[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

unsuscribe



Martin Schulze wrote:
> --------------------------------------------------------------------------
> Debian Security Advisory DSA 887-1                     security@debian.org
> http://www.debian.org/security/                             Martin Schulze
> November 7th, 2005                      http://www.debian.org/security/faq
> --------------------------------------------------------------------------
>
> Package        : clamav
> Vulnerability  : several
> Problem type   : remote
> Debian-specific: no
> CVE IDs        : CVE-2005-3239 CVE-2005-3303 CVE-2005-3500 CVE-2005-3501
>
> Several vulnerabilities have been discovered in Clam AntiVirus, the
> antivirus scanner for Unix, designed for integration with mail servers
> to perform attachment scanning.  The Common Vulnerabilities and
> Exposures project identifies the following problems:
>
> CVE-2005-3239
>
>     The OLE2 unpacker allows remote attackers to cause a segmentation
>     fault via a DOC file with an invalid property tree, which triggers
>     an infinite recursion.
>
> CVE-2005-3303
>
>     A specially crafted executable compressed with FSG 1.33 could
>     cause the extractor to write beyond buffer boundaries, allowing an
>     attacker to execute arbitrary code.
>
> CVE-2005-3500
>
>     A specially crafted CAB file could cause ClamAV to be locked in an
>     infinite loop and use all available processor resources, resulting
>     in a denial of service.
>
> CVE-2005-3501
>
>     A specially crafted CAB file could cause ClamAV to be locked in an
>     infinite loop and use all available processor resources, resulting
>     in a denial of service.
>
> The old stable distribution (woody) does not contain clamav packages.
>
> For the stable distribution (sarge) these problems have been fixed in
> version 0.84-2.sarge.6.
>
> For the unstable distribution (sid) these problems have been fixed in
> version 0.87.1-1.
>
> We recommend that you upgrade your clamav packages.
>
>
> Upgrade Instructions
> --------------------
>
> wget url
>         will fetch the file for you
> dpkg -i file.deb
>         will install the referenced file.
>
> If you are using the apt-get package manager, use the line for
> sources.list as given below:
>
> apt-get update
>         will update the internal database
> apt-get upgrade
>         will install corrected packages
>
> You may use an automated update by adding the resources from the
> footer to the proper configuration.
>
>
> Debian GNU/Linux 3.1 alias sarge
> --------------------------------
>
>   Source archives:
>
>    
> http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.6.dsc
>       Size/MD5 checksum:      872 dbecf7f7f16f69bdbad77a24106f7779
>    
> http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.6.diff.gz
>       Size/MD5 checksum:   177500 64ba2a8ad84cc961a564eaac4d65a642
>    
> http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84.orig.tar.gz
>       Size/MD5 checksum:  4006624 c43213da01d510faf117daa9a4d5326c
>
>   Architecture independent components:
>
>    
> http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.84-2.sarge.6_all.deb
>       Size/MD5 checksum:   154598 3a979fedbb1102fbe4c710621513ec4f
>    
> http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.84-2.sarge.6_all.deb
>       Size/MD5 checksum:   690218 4143f2f7719c3a359e9c2c7079a9674f
>    
> http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.84-2.sarge.6_all.deb
>       Size/MD5 checksum:   123568 2ac5e526c3063a704f68233a56b1d9a3
>
>   Alpha architecture:
>
>    
> http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.6_alpha.deb
>       Size/MD5 checksum:    74682 a8a3aa80c3030c5541d5444f7dfb5e39
>    
> http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.6_alpha.deb
>       Size/MD5 checksum:    48774 64a2bfb8d0578085b4e64853a2c4686f
>    
> http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.6_alpha.deb
>       Size/MD5 checksum:  2176366 88cce725133f000ca90f2db1cf05561f
>    
> http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.6_alpha.deb
>       Size/MD5 checksum:    42114 b8c7c0ca88544cdaaba1b8a397cd8d83
>    
> http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.6_alpha.deb
>       Size/MD5 checksum:   255164 b245e6b7b72e215738a9ebabd5bf81f2
>    
> http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.6_alpha.deb
>       Size/MD5 checksum:   284690 377a0ba8c870ab5bfab6fe41cf8fb123
>
>   AMD64 architecture:
>
>    
> http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.6_amd64.deb
>       Size/MD5 checksum:    68874 f5d18144c18d86fbf2151d365e55da1c
>    
> http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.6_amd64.deb
>       Size/MD5 checksum:    44190 58d96c1544570a9e54be0d24a66f8aa5
>    
> http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.6_amd64.deb
>       Size/MD5 checksum:  2173202 5d0ed5492f4e7545d7dcb1a78bcfbfa1
>    
> http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.6_amd64.deb
>       Size/MD5 checksum:    39986 356fffda8f5fd222e511a38f2ac41a9b
>    
> http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.6_amd64.deb
>       Size/MD5 checksum:   175858 10a6af108612a49dd2017bd1cc1f4f6b
>    
> http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.6_amd64.deb
>       Size/MD5 checksum:   258818 acef782c52d15b33be57f7d8fed22cdf
>
>   ARM architecture:
>
>    
> http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.6_arm.deb
>       Size/MD5 checksum:    63840 35a9525030ef7d747905c6d4e81b0173
>    
> http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.6_arm.deb
>       Size/MD5 checksum:    39518 a78e7ed137fe14172a1f6c6c3cf25d4e
>    
> http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.6_arm.deb
>       Size/MD5 checksum:  2171210 d76f65b800ecedf17ba487f89b358453
>    
> http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.6_arm.deb
>       Size/MD5 checksum:    37304 118c5156e7b6bce4c52d764ac1a4fd25
>    
> http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.6_arm.deb
>       Size/MD5 checksum:   174032 0e29d572a3e3ecc5969d87ed156782bd
>    
> http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.6_arm.deb
>       Size/MD5 checksum:   248932 0c7f9cb5b78c4b64786b12dfb6d67e33
>
>   Intel IA-32 architecture:
>
>    
> http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.6_i386.deb
>       Size/MD5 checksum:    65156 39cdd2f9a41dea19683d5b18ea13b052
>    
> http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.6_i386.deb
>       Size/MD5 checksum:    40212 768cff8dc82ac48caa234fefa17810fb
>    
> http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.6_i386.deb
>       Size/MD5 checksum:  2171510 1bb8efa16e2da68a69feaf005da43daf
>    
> http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.6_i386.deb
>       Size/MD5 checksum:    38024 63dfe7c832a43b5cb4c95a5d3c15b296
>    
> http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.6_i386.deb
>       Size/MD5 checksum:   158950 084d2af0dd69a20c9d822b7495bb1c48
>    
> http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.6_i386.deb
>       Size/MD5 checksum:   253384 9b340ea98aa2b5fe63d854d421a8d547
>
>   Intel IA-64 architecture:
>
>    
> http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.6_ia64.deb
>       Size/MD5 checksum:    81708 e98c7c19177bd2338e9f8345a67943d9
>    
> http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.6_ia64.deb
>       Size/MD5 checksum:    55092 4b67143870b597da701652a16a891bdd
>    
> http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.6_ia64.deb
>       Size/MD5 checksum:  2180086 bd0fb7f407ffdb505fe5c8fdc71788f6
>    
> http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.6_ia64.deb
>       Size/MD5 checksum:    49194 25f2909f8d4dda708b16aae5a43fc07b
>    
> http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.6_ia64.deb
>       Size/MD5 checksum:   251078 67d6352d8d21572a95699e1968cca1f1
>    
> http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.6_ia64.deb
>       Size/MD5 checksum:   316668 a2752630e4ea263c7e0e2b000d6c07ad
>
>   HP Precision architecture:
>
>    
> http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.6_hppa.deb
>       Size/MD5 checksum:    68172 0e153f8fcadd9dce7e179fe303368428
>    
> http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.6_hppa.deb
>       Size/MD5 checksum:    43238 99751465b47eff1e2056d63b7d6b7adc
>    
> http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.6_hppa.deb
>       Size/MD5 checksum:  2173618 4dc8f0a603d02ba9551da4e3e5da8b53
>    
> http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.6_hppa.deb
>       Size/MD5 checksum:    39450 7c7b9399856f59dd797ea5d72dc581a7
>    
> http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.6_hppa.deb
>       Size/MD5 checksum:   201894 1ddec9057be15b5478c3141128dc710f
>    
> http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.6_hppa.deb
>       Size/MD5 checksum:   282564 5b9fe2004960c51d85d4a5fc1c95076d
>
>   Motorola 680x0 architecture:
>
>    
> http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.6_m68k.deb
>       Size/MD5 checksum:    62458 d60ff7b83bd40ffa90777eb9f8dc5804
>    
> http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.6_m68k.deb
>       Size/MD5 checksum:    38092 359f1de5b5683ca493313083c213b5ba
>    
> http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.6_m68k.deb
>       Size/MD5 checksum:  2170446 efeb66c6c3196a646c1d9730c700e8b3
>    
> http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.6_m68k.deb
>       Size/MD5 checksum:    35074 5e0c25c92fe49c3b763ac4e29afa2d05
>    
> http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.6_m68k.deb
>       Size/MD5 checksum:   145850 c2b3fe912909a70dd0f34fc97dfd8859
>    
> http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.6_m68k.deb
>       Size/MD5 checksum:   249624 65e0f477086902569fba919f93e60ac2
>
>   Big endian MIPS architecture:
>
>    
> http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.6_mips.deb
>       Size/MD5 checksum:    67854 2fbfee6855dfcf176d2c597e28d192f3
>    
> http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.6_mips.deb
>       Size/MD5 checksum:    43674 a2d1fefc687031fddb3ef316f0ef5e6f
>    
> http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.6_mips.deb
>       Size/MD5 checksum:  2172976 e98effb47219f1ef0e9c93ecb264ff6e
>    
> http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.6_mips.deb
>       Size/MD5 checksum:    37666 13e039151e67b7a426d0c408f488765b
>    
> http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.6_mips.deb
>       Size/MD5 checksum:   194868 718cb7205eb187dd5c1094486c4f6944
>    
> http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.6_mips.deb
>       Size/MD5 checksum:   256726 9df477f6f225912ab79b60b904a2c969
>
>   Little endian MIPS architecture:
>
>    
> http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.6_mipsel.deb
>       Size/MD5 checksum:    67486 50ecc3a0b4a9615e12b2d0970a7d4bf2
>    
> http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.6_mipsel.deb
>       Size/MD5 checksum:    43500 03d76b290417cf2485da3c05335c0f23
>    
> http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.6_mipsel.deb
>       Size/MD5 checksum:  2172918 1fb7cc15ff3148cfaa9b5f6a31c4da0e
>    
> http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.6_mipsel.deb
>       Size/MD5 checksum:    37954 fd7aeaf932e955edcc5458c8d4ce1ced
>    
> http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.6_mipsel.deb
>       Size/MD5 checksum:   191144 935057c7cf3a879179b009833cf9d256
>    
> http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.6_mipsel.deb
>       Size/MD5 checksum:   254270 806fdfdf35fb3ad77c2212c93f244502
>
>   PowerPC architecture:
>
>    
> http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.6_powerpc.deb
>       Size/MD5 checksum:    69246 3bd6270011341bb71acab16c564c7510
>    
> http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.6_powerpc.deb
>       Size/MD5 checksum:    44606 9a95ee4c1f44e3cf6e01f51b45c13ef9
>    
> http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.6_powerpc.deb
>       Size/MD5 checksum:  2173582 c1fbeccbf7d5b9edb5fefef2c9b56d07
>    
> http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.6_powerpc.deb
>       Size/MD5 checksum:    38896 f5182a4b59a71aef47798511a7c6207e
>    
> http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.6_powerpc.deb
>       Size/MD5 checksum:   187062 dd3887d23e68b5ea9c07c461fbad25d8
>    
> http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.6_powerpc.deb
>       Size/MD5 checksum:   263932 de1915d7be9617f31865ea365d4b4fb3
>
>   IBM S/390 architecture:
>
>    
> http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.6_s390.deb
>       Size/MD5 checksum:    67788 62ebbbd7ee24ed35453302724519a643
>    
> http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.6_s390.deb
>       Size/MD5 checksum:    43430 cece7b99db1d38b7148546af3def9cb4
>    
> http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.6_s390.deb
>       Size/MD5 checksum:  2172866 48faee149dbaae1a1d85a661a825492e
>    
> http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.6_s390.deb
>       Size/MD5 checksum:    38938 485d907f498854e3bd85534196dc1b8f
>    
> http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.6_s390.deb
>       Size/MD5 checksum:   182184 744d54adafa399cd199603e744adda9f
>    
> http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.6_s390.deb
>       Size/MD5 checksum:   268750 92ba1e3b3bb26cfb7dbf1dd5b05af81a
>
>   Sun Sparc architecture:
>
>    
> http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.6_sparc.deb
>       Size/MD5 checksum:    64326 0e18c3ec2b79c481b7022291db62e783
>    
> http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.6_sparc.deb
>       Size/MD5 checksum:    39390 35c05a770994ead441702f284c3c49f4
>    
> http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.6_sparc.deb
>       Size/MD5 checksum:  2171066 0b5d93a20422101929c1f8cccbd796b9
>    
> http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.6_sparc.deb
>       Size/MD5 checksum:    36848 9f8b1bdd483acbd1c6f4b501f318854b
>    
> http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.6_sparc.deb
>       Size/MD5 checksum:   175268 8fa22ccba8fc0c515867aa77ec0d88ce
>    
> http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.6_sparc.deb
>       Size/MD5 checksum:   264088 901bf68a7cf92b942844c4174c06971c
>
>
>   These files will probably be moved into the stable distribution on
>   its next update.
>
> ---------------------------------------------------------------------------------
> For apt-get: deb http://security.debian.org/ stable/updates main
> For dpkg-ftp: ftp://security.debian.org/debian-security
> dists/stable/updates/main
> Mailing list: debian-security-announce@lists.debian.org
> Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
>



	
	
		
______________________________________________ 
Renovamos el Correo Yahoo! 
Nuevos servicios, más seguridad 
http://correo.yahoo.es



Reply to: