lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20081202222025.GH25309@outflux.net>
Date: Tue, 2 Dec 2008 14:20:25 -0800
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-684-1] ClamAV vulnerability

===========================================================
Ubuntu Security Notice USN-684-1          December 02, 2008
clamav vulnerability
https://bugs.launchpad.net/bugs/304017
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.10:
  libclamav5                      0.94.dfsg.2-1ubuntu0.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Ilja van Sprundel discovered that ClamAV did not handle recursive JPEG
information.  If a remote attacker sent a specially crafted JPEG file,
ClamAV would crash, leading to a denial of service.


Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.1.diff.gz
      Size/MD5:   159258 35b619fff489b7fdbfacd86170572cfa
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.1.dsc
      Size/MD5:     1545 d35181ceb4a8b93aa8ef3d80f424a52e
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.94.dfsg.2.orig.tar.gz
      Size/MD5: 22073819 7b45b0c54b887b23cb49e4bff807cf58

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-base_0.94.dfsg.2-1ubuntu0.1_all.deb
      Size/MD5: 19497162 d2d7052e4859a66f9556a33839be072b
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-docs_0.94.dfsg.2-1ubuntu0.1_all.deb
      Size/MD5:  1077346 0c0e57cf0a6d5004611621c81d158b3e
    http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-testfiles_0.94.dfsg.2-1ubuntu0.1_all.deb
      Size/MD5:   208058 8dd86c35b97cfa0c111ec6a99f90d7b4

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-daemon_0.94.dfsg.2-1ubuntu0.1_amd64.deb
      Size/MD5:   239628 465bacd5ebfec386196f83b90c59b1d5
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-dbg_0.94.dfsg.2-1ubuntu0.1_amd64.deb
      Size/MD5:   914866 309f142bd797da5b06bae9f3273c729a
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1ubuntu0.1_amd64.deb
      Size/MD5:   255448 b28942a9a6ecd5b09eea78f22f56658c
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.1_amd64.deb
      Size/MD5:   235612 d7fc1fbc5112f2b8b4bb81f26f8495bd
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav-dev_0.94.dfsg.2-1ubuntu0.1_amd64.deb
      Size/MD5:   573860 1a499485cdee3a5ed728fdb115d4708e
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav5_0.94.dfsg.2-1ubuntu0.1_amd64.deb
      Size/MD5:   538626 f1ec69b8d9bc15cf1b6ab9b483b37568
    http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-milter_0.94.dfsg.2-1ubuntu0.1_amd64.deb
      Size/MD5:   232722 4abb421ae13f2c04ccf7e975d68344f1

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-daemon_0.94.dfsg.2-1ubuntu0.1_i386.deb
      Size/MD5:   233172 1e14e971a76712c4a38d3250e3f84a4f
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-dbg_0.94.dfsg.2-1ubuntu0.1_i386.deb
      Size/MD5:   849368 dc7e8747a2f1b40db10fd3dfa80d6d8f
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1ubuntu0.1_i386.deb
      Size/MD5:   253682 2dfbb18dbe45b97fe537e440c86079f0
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.1_i386.deb
      Size/MD5:   232686 f5fc69f35bb5206e6f3f1802eab27b87
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav-dev_0.94.dfsg.2-1ubuntu0.1_i386.deb
      Size/MD5:   541856 cc9e3b0f262968372c5cdf8b62606280
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav5_0.94.dfsg.2-1ubuntu0.1_i386.deb
      Size/MD5:   524410 2d1f9e712a3ef57c99434469a584f38d
    http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-milter_0.94.dfsg.2-1ubuntu0.1_i386.deb
      Size/MD5:   229260 280079fa42c8ff6a18a8fd1406956f3c

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/c/clamav/clamav-daemon_0.94.dfsg.2-1ubuntu0.1_lpia.deb
      Size/MD5:   232694 509ca94dd8ba239e70df349015eab8b6
    http://ports.ubuntu.com/pool/main/c/clamav/clamav-dbg_0.94.dfsg.2-1ubuntu0.1_lpia.deb
      Size/MD5:   866262 636afb92077246666719c22544dda5bd
    http://ports.ubuntu.com/pool/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1ubuntu0.1_lpia.deb
      Size/MD5:   253738 0581fb06ce78fd9a2d1e2d81cfa95e87
    http://ports.ubuntu.com/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.1_lpia.deb
      Size/MD5:   232232 7e301b68901a3435da4768b2845bf61d
    http://ports.ubuntu.com/pool/main/c/clamav/libclamav-dev_0.94.dfsg.2-1ubuntu0.1_lpia.deb
      Size/MD5:   543754 bd8453f227ae9bebcec4fb41b9e9d427
    http://ports.ubuntu.com/pool/main/c/clamav/libclamav5_0.94.dfsg.2-1ubuntu0.1_lpia.deb
      Size/MD5:   527060 b903aa2ec89a2b3c327e170f3b23e021
    http://ports.ubuntu.com/pool/universe/c/clamav/clamav-milter_0.94.dfsg.2-1ubuntu0.1_lpia.deb
      Size/MD5:   229286 d2af0a51fa4beb6eb3045f2dfa3abe9e

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/c/clamav/clamav-daemon_0.94.dfsg.2-1ubuntu0.1_powerpc.deb
      Size/MD5:   242896 a8a6f8ef5d43b0856cb250879b6d741d
    http://ports.ubuntu.com/pool/main/c/clamav/clamav-dbg_0.94.dfsg.2-1ubuntu0.1_powerpc.deb
      Size/MD5:   903632 275eb13f4b9caa6ab4089aa0d8e97b24
    http://ports.ubuntu.com/pool/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1ubuntu0.1_powerpc.deb
      Size/MD5:   258198 2109d15b9bcb4cedeb380ac295c26364
    http://ports.ubuntu.com/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.1_powerpc.deb
      Size/MD5:   240246 c373dfb0ec6bd9539575aad28310a5ae
    http://ports.ubuntu.com/pool/main/c/clamav/libclamav-dev_0.94.dfsg.2-1ubuntu0.1_powerpc.deb
      Size/MD5:   613886 8a59e0abf3597d1c13ffa47ee0700b48
    http://ports.ubuntu.com/pool/main/c/clamav/libclamav5_0.94.dfsg.2-1ubuntu0.1_powerpc.deb
      Size/MD5:   554872 992aa23fb6ed82684c8325743e366947
    http://ports.ubuntu.com/pool/universe/c/clamav/clamav-milter_0.94.dfsg.2-1ubuntu0.1_powerpc.deb
      Size/MD5:   232832 36d93e39e3f1f74dde643bc78e38c4a7

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/c/clamav/clamav-daemon_0.94.dfsg.2-1ubuntu0.1_sparc.deb
      Size/MD5:   232694 22f99a7b96cf3ab8749316cb3256b168
    http://ports.ubuntu.com/pool/main/c/clamav/clamav-dbg_0.94.dfsg.2-1ubuntu0.1_sparc.deb
      Size/MD5:   836388 a2eb3d95d9a6254db4d7375844f18f57
    http://ports.ubuntu.com/pool/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1ubuntu0.1_sparc.deb
      Size/MD5:   252954 b21baca5066e5e27a8b8154cc17b9d2c
    http://ports.ubuntu.com/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.1_sparc.deb
      Size/MD5:   233100 3c0b967b8a11e701698a1099a171ee82
    http://ports.ubuntu.com/pool/main/c/clamav/libclamav-dev_0.94.dfsg.2-1ubuntu0.1_sparc.deb
      Size/MD5:   577734 05eb85bfb1a2ac3b223eba160167c7e2
    http://ports.ubuntu.com/pool/main/c/clamav/libclamav5_0.94.dfsg.2-1ubuntu0.1_sparc.deb
      Size/MD5:   543454 09533df800dafec77af220c81897cb0e
    http://ports.ubuntu.com/pool/universe/c/clamav/clamav-milter_0.94.dfsg.2-1ubuntu0.1_sparc.deb
      Size/MD5:   230206 5abbd9810492e866183bb1033a284b18


Download attachment "signature.asc" of type "application/pgp-signature" (236 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ