14c7
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_arm.deb
      Size/MD5 checksum:   366618 f555885ad50c5a205bfe52bc5c05bf32
    http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_arm.deb
      Size/MD5 checksum:   363474 47905b28d3fa482eb2ba05c08de1f395

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_hppa.deb
      Size/MD5 checksum:   857242 7d921dd3dc4d8dc97c8289e6ed2dc56c
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_hppa.deb
      Size/MD5 checksum:   178162 f0e8edeadf8a35002982a166b84f5bd8
    http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_hppa.deb
      Size/MD5 checksum:   618354 dd56899c90c0826a029ad632fe3d784e
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_hppa.deb
      Size/MD5 checksum:  9303278 352b5455ef66f4faebf1622bba6d6abb
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_hppa.deb
      Size/MD5 checksum:   177404 1d571b923902dfeadab4c4d79485ca24
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_hppa.deb
      Size/MD5 checksum:   432894 5700bd90730816ae355bb969a3a0d726
    http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_hppa.deb
      Size/MD5 checksum:   405100 8e2345c87a460779a4588a51b5d3d4fa

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_i386.deb
      Size/MD5 checksum:   853954 9cb2105c0b125d06b6cd55c3afc034df
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_i386.deb
      Size/MD5 checksum:   174810 26e058c602e245cdd93b617a6433f3eb
    http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_i386.deb
      Size/MD5 checksum:   604246 9229e00e4fd2f479c4991579527dda05
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_i386.deb
      Size/MD5 checksum:  9300180 2ea193af166b258bafc507ee39fe5ed5
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_i386.deb
      Size/MD5 checksum:   175306 a9249b84ddf8381fddaefdad2d838a7e
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_i386.deb
      Size/MD5 checksum:   367860 d88bcc54abe004b0cac9dace8b1a97cb
    http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_i386.deb
      Size/MD5 checksum:   365930 25dfe3b0f5db7fd318f508f981447c5b

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_ia64.deb
      Size/MD5 checksum:   878502 6819ecbe6de1e78d7a794bd57be5242c
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_ia64.deb
      Size/MD5 checksum:   201696 b6aad73bb42bc06ebe2c7e7cf6638e8e
    http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_ia64.deb
      Size/MD5 checksum:   657016 a8700ddde5a27b6e5543c26b94ebaccb
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_ia64.deb
      Size/MD5 checksum:  9315332 5e70f38d3e2c545c2a3a0e886a9d31bf
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_ia64.deb
      Size/MD5 checksum:   191962 096679339d39f00c721efb8b443a4eaa
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_ia64.deb
      Size/MD5 checksum:   521666 d782256097bd91daac7c281bc5b9c04a
    http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_ia64.deb
      Size/MD5 checksum:   475118 9672c4a0370689ab46e98bbe4b5abdae

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_mips.deb
      Size/MD5 checksum:   854704 4c88a5d9a1dba0a9b1bff65a873b3088
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_mips.deb
      Size/MD5 checksum:   179932 6eddaad912a230c6b5e8d7b66503a99d
    http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_mips.deb
      Size/MD5 checksum:   647356 783a1e4fed71df9f0556616b54cb3a93
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_mips.deb
      Size/MD5 checksum:  9301594 fc06728c15469aace7857a24f5fc53ee
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_mips.deb
      Size/MD5 checksum:   175694 1389bf57964bee7e61a49fe148dfd06c
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_mips.deb
      Size/MD5 checksum:   435530 6ff83829f607222759f9bc74add7b77e
    http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_mips.deb
      Size/MD5 checksum:   372356 569d451c407c05823032836b2b44d89c

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_mipsel.deb
      Size/MD5 checksum:   854664 4d78fb80f34622cfabd610d707b74ed3
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_mipsel.deb
      Size/MD5 checksum:   180046 e2a0871e9171da32be01adf62ad1d128
    http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_mipsel.deb
      Size/MD5 checksum:   636224 2476d9168a9dc29ec7c466f87a234dbc
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_mipsel.deb
      Size/MD5 checksum:  9301726 91fbb41f97a05431b3a192b7fb1be1ab
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_mipsel.deb
      Size/MD5 checksum:   175936 bca774cbae1f58760b3e865189615238
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_mipsel.deb
      Size/MD5 checksum:   426980 282f62187b9cd468416f8fd614d4067c
    http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_mipsel.deb
      Size/MD5 checksum:   365596 6a7c6a9c3f466ec1af406bc5c58d8322

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_powerpc.deb
      Size/MD5 checksum:   857324 71e8777c0bd9373b31bafc1aa00c8be0
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_powerpc.deb
      Size/MD5 checksum:   181870 76e72290201ed98010991f3639c6a87e
    http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_powerpc.deb
      Size/MD5 checksum:   637432 d3d0cf8a8288a340ade551737721ddcf
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_powerpc.deb
      Size/MD5 checksum:  9302318 7574fcc75525c788c93ff3b28b214458
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_powerpc.deb
      Size/MD5 checksum:   176394 9f861a15da4a7d3d460948dce1e97037
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_powerpc.deb
      Size/MD5 checksum:   405822 f84a324e6d6101046dce37495a5fc1db
    http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_powerpc.deb
      Size/MD5 checksum:   378474 ec5ab7ea0b45d507ad5ffd0bdd91921b

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_s390.deb
      Size/MD5 checksum:   855284 451dd987867f18df691343826ae2f11f
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_s390.deb
      Size/MD5 checksum:   176424 46cc5eddcc876479e988b9e10e879f8c
    http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_s390.deb
      Size/MD5 checksum:   628526 2c75c9e4150a0b8eb0c6446e5d112735
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_s390.deb
      Size/MD5 checksum:  9300942 04eb856a3a44098ea1e483921e272c46
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_s390.deb
      Size/MD5 checksum:   177166 52c5cba6197a33b62c912bfddde59782
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_s390.deb
      Size/MD5 checksum:   401818 b8f39319d247f3aa8077c5cfd308185c
    http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_s390.deb
      Size/MD5 checksum:   391486 24119acc8394847bbde1a957449b0f15

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_sparc.deb
      Size/MD5 checksum:   851414 6da36840b5725d962426971f01e2419c
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_sparc.deb
      Size/MD5 checksum:   172124 0ad57992d8e2538850137a3b9580dfc0
    http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_sparc.deb
      Size/MD5 checksum:   584052 69fd3f5d67b2a54b1735414184f6a92c
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_sparc.deb
      Size/MD5 checksum:  9298816 2c3e7b1aa338c7fb3d04ce3807ec28bd
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_sparc.deb
      Size/MD5 checksum:   174044 16c23d0e5057d3d852e21ad226601ec2
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_sparc.deb
      Size/MD5 checksum:   389466 45e786e946ddde5fc22c9532a7169f5e
    http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_sparc.deb
      Size/MD5 checksum:   377484 58b6b3b0d422300d241f406f9985cfa9

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFG2VKTXm3vHE4uyloRApU/AJ4iMAAtQkYLb1b6Yt/v0PhLvl8YsgCg1U+S
4x6lAqoCqVoHDBPuNQLeG9U=
=N77M
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ