[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20101210014315.GE2776@nxnw.org>
Date: Thu, 9 Dec 2010 17:43:15 -0800
From: Steve Beattie <sbeattie@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-1031-1] ClamAV vulnerabilities
===========================================================
Ubuntu Security Notice USN-1031-1 December 10, 2010
clamav vulnerabilities
CVE-2010-4260, CVE-2010-4261, CVE-2010-4479
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 10.04 LTS
Ubuntu 10.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 10.04 LTS:
libclamav6 0.96.3+dfsg-2ubuntu1.0.10.04.2
Ubuntu 10.10:
libclamav6 0.96.3+dfsg-2ubuntu1.2
In general, a standard system update will make all the necessary changes.
Details follow:
Arkadiusz Miskiewicz and others discovered that the PDF processing
code in libclamav improperly validated input. This could allow a
remote attacker to craft a PDF document that could crash clamav or
possibly execute arbitrary code. (CVE-2010-4260, CVE-2010-4479)
It was discovered that an off-by-one error in the icon_cb function
in pe_icons.c in libclamav could allow an attacker to corrupt
memory, causing clamav to crash or possibly execute arbitrary code.
(CVE-2010-4261)
In the default installation, attackers would be isolated by the
clamav AppArmor profile.
Updated packages for Ubuntu 10.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.96.3+dfsg-2ubuntu1.0.10.04.2.diff.gz
Size/MD5: 284066 72a7c4ff80f395c5dc8e4e7acd6fcd39
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.96.3+dfsg-2ubuntu1.0.10.04.2.dsc
Size/MD5: 2323 d1d47147356bfaf610c993b8a9ed0530
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.96.3+dfsg.orig.tar.gz
Size/MD5: 40572329 730c1af9badcee2bce4bbaf1cf8ea20a
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-base_0.96.3+dfsg-2ubuntu1.0.10.04.2_all.deb
Size/MD5: 297088 745b7132479daa4dbdc5ca6cc023e0b2
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-docs_0.96.3+dfsg-2ubuntu1.0.10.04.2_all.deb
Size/MD5: 1295426 b03dae836f5cdf461c3a5f6a98a7363f
http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-testfiles_0.96.3+dfsg-2ubuntu1.0.10.04.2_all.deb
Size/MD5: 5257088 aa5604ebd0f1e4646ce5d9e056513d11
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-daemon_0.96.3+dfsg-2ubuntu1.0.10.04.2_amd64.deb
Size/MD5: 424096 28c2f45042aafbf487e59ce679327bb3
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-dbg_0.96.3+dfsg-2ubuntu1.0.10.04.2_amd64.deb
Size/MD5: 22343058 abe9dff9f24f9f9b6b9f9faf5be2936b
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-freshclam_0.96.3+dfsg-2ubuntu1.0.10.04.2_amd64.deb
Size/MD5: 313300 e88ecbee6c0f900b5854b2c1ca9b0771
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.96.3+dfsg-2ubuntu1.0.10.04.2_amd64.deb
Size/MD5: 335490 6d0081c84e0f46ee73bbf452309c03a3
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav-dev_0.96.3+dfsg-2ubuntu1.0.10.04.2_amd64.deb
Size/MD5: 217914 11b54c1f926069a93149ce28b7cf5325
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav6_0.96.3+dfsg-2ubuntu1.0.10.04.2_amd64.deb
Size/MD5: 3898290 0bd7e669232378b4b83a8bfdd0c8d716
http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-milter_0.96.3+dfsg-2ubuntu1.0.10.04.2_amd64.deb
Size/MD5: 345108 843a766d2909777cc88ccbf03468a6fa
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-daemon_0.96.3+dfsg-2ubuntu1.0.10.04.2_i386.deb
Size/MD5: 410854 416f5d73612e5d37fbb904bb80dffb49
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-dbg_0.96.3+dfsg-2ubuntu1.0.10.04.2_i386.deb
Size/MD5: 22043342 aa53f5f25b3a28b22315e17544bd7a6d
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-freshclam_0.96.3+dfsg-2ubuntu1.0.10.04.2_i386.deb
Size/MD5: 308344 d090653db3483820420e465513b7d858
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.96.3+dfsg-2ubuntu1.0.10.04.2_i386.deb
Size/MD5: 327348 4cdcc06e3cfb9c241c7d6f560963116b
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav-dev_0.96.3+dfsg-2ubuntu1.0.10.04.2_i386.deb
Size/MD5: 218084 752cc79037d5f08df096c528bc7eb8b6
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav6_0.96.3+dfsg-2ubuntu1.0.10.04.2_i386.deb
Size/MD5: 3751526 c6dc2280d050c37f1f82ce62ba612cac
http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-milter_0.96.3+dfsg-2ubuntu1.0.10.04.2_i386.deb
Size/MD5: 338432 7156843fc6e5b7087d1fba58177ee81f
armel architecture (ARM Architecture):
http://ports.ubuntu.com/pool/main/c/clamav/clamav-daemon_0.96.3+dfsg-2ubuntu1.0.10.04.2_armel.deb
Size/MD5: 406882 b19ca9fc2963a4fe76940587ca7f8442
http://ports.ubuntu.com/pool/main/c/clamav/clamav-dbg_0.96.3+dfsg-2ubuntu1.0.10.04.2_armel.deb
Size/MD5: 1495938 235245876f8a1fd659ad3696e0b8cff0
http://ports.ubuntu.com/pool/main/c/clamav/clamav-freshclam_0.96.3+dfsg-2ubuntu1.0.10.04.2_armel.deb
Size/MD5: 309068 4901391a555ca3b99facd67598e3ef63
http://ports.ubuntu.com/pool/main/c/clamav/clamav_0.96.3+dfsg-2ubuntu1.0.10.04.2_armel.deb
Size/MD5: 325884 8a8c68c7bef2a417c05140649aabb9e7
http://ports.ubuntu.com/pool/main/c/clamav/libclamav-dev_0.96.3+dfsg-2ubuntu1.0.10.04.2_armel.deb
Size/MD5: 217988 af08d9ccb28d785bd3067cee79f2d342
http://ports.ubuntu.com/pool/main/c/clamav/libclamav6_0.96.3+dfsg-2ubuntu1.0.10.04.2_armel.deb
Size/MD5: 692904 0a11d55c4b11b7c4b6fde5b7ae283f96
http://ports.ubuntu.com/pool/universe/c/clamav/clamav-milter_0.96.3+dfsg-2ubuntu1.0.10.04.2_armel.deb
Size/MD5: 338696 3956ef9d6b6a60777ac474f39594f5b7
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/c/clamav/clamav-daemon_0.96.3+dfsg-2ubuntu1.0.10.04.2_powerpc.deb
Size/MD5: 424978 52b56412f9313f830a49e6730f7bb4f1
http://ports.ubuntu.com/pool/main/c/clamav/clamav-dbg_0.96.3+dfsg-2ubuntu1.0.10.04.2_powerpc.deb
Size/MD5: 21946304 dadb3d6e3edd3d878c23043e0b3584d8
http://ports.ubuntu.com/pool/main/c/clamav/clamav-freshclam_0.96.3+dfsg-2ubuntu1.0.10.04.2_powerpc.deb
Size/MD5: 312588 525bf79e6f80fa681de6e53a177fe4c8
http://ports.ubuntu.com/pool/main/c/clamav/clamav_0.96.3+dfsg-2ubuntu1.0.10.04.2_powerpc.deb
Size/MD5: 332978 b5e3e48ab070066931c15f0f9843b71c
http://ports.ubuntu.com/pool/main/c/clamav/libclamav-dev_0.96.3+dfsg-2ubuntu1.0.10.04.2_powerpc.deb
Size/MD5: 217914 7dd955a186cb8879aa479dd624b9f83a
http://ports.ubuntu.com/pool/main/c/clamav/libclamav6_0.96.3+dfsg-2ubuntu1.0.10.04.2_powerpc.deb
Size/MD5: 3694500 19f57c2f9c3330de8403f95ed26bd89a
http://ports.ubuntu.com/pool/universe/c/clamav/clamav-milter_0.96.3+dfsg-2ubuntu1.0.10.04.2_powerpc.deb
Size/MD5: 346032 4dcf3621752746f0683e88cfae681f98
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/c/clamav/clamav-daemon_0.96.3+dfsg-2ubuntu1.0.10.04.2_sparc.deb
Size/MD5: 417504 47562db771ffce66d1e33b023815529b
http://ports.ubuntu.com/pool/main/c/clamav/clamav-dbg_0.96.3+dfsg-2ubuntu1.0.10.04.2_sparc.deb
Size/MD5: 1521812 7e2834b60264a9944b54182dd66d2644
http://ports.ubuntu.com/pool/main/c/clamav/clamav-freshclam_0.96.3+dfsg-2ubuntu1.0.10.04.2_sparc.deb
Size/MD5: 310268 09362fd78f8dd8aa40bf8d638f7e953c
http://ports.ubuntu.com/pool/main/c/clamav/clamav_0.96.3+dfsg-2ubuntu1.0.10.04.2_sparc.deb
Size/MD5: 330544 243c260c46b4786b22a831feca6c22a6
http://ports.ubuntu.com/pool/main/c/clamav/libclamav-dev_0.96.3+dfsg-2ubuntu1.0.10.04.2_sparc.deb
Size/MD5: 217912 140f98988be6715168cf7f5422ab6f76
http://ports.ubuntu.com/pool/main/c/clamav/libclamav6_0.96.3+dfsg-2ubuntu1.0.10.04.2_sparc.deb
Size/MD5: 772802 dd43c6b2029227a726eb3f5ab90e944a
http://ports.ubuntu.com/pool/universe/c/clamav/clamav-milter_0.96.3+dfsg-2ubuntu1.0.10.04.2_sparc.deb
Size/MD5: 343194 6e4b332cb4162cd29895a4b5171d2abd
Updated packages for Ubuntu 10.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.96.3+dfsg-2ubuntu1.2.diff.gz
Size/MD5: 291139 9ce8ad8427f113d6e329a3c3812d68c0
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.96.3+dfsg-2ubuntu1.2.dsc
Size/MD5: 2291 337c8ca91f8956bb01144d4bf3f13609
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.96.3+dfsg.orig.tar.gz
Size/MD5: 40572329 730c1af9badcee2bce4bbaf1cf8ea20a
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-base_0.96.3+dfsg-2ubuntu1.2_all.deb
Size/MD5: 299354 0702fd8ea1c31955e8fc797ae87c46b2
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-docs_0.96.3+dfsg-2ubuntu1.2_all.deb
Size/MD5: 1288682 882a0315fe510542baab00e77d557a78
http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-testfiles_0.96.3+dfsg-2ubuntu1.2_all.deb
Size/MD5: 5257128 6e78e746dcee221c2e95bc4dfa05f362
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-daemon_0.96.3+dfsg-2ubuntu1.2_amd64.deb
Size/MD5: 423112 f64bda3984cd1f8b760f5da57d3bca92
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-dbg_0.96.3+dfsg-2ubuntu1.2_amd64.deb
Size/MD5: 22417984 963e7c2edb60496ca072725e539e5b41
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-freshclam_0.96.3+dfsg-2ubuntu1.2_amd64.deb
Size/MD5: 311226 0a361a85a35b6650d00fbe84c5a7580a
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.96.3+dfsg-2ubuntu1.2_amd64.deb
Size/MD5: 334098 32f9b98511150530ad007a7c93c40386
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav-dev_0.96.3+dfsg-2ubuntu1.2_amd64.deb
Size/MD5: 217926 e1c3ab677049300717250e3908666cd1
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav6_0.96.3+dfsg-2ubuntu1.2_amd64.deb
Size/MD5: 3922972 35138e4e10a58348be364e5b19ea5df9
http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-milter_0.96.3+dfsg-2ubuntu1.2_amd64.deb
Size/MD5: 342886 de12b75256683c846f2919c696c71887
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-daemon_0.96.3+dfsg-2ubuntu1.2_i386.deb
Size/MD5: 410320 a7060679083c339a102a767ed2a3d9f7
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-dbg_0.96.3+dfsg-2ubuntu1.2_i386.deb
Size/MD5: 21960252 d96e86f0a3d8cddd55cfc3bea3ef3daf
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-freshclam_0.96.3+dfsg-2ubuntu1.2_i386.deb
Size/MD5: 310040 a482134aedc49b9a7eff0186fb6035cd
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.96.3+dfsg-2ubuntu1.2_i386.deb
Size/MD5: 327554 f969082370c05ca79fcaf44062adebee
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav-dev_0.96.3+dfsg-2ubuntu1.2_i386.deb
Size/MD5: 217872 8f719985193939a25b03473bfbbcb952
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav6_0.96.3+dfsg-2ubuntu1.2_i386.deb
Size/MD5: 3725056 58b1925563125ea7eddb29731d27374a
http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-milter_0.96.3+dfsg-2ubuntu1.2_i386.deb
Size/MD5: 340596 10c0a5c04be3d339c5301df687cb7487
armel architecture (ARM Architecture):
http://ports.ubuntu.com/pool/main/c/clamav/clamav-daemon_0.96.3+dfsg-2ubuntu1.2_armel.deb
Size/MD5: 416402 e22a834a33f2d363598865896256c192
http://ports.ubuntu.com/pool/main/c/clamav/clamav-dbg_0.96.3+dfsg-2ubuntu1.2_armel.deb
Size/MD5: 1530710 01fd1a616c74c7612913b3cc8a875395
http://ports.ubuntu.com/pool/main/c/clamav/clamav-freshclam_0.96.3+dfsg-2ubuntu1.2_armel.deb
Size/MD5: 308092 4a743b08c9a1c8ad4ec79a6455334486
http://ports.ubuntu.com/pool/main/c/clamav/clamav_0.96.3+dfsg-2ubuntu1.2_armel.deb
Size/MD5: 328372 0ca2551f95b67a8af4c285e36b1efc50
http://ports.ubuntu.com/pool/main/c/clamav/libclamav-dev_0.96.3+dfsg-2ubuntu1.2_armel.deb
Size/MD5: 217954 db4b7c26334bc6f9a48af201f3c8ce53
http://ports.ubuntu.com/pool/main/c/clamav/libclamav6_0.96.3+dfsg-2ubuntu1.2_armel.deb
Size/MD5: 762684 87f79650eea51f5bca7953b4108f44c7
http://ports.ubuntu.com/pool/universe/c/clamav/clamav-milter_0.96.3+dfsg-2ubuntu1.2_armel.deb
Size/MD5: 341370 f941f44011e8220f1a1369e575ca8511
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/c/clamav/clamav-daemon_0.96.3+dfsg-2ubuntu1.2_powerpc.deb
Size/MD5: 423734 a3cba413ddba7c8c869ef1052695d72f
http://ports.ubuntu.com/pool/main/c/clamav/clamav-dbg_0.96.3+dfsg-2ubuntu1.2_powerpc.deb
Size/MD5: 21943056 c945d37dfdc2f90cfdd3afa9e13770ff
http://ports.ubuntu.com/pool/main/c/clamav/clamav-freshclam_0.96.3+dfsg-2ubuntu1.2_powerpc.deb
Size/MD5: 312116 f75d13c70a666b6c50c94f11d8fc5fc7
http://ports.ubuntu.com/pool/main/c/clamav/clamav_0.96.3+dfsg-2ubuntu1.2_powerpc.deb
Size/MD5: 332152 9875d25fd10e30aa1caa97274fc6490c
http://ports.ubuntu.com/pool/main/c/clamav/libclamav-dev_0.96.3+dfsg-2ubuntu1.2_powerpc.deb
Size/MD5: 217878 dd01a33de40da567649a02f9bee20135
http://ports.ubuntu.com/pool/main/c/clamav/libclamav6_0.96.3+dfsg-2ubuntu1.2_powerpc.deb
Size/MD5: 3689510 ff8cd6d3eb28b66036db5ada5629cd7e
http://ports.ubuntu.com/pool/universe/c/clamav/clamav-milter_0.96.3+dfsg-2ubuntu1.2_powerpc.deb
Size/MD5: 345698 af4e9a8d36665dce94083e6c499ffdb3
Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists