lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20071219173804.GA4542@galadriel.inutil.org>
Date: Wed, 19 Dec 2007 18:38:04 +0100
From: Moritz Muehlenhoff <jmm@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 1435-1] New clamav packages fix several vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1435-1                  security@...ian.org
http://www.debian.org/security/                       Moritz Muehlenhoff
December 19, 2007                     http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : clamav
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2007-6335 CVE-2007-6336

Several remote vulnerabilities have been discovered in the Clam
anti-virus toolkit. The Common Vulnerabilities and Exposures project
identifies the following problems:

CVE-2007-6335

    It was discovered that an integer overflow in the decompression code
    for MEW archives may lead to the execution of arbitrary code.

CVE-2007-6336

    It was discovered that on off-by-one in the MS-ZIP decompression
    code may lead to the execution of arbitrary code.

For the stable distribution (etch), these problems have been fixed in
version 0.90.1-3etch8.

The old stable distribution (sarge) is not affected by these problems.
However, since the clamav version from Sarge cannot process all current
Clam malware signatures any longer, support for the ClamAV in Sarge is
now discontinued. We recommend to upgrade the the stable distribution
or run a backport of the stable version.

The unstable distribution (sid) will be fixed soon.


We recommend that you upgrade your clamav packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian 4.0 (stable)
- -------------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1.orig.tar.gz
    Size/MD5 checksum: 11643310 cd11c05b5476262eaea4fa3bd7dc25bf
  http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch8.dsc
    Size/MD5 checksum:      886 749c91e6c5ba5fc237e8a2176fdadb95
  http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch8.diff.gz
    Size/MD5 checksum:   207113 333bd216cf5347d99f59258a3c3a66ed

Architecture independent packages:

  http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.90.1-3etch8_all.deb
    Size/MD5 checksum:  1005018 117b5356ff6f6b661c1e40fc9d801684
  http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.90.1-3etch8_all.deb
    Size/MD5 checksum:   201722 aa2b7f1a58ca407b390449ca46f4ab27
  http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.90.1-3etch8_all.deb
    Size/MD5 checksum:   157958 49b16840258b5ceedfe0b71b96dbcedb

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch8_alpha.deb
    Size/MD5 checksum:   644446 694b0ad3130abf2e2db1e63760362836
  http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch8_alpha.deb
    Size/MD5 checksum:   406370 83cc1d74a4c6f0972d13d06f3a797fb2
  http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch8_alpha.deb
    Size/MD5 checksum:   511388 07bfeca8da437193d8e37bfa67e1795e
  http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch8_alpha.deb
    Size/MD5 checksum:  9303942 40bc5413ec2757d45afaafeb4dd780ca
  http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch8_alpha.deb
    Size/MD5 checksum:   184780 ce83079b346a0677478fcda3e8eb82c2
  http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch8_alpha.deb
    Size/MD5 checksum:   180400 ac5d647a73691f65ab65c9c7abf30d2a
  http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch8_alpha.deb
    Size/MD5 checksum:   863570 9020d874cea3fb66cfcad4f13853c714

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch8_amd64.deb
    Size/MD5 checksum:   177672 b41de0132a31e306926a539208c9040e
  http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch8_amd64.deb
    Size/MD5 checksum:  9301374 ef7c3f347faae5dfeeeb0b23443299f1
  http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch8_amd64.deb
    Size/MD5 checksum:   385814 4ac88e34ed1a21766867874d1147a883
  http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch8_amd64.deb
    Size/MD5 checksum:   639602 1b1cd8162ea42086321c0a4863b23a60
  http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch8_amd64.deb
    Size/MD5 checksum:   177104 560d52f19f0a3faf7aad14ee96b53810
  http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch8_amd64.deb
    Size/MD5 checksum:   367736 206ba38fb4ecaf940159e2cff5471ab4
  http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch8_amd64.deb
    Size/MD5 checksum:   856186 e507b156b818853bafa5ac249759f8ec

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch8_arm.deb
    Size/MD5 checksum:   363636 cffe11f51a8a7da7805e0653da528742
  http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch8_arm.deb
    Size/MD5 checksum:   171294 e37b91b2d63de0b2502f27ad3ada1bff
  http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch8_arm.deb
    Size/MD5 checksum:   598070 2640254d36f5a409f21c3282f3ae9973
  http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch8_arm.deb
    Size/MD5 checksum:   853018 81f2af2c8dd9549f732a5f71031d48a2
  http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch8_arm.deb
    Size/MD5 checksum:  9299274 b7db8bdfb726918d10c06e54676e51db
  http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch8_arm.deb
    Size/MD5 checksum:   175440 f6dc5d29f78684c13c4d49aa9fff7c94
  http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch8_arm.deb
    Size/MD5 checksum:   366796 ec589953394837dc9e7262881748d1d5

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch8_hppa.deb
    Size/MD5 checksum:   405300 f638617d5d10ad818efff8fef2815f9d
  http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch8_hppa.deb
    Size/MD5 checksum:  9303368 f759a6ecd5f1727f5cff479774a2602f
  http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch8_hppa.deb
    Size/MD5 checksum:   618512 e8cbc9c8eca895318be39d9ca4f04523
  http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch8_hppa.deb
    Size/MD5 checksum:   177502 bb227c43e15ee60249c8a5a5f16f1fbd
  http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch8_hppa.deb
    Size/MD5 checksum:   433084 2ce4b1d59e41c5c291c7199bcc6fb9d5
  http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch8_hppa.deb
    Size/MD5 checksum:   178236 7cc4ba752cd13f70620ff7137dbce8a0
  http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch8_hppa.deb
    Size/MD5 checksum:   857310 f7c02fb3d1dee8f7decdffd2a3b6bd3f

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch8_i386.deb
    Size/MD5 checksum:   175186 a9c3384d138654c8e88d68f32cd2d145
  http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch8_i386.deb
    Size/MD5 checksum:   172496 425b78dc05726d6665e0aafe0997ec3b
  http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch8_i386.deb
    Size/MD5 checksum:   855838 eee3404134bb37263f0ef0f04bf0337a
  http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch8_i386.deb
    Size/MD5 checksum:   368002 c4272fb334334b1605ff79c176c00e3e
  http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch8_i386.deb
    Size/MD5 checksum:  9300764 89bd6809bba1487479f7c4aa9cfd06b7
  http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch8_i386.deb
    Size/MD5 checksum:   604926 5304dab5e5f0c0900b33896ded343b2b
  http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch8_i386.deb
    Size/MD5 checksum:   365918 b8772ed7682c2028bf275cdcb9230e58

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch8_ia64.deb
    Size/MD5 checksum:   521858 ef5910b4071a93492e37ffaa792e54c6
  http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch8_ia64.deb
    Size/MD5 checksum:  9315402 abb8f40eb67f00eb44a7ccbf1ae3d9a5
  http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch8_ia64.deb
    Size/MD5 checksum:   192068 9e517f5aa84a7d3ba7f853aaacd0f194
  http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch8_ia64.deb
    Size/MD5 checksum:   878588 9815569fb986a09e7e0283b46c279cbd
  http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch8_ia64.deb
    Size/MD5 checksum:   201788 30ef29ed88c0f577d441613db29d7134
  http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch8_ia64.deb
    Size/MD5 checksum:   657300 2698e002dad3f5ca8a2daa30f5aa36f6
  http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch8_ia64.deb
    Size/MD5 checksum:   475254 cdbb3e6d452e0bee37691c8d1e21e80d

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch8_mips.deb
    Size/MD5 checksum:   647472 89dcd677a82c850725d27a427074e417
  http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch8_mips.deb
    Size/MD5 checksum:   175790 2920bababb9c8abc7577aaf2571236c5
  http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch8_mips.deb
    Size/MD5 checksum:  9301644 210081a84344c3f0fe1f75e3a69f4ccd
  http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch8_mips.deb
    Size/MD5 checksum:   435676 3fd14c67c544b5072aa40573ed13e86a
  http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch8_mips.deb
    Size/MD5 checksum:   854796 e2c92a765a76b8c1f28d4b378146ddbc
  http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch8_mips.deb
    Size/MD5 checksum:   180006 e8827073df24db0522bb7bf825ffeece
  http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch8_mips.deb
    Size/MD5 checksum:   372486 aa30a661b9ff5547f6abed40e1f78485

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch8_mipsel.deb
    Size/MD5 checksum:   854742 57beb6f74e26662127429e1d78a824d7
  http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch8_mipsel.deb
    Size/MD5 checksum:   180116 846c6c45d717ff883c9cc7e11cc82765
  http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch8_mipsel.deb
    Size/MD5 checksum:   365774 d8a1ceb423b0d77b54951002976ac3d8
  http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch8_mipsel.deb
    Size/MD5 checksum:   636366 b379e0789244a3bd9dd90b7e21e1c58b
  http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch8_mipsel.deb
    Size/MD5 checksum:  9301788 497419c8c083968fc0d54e3121a1095f
  http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch8_mipsel.deb
    Size/MD5 checksum:   176030 ac35e877599031d1895304b921d44ae2
  http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch8_mipsel.deb
    Size/MD5 checksum:   427180 d682d96e183083ef4a571ec2f7c4298b

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch8_powerpc.deb
    Size/MD5 checksum:   378618 ac31fa084fdaf402f87afb992d0e4919
  http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch8_powerpc.deb
    Size/MD5 checksum:   637410 a814ede334af4f81d029ac4ac8c0fb83
  http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch8_powerpc.deb
    Size/MD5 checksum:   405942 effc00cf153a20ed907eed3de9c76a8f
  http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch8_powerpc.deb
    Size/MD5 checksum:   181936 e0d817c4c004ff2d180e5c87d5ec26b6
  http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch8_powerpc.deb
    Size/MD5 checksum:   176484 dae82dca5708965c50779c18285039f8
  http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch8_powerpc.deb
    Size/MD5 checksum:   857412 77892bc52041b4296a19c63f3538028f
  http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch8_powerpc.deb
    Size/MD5 checksum:  9302416 db25b250486fc1e45b51c48c71ed8807

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch8_s390.deb
    Size/MD5 checksum:   401940 00f65f05d9cdff66947f94ddb59a6d80
  http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch8_s390.deb
    Size/MD5 checksum:   391738 5a298a20cd909782920da383ae77ddbd
  http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch8_s390.deb
    Size/MD5 checksum:   628426 d77305723f25d00e28ec2523b4759da4
  http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch8_s390.deb
    Size/MD5 checksum:  9301000 4a540d3fffade4b41a28be56e0a9d24f
  http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch8_s390.deb
    Size/MD5 checksum:   855364 c1e3fc44c8ac430ad96c9a13f2ea8c58
  http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch8_s390.deb
    Size/MD5 checksum:   177254 ca9f49f7d4836d4db368379bc120c0b6
  http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch8_s390.deb
    Size/MD5 checksum:   176500 3d0b34e3944ad7b350d52be7cd70a8cd

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch8_sparc.deb
    Size/MD5 checksum:   377600 9cd5d18a4719d28d879ba501b45f0582
  http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch8_sparc.deb
    Size/MD5 checksum:   851500 03ec16f173cdb84ea5dbddc775d99788
  http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch8_sparc.deb
    Size/MD5 checksum:   174144 943695d2439ce05aaedaa219c172ca35
  http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch8_sparc.deb
    Size/MD5 checksum:   389560 c3f81ec42378fcd6071ceeec99c8ff65
  http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch8_sparc.deb
    Size/MD5 checksum:   172228 33bd227c0c8ea1c0fb7db99e1e8824bb
  http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch8_sparc.deb
    Size/MD5 checksum:  9298896 2168cb8008c1b7cb0bd593beb567a569
  http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch8_sparc.deb
    Size/MD5 checksum:   584086 bded082a151f4bcc4a5be6d798b99cd7


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHaVa3Xm3vHE4uyloRAkIlAJ9YeMDZX5mvNpv2rAVgcePjaUpKRQCeP9CR
tNi2ydb9KfZ7Td8mFOWk9eY=
=BLYc
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ