lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070306223355.GA4090@galadriel.inutil.org>
Date: Tue, 6 Mar 2007 23:33:56 +0100
From: Moritz Muehlenhoff <jmm@...ian.org>
To: debian-security-announce@...ts.debian.org
Subject: [SECURITY] [DSA 1263-1] New clamav packages fix
	denial of service

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1263-1                    security@...ian.org
http://www.debian.org/security/                         Moritz Muehlenhoff
March 6th, 2006                         http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : clamav
Vulnerability  : several
Problem-Type   : remote
Debian-specific: no
CVE ID         : CVE-2007-0897 CVE-2007-0898
Debian Bug     : 411118

Several remote vulnerabilities have been discovered in in the Clam
anti-virus toolkit, which may lead to denial of service. The Common
Vulnerabilities and Exposures project identifies the following problems:

CVE-2007-0897

    It was discovered that malformed CAB archives may exhaust file
    descriptors, which allows denial of service.

CVE-2007-0898

    It was discovered that a directory traversal vulnerability in the MIME
    header parser may lead to denial of service.

For the stable distribution (sarge) these problems have been fixed in
version 0.84-2.sarge.15.

For the upcoming stable distribution (etch) these problems have been fixed
in version 0.88.7-2.

For the unstable distribution (sid) these problems have been fixed in
version 0.90-1.

We recommend that you upgrade your clamav packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15.dsc
      Size/MD5 checksum:      874 164ac3671dc1ede72f116703ff47f5c7
    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15.diff.gz
      Size/MD5 checksum:   181092 4cb9909ef8d4d1da088a44a40a3d0a5d
    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84.orig.tar.gz
      Size/MD5 checksum:  4006624 c43213da01d510faf117daa9a4d5326c

  Architecture independent components:

    http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.84-2.sarge.15_all.deb
      Size/MD5 checksum:   155290 d03243c2e40548b1ed8a7187dbbe05c0
    http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.84-2.sarge.15_all.deb
      Size/MD5 checksum:   690908 6a35ca9ba3a2cccafe60ee6ba15dff30
    http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.84-2.sarge.15_all.deb
      Size/MD5 checksum:   124274 50a76314d37beaa54c9939d01268a295

  Alpha architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_alpha.deb
      Size/MD5 checksum:    74852 2f8ba776b5b8ecabb5ced89124df8711
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_alpha.deb
      Size/MD5 checksum:    48910 3c1e853f2c6cd9e75c1f88f9e607196c
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_alpha.deb
      Size/MD5 checksum:  2176498 f00a4e4a4724e7c278b356f74dcd6e9f
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_alpha.deb
      Size/MD5 checksum:    42160 1632e0df7ee729b9863ddd3deb70f57c
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_alpha.deb
      Size/MD5 checksum:   256108 8cd276b750093c23907973a9d3e80031
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_alpha.deb
      Size/MD5 checksum:   286304 85f2cd7418bb2bae13615499b52211fe

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_amd64.deb
      Size/MD5 checksum:    69010 5c1285590a4068fe6253145862a4ade9
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_amd64.deb
      Size/MD5 checksum:    44278 5b7a1bc8cd6034bbc5ea6b4af21c5adc
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_amd64.deb
      Size/MD5 checksum:  2173282 eedaa60dcb78037af56c2868aaa70a8a
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_amd64.deb
      Size/MD5 checksum:    40038 92967a280f254f2254851bed6f1dfd0f
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_amd64.deb
      Size/MD5 checksum:   176818 c76d900e5c2b6add3da38f4ef84adc2b
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_amd64.deb
      Size/MD5 checksum:   260378 b6b0304db0b1ac7306b43d854eb8a4d5

  ARM architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_arm.deb
      Size/MD5 checksum:    63970 a8146a69333876298408f196c7b6de18
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_arm.deb
      Size/MD5 checksum:    39636 f3768da7d1f98159134b0d5375585567
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_arm.deb
      Size/MD5 checksum:  2171278 b728182250c04bb804c25150a1c008bc
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_arm.deb
      Size/MD5 checksum:    37320 1dbc35eb0c07bb0b19f83f002346462c
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_arm.deb
      Size/MD5 checksum:   175142 e1a4473d761f38ea9e22aeede630d8af
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_arm.deb
      Size/MD5 checksum:   250250 5be64956ab66d665a714dd889616d8a7

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_hppa.deb
      Size/MD5 checksum:    68470 75c8d1e6c3f6d20d8955178dc1f9a74d
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_hppa.deb
      Size/MD5 checksum:    43276 23d1c8cacac81c26942fb1fc91a57756
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_hppa.deb
      Size/MD5 checksum:  2173656 13c73779b34757f034a924aa72c589f3
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_hppa.deb
      Size/MD5 checksum:    39534 cc09b2a89978af3c674d3b908bac0ce6
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_hppa.deb
      Size/MD5 checksum:   202948 cd2bd9baaf5784217111a7527c085faa
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_hppa.deb
      Size/MD5 checksum:   283994 91570ebc055a4c6542369090b9c42833

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_i386.deb
      Size/MD5 checksum:    65324 27e131c923911d74c77b081081efd53b
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_i386.deb
      Size/MD5 checksum:    40372 302701e63dd3ed03f4d6df6be0ea9fda
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_i386.deb
      Size/MD5 checksum:  2171596 4df76765279396b0c35e5f08c45ed9ba
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_i386.deb
      Size/MD5 checksum:    38044 56981cfac9af7758ee3c9bfb900312e8
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_i386.deb
      Size/MD5 checksum:   159896 ae0b9dab053b2a5e14f795298b27a4dd
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_i386.deb
      Size/MD5 checksum:   255084 dce16317d32ee0c1fa89e7b881627ae3

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_ia64.deb
      Size/MD5 checksum:    81954 38e69159641cd1a96823bca6bd9dbe65
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_ia64.deb
      Size/MD5 checksum:    55336 5c9ed951a1c11eb69c99c4b896b79b8d
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_ia64.deb
      Size/MD5 checksum:  2180266 7d15c59e8b1c8514c654deab1902aed2
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_ia64.deb
      Size/MD5 checksum:    49252 9184c9e05f4bb5d42e8d837016065946
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_ia64.deb
      Size/MD5 checksum:   252442 936bbea0fb4950db7be9bb8a01164fc3
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_ia64.deb
      Size/MD5 checksum:   318470 07a022c3616a0a1b5ddc5f6acb132b50

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_m68k.deb
      Size/MD5 checksum:    62640 6315cbb887a6e57471451c8a4d930b51
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_m68k.deb
      Size/MD5 checksum:    38258 76d989cd3d071c5600d9239ec44d5e10
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_m68k.deb
      Size/MD5 checksum:  2170534 f35dcc6912fb0acd0b259acae8a9b9a2
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_m68k.deb
      Size/MD5 checksum:    35122 40b89cf394c25f79e17acc8dfb329b0d
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_m68k.deb
      Size/MD5 checksum:   146484 0098c6f52a629d5e1997ada7e752170e
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_m68k.deb
      Size/MD5 checksum:   251086 888c34801a5588dbc49f66e2acf1216a

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_mips.deb
      Size/MD5 checksum:    68062 9d6a26efae1f42e04162a5423ac317fb
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_mips.deb
      Size/MD5 checksum:    43874 f1cd8daafda6e91f288a8206d168f301
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_mips.deb
      Size/MD5 checksum:  2173058 6f5c70b355790ce6d4ff9c082e8506a3
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_mips.deb
      Size/MD5 checksum:    37682 a6706508bb4aaf8098968d60f8397be6
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_mips.deb
      Size/MD5 checksum:   195860 ea70cd36f235d4f2326307df22e06f69
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_mips.deb
      Size/MD5 checksum:   258188 9d874d790e66793797211be2a5a8ce86

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_mipsel.deb
      Size/MD5 checksum:    67650 9a9146d5667ccf4b111dd30d752f0a91
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_mipsel.deb
      Size/MD5 checksum:    43684 21fb06cf16611c12fdacdb8937ae92b1
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_mipsel.deb
      Size/MD5 checksum:  2173010 cc75d6c3f0f2fe5e597e79d547199a0f
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_mipsel.deb
      Size/MD5 checksum:    37996 3aeecfbf91fa68a8a2175ab5a1caa013
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_mipsel.deb
      Size/MD5 checksum:   192220 c612ee4b274d41ee7c7a2f7c06665958
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_mipsel.deb
      Size/MD5 checksum:   255722 66f071a933589d62c11c161a49015702

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_powerpc.deb
      Size/MD5 checksum:    69390 57c24e63fb8b9eee0ba65f82ebce29c5
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_powerpc.deb
      Size/MD5 checksum:    44732 b79f087c2d6b9a6a0443257dd664cd28
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_powerpc.deb
      Size/MD5 checksum:  2173690 c13fd5c3eb38db179db4db8a25017bd1
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_powerpc.deb
      Size/MD5 checksum:    38886 902c240c9ba87fb45d2018d6e7071b9e
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_powerpc.deb
      Size/MD5 checksum:   187852 cbfcd17a7acf154d92f2324aa6cc9bc3
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_powerpc.deb
      Size/MD5 checksum:   265522 5803d3f1b222cfd28229a2e47076bcae

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_s390.deb
      Size/MD5 checksum:    67960 8abf60927cc67e39c30af5147038457f
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_s390.deb
      Size/MD5 checksum:    43632 2087d0ad268f72be98b9c711543b4e15
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_s390.deb
      Size/MD5 checksum:  2172968 1e93b48d8eabf027a2885c44eeb2f694
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_s390.deb
      Size/MD5 checksum:    38974 15884fe049d94ea78d1392025734f719
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_s390.deb
      Size/MD5 checksum:   182844 894b86b7256a132a8c4d7ddf9adc3a0e
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_s390.deb
      Size/MD5 checksum:   270124 b804fa150e7e2c85e09ebb4fa5c15d8a

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_sparc.deb
      Size/MD5 checksum:    64742 57b8bb2c49e2eb5360b8f105ed4b9f91
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_sparc.deb
      Size/MD5 checksum:    39522 59eb16c39f5c0dd52919b5fa3b2096fb
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_sparc.deb
      Size/MD5 checksum:  2171204 d66238ca67d4f22ff1145cf9ca393d9c
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_sparc.deb
      Size/MD5 checksum:    36890 5ffe48cc0fdea294f6382f73a668fe30
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_sparc.deb
      Size/MD5 checksum:   176144 1110fde33987418132d3ee6df0990ac8
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_sparc.deb
      Size/MD5 checksum:   265558 a2096ed70b830e852a72099dc9962641


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFF7ewBXm3vHE4uyloRAp+FAKDK2+l25JCKPiiY/BJc6LCarkFLbgCfck0k
Wr6nOPT+eQ6P3Z+mSFoLA/o=
=7tJE
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ