[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 1050-1] New ClamAV packages fix denial of service or arbitrary code execution

I've updated clamav on server2 and updated tripwire

Stay safe

Joel

Martin Schulze wrote:
> --------------------------------------------------------------------------
> Debian Security Advisory DSA 1050-1                    security@debian.org
> http://www.debian.org/security/                             Martin Schulze
> May 2nd, 2006                           http://www.debian.org/security/faq
> --------------------------------------------------------------------------
> 
> Package        : clamav
> Vulnerability  : buffer overflow
> Problem type   : remote
> Debian-specific: no
> CVE ID         : CVE-2006-1989
> BugTraq ID     : 17754
> 
> Ulf Härnhammar and an anonymous researcher from Germany discovered a
> vulnerability in the protocol code of freshclam, a command line
> utility responsible for downloading and installing virus signature
> updates for ClamAV, the antivirus scanner for Unix.  This could lead
> to a denial of service or potentially the execution of arbitrary code.
> 
> The old stable distribution (woody) does not contain clamav packages.
> 
> For the stable distribution (sarge) this problem has been fixed in
> version 0.84-2.sarge.9.
> 
> For the unstable distribution (sid) this problem has been fixed in
> version 0.88.2-1.
> 
> We recommend that you upgrade your clamav packages.
> 
> 
> Upgrade Instructions
> --------------------
> 
> wget url
>         will fetch the file for you
> dpkg -i file.deb
>         will install the referenced file.
> 
> If you are using the apt-get package manager, use the line for
> sources.list as given below:
> 
> apt-get update
>         will update the internal database
> apt-get upgrade
>         will install corrected packages
> 
> You may use an automated update by adding the resources from the
> footer to the proper configuration.
> 
> 
> Debian GNU/Linux 3.1 alias sarge
> --------------------------------
> 
>   Source archives:
> 
>     http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9.dsc
>       Size/MD5 checksum:      876 943e000ec0e1286a3dbdf29df42d2079
>     http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9.diff.gz
>       Size/MD5 checksum:   176085 5e83632aca0a41e5e9e666d7dc9bddb1
>     http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84.orig.tar.gz
>       Size/MD5 checksum:  4006624 c43213da01d510faf117daa9a4d5326c
> 
>   Architecture independent components:
> 
>     http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.84-2.sarge.9_all.deb
>       Size/MD5 checksum:   154874 583075812746d50b00cf393f91cf6268
>     http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.84-2.sarge.9_all.deb
>       Size/MD5 checksum:   690472 154f6c262b9525573acbc7d63c0fc58a
>     http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.84-2.sarge.9_all.deb
>       Size/MD5 checksum:   123852 431264c393cbf721d11a4c17b465984c
> 
>   Alpha architecture:
> 
>     http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9_alpha.deb
>       Size/MD5 checksum:    74762 c0841b5ad9c30a0e1ab5bc852a5b4df5
>     http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.9_alpha.deb
>       Size/MD5 checksum:    48832 ca0177b0ad40dab6ebd5e2482dccff0c
>     http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.9_alpha.deb
>       Size/MD5 checksum:  2176472 9c55170dba238d910e2a76a9b9a0f90e
>     http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.9_alpha.deb
>       Size/MD5 checksum:    42110 91038c466a5d7da73ec408edf1d79079
>     http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.9_alpha.deb
>       Size/MD5 checksum:   255658 4018f5b3119dbe0a046bd3ef0eea7f5d
>     http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.9_alpha.deb
>       Size/MD5 checksum:   285526 dc76ca7e4f9334b55b8552e6de6144a7
> 
>   AMD64 architecture:
> 
>     http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9_amd64.deb
>       Size/MD5 checksum:    68840 f129489350c5dd3b700f10eae2e41e74
>     http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.9_amd64.deb
>       Size/MD5 checksum:    44172 dfab3e90cb2948c876a66f34688a8e54
>     http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.9_amd64.deb
>       Size/MD5 checksum:  2173250 bc5b91cd655eea9f62d9c997a4f33d0e
>     http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.9_amd64.deb
>       Size/MD5 checksum:    40002 003163f47600d0992a6c6d445919e2a5
>     http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.9_amd64.deb
>       Size/MD5 checksum:   176418 530c4ae72744122635ca79305d7624c8
>     http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.9_amd64.deb
>       Size/MD5 checksum:   259640 252a1582028a3a931d7535bcd6c08a93
> 
>   ARM architecture:
> 
>     http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9_arm.deb
>       Size/MD5 checksum:    63908 daadbd0ec8dd6bbbe0efb7dea8c7c862
>     http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.9_arm.deb
>       Size/MD5 checksum:    39588 033e2e0cfcc9bff7560beb8a98c6d07b
>     http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.9_arm.deb
>       Size/MD5 checksum:  2171286 19e45af806dc2d39dbf2facc99e71414
>     http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.9_arm.deb
>       Size/MD5 checksum:    37304 8918504ae9fe175df5e403248df27184
>     http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.9_arm.deb
>       Size/MD5 checksum:   174796 ecb5d13c843235495b25cfb422dcdd1e
>     http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.9_arm.deb
>       Size/MD5 checksum:   249614 68a25e96c65651a742a3cdea82b6e4dc
> 
>   Intel IA-32 architecture:
> 
>     http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9_i386.deb
>       Size/MD5 checksum:    65208 499c59767ffef73b2e466d0ad355acd9
>     http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.9_i386.deb
>       Size/MD5 checksum:    40312 5c1197cfd1d386259090acd018a09d1d
>     http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.9_i386.deb
>       Size/MD5 checksum:  2171586 18efe0dffbe399b65f6109cf64fb4ebc
>     http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.9_i386.deb
>       Size/MD5 checksum:    38026 e2ea6a0007d4cb3eb89a677ced6237d0
>     http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.9_i386.deb
>       Size/MD5 checksum:   159514 07dc6d59c3ca44802a884ba57295f25c
>     http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.9_i386.deb
>       Size/MD5 checksum:   254212 8f0ac53bb73ab04cace56dacbd1f7385
> 
>   Intel IA-64 architecture:
> 
>     http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9_ia64.deb
>       Size/MD5 checksum:    81806 2f5e60307573c83948b364aba0b902d7
>     http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.9_ia64.deb
>       Size/MD5 checksum:    55248 b0836a06803e2817c62a2fb0e44bbdf2
>     http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.9_ia64.deb
>       Size/MD5 checksum:  2180260 67d516ba4de63b2df9a2f22ea09977cc
>     http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.9_ia64.deb
>       Size/MD5 checksum:    49196 eef0faa8458ad343723b2ad5ab20b85d
>     http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.9_ia64.deb
>       Size/MD5 checksum:   252022 44ae4643b97df4c60fc9344e978ed301
>     http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.9_ia64.deb
>       Size/MD5 checksum:   317594 792d635c17661ff30a98002bcbf28c20
> 
>   HP Precision architecture:
> 
>     http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9_hppa.deb
>       Size/MD5 checksum:    68278 e6ae93d179cf42dff2e3e21f73b791d8
>     http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.9_hppa.deb
>       Size/MD5 checksum:    43294 aca3a82514944bd64fe592f4c82fd3ee
>     http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.9_hppa.deb
>       Size/MD5 checksum:  2173750 e75c6299f3bcebf2fde0152a97964fd5
>     http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.9_hppa.deb
>       Size/MD5 checksum:    39444 1bcd721e1d64f1dd87d210e67dd03c8a
>     http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.9_hppa.deb
>       Size/MD5 checksum:   202610 6de992b66d479fc91ab9c7f2ce241fe8
>     http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.9_hppa.deb
>       Size/MD5 checksum:   283332 b53830c42ec5c4b4cc2f75804ee33165
> 
>   Motorola 680x0 architecture:
> 
>     http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9_m68k.deb
>       Size/MD5 checksum:    62522 b64d3b425ff4a76e45a1ad3fda52ac93
>     http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.9_m68k.deb
>       Size/MD5 checksum:    38206 14a9a4a27a4b09153cce7adf167e3832
>     http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.9_m68k.deb
>       Size/MD5 checksum:  2170544 eda974d6e3d676f4eaffb82a73548b89
>     http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.9_m68k.deb
>       Size/MD5 checksum:    35058 04b9394b533707237f58a402339cd84f
>     http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.9_m68k.deb
>       Size/MD5 checksum:   146258 5ea523a7dbf19ff9d9d01b4ad8f31f39
>     http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.9_m68k.deb
>       Size/MD5 checksum:   250356 1954573109230d4898760c36a3c87ba4
> 
>   Big endian MIPS architecture:
> 
>     http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9_mips.deb
>       Size/MD5 checksum:    67950 27a6b985d95bb70281ad7cd842770170
>     http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.9_mips.deb
>       Size/MD5 checksum:    43798 c802171f2f84f4f14ef1a720ecbb8aa7
>     http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.9_mips.deb
>       Size/MD5 checksum:  2173032 7aa9e633b0962f5ab86ee11fb7c3974a
>     http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.9_mips.deb
>       Size/MD5 checksum:    37668 dec8e08fd9996962a93a1c3d752be4f0
>     http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.9_mips.deb
>       Size/MD5 checksum:   195430 3e94e63724ef9c2dd11a59648f4b5c97
>     http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.9_mips.deb
>       Size/MD5 checksum:   257462 ef59f02caa5d95c70b85022ea788bfa3
> 
>   Little endian MIPS architecture:
> 
>     http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9_mipsel.deb
>       Size/MD5 checksum:    67556 a8f18eb0565bba5c75370ff92ac78f38
>     http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.9_mipsel.deb
>       Size/MD5 checksum:    43580 59d814309d704ff91e9e07d492cc7167
>     http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.9_mipsel.deb
>       Size/MD5 checksum:  2172984 cb6babbbb93113c91190757557209803
>     http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.9_mipsel.deb
>       Size/MD5 checksum:    37966 e87c71e23e8ccd7c1250c2338dafc9ea
>     http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.9_mipsel.deb
>       Size/MD5 checksum:   191864 cdaf87930502971bfb89860cdef54ac1
>     http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.9_mipsel.deb
>       Size/MD5 checksum:   255070 50e2c374bd3bcb15ff980e1fb3251f7b
> 
>   PowerPC architecture:
> 
>     http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9_powerpc.deb
>       Size/MD5 checksum:    69284 4257688fc42e09118821e8958f0a6ee7
>     http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.9_powerpc.deb
>       Size/MD5 checksum:    44694 f3ad6da5431802cc4d397bec741eca81
>     http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.9_powerpc.deb
>       Size/MD5 checksum:  2173702 9b536d611b6ce4e48da03459c5071e84
>     http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.9_powerpc.deb
>       Size/MD5 checksum:    38886 ff6033af2c67302deb234a7f120cf779
>     http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.9_powerpc.deb
>       Size/MD5 checksum:   187680 227518152740d2518c5ec92105d85179
>     http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.9_powerpc.deb
>       Size/MD5 checksum:   264838 7f4c6eed60bdc21edd28b60fdfe4c710
> 
>   IBM S/390 architecture:
> 
>     http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9_s390.deb
>       Size/MD5 checksum:    67906 8c6217c5131838abbfd7ce298556c8b1
>     http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.9_s390.deb
>       Size/MD5 checksum:    43564 d6af81d53141d8efddb3878d70a0e624
>     http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.9_s390.deb
>       Size/MD5 checksum:  2172976 993af7eba4a41c2510f5280f37d7e048
>     http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.9_s390.deb
>       Size/MD5 checksum:    38942 50b2b6c19597e479e1f398439018ce9c
>     http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.9_s390.deb
>       Size/MD5 checksum:   182606 3821257f0925fe2be95a355d3d018d88
>     http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.9_s390.deb
>       Size/MD5 checksum:   269406 9fe3e9dd8e7564db863a452b2ff9ffae
> 
>   Sun Sparc architecture:
> 
>     http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9_sparc.deb
>       Size/MD5 checksum:    64424 df6e026c7266999f8747bc82706deb8f
>     http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.9_sparc.deb
>       Size/MD5 checksum:    39456 a426823f333ab28e49b16934f19dc346
>     http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.9_sparc.deb
>       Size/MD5 checksum:  2171178 ea328218eaa01a6ed32c2dcaff418844
>     http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.9_sparc.deb
>       Size/MD5 checksum:    36844 c92fc7b0b4249d6dcd3058482a0936c3
>     http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.9_sparc.deb
>       Size/MD5 checksum:   175782 45be5bb635f8fe1244045c429dae943f
>     http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.9_sparc.deb
>       Size/MD5 checksum:   264704 dfcbfa29904f0db5848da5de1885d1ea
> 
> 
>   These files will probably be moved into the stable distribution on
>   its next update.
> 
> ---------------------------------------------------------------------------------
> For apt-get: deb http://security.debian.org/ stable/updates main
> For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
> Mailing list: debian-security-announce@lists.debian.org
> Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
> 

-- 
Joel Heenan
Sensory Networks
Ph: +61 2 8302 2744 Fax: +61 2 9475 0316

begin:vcard
fn:Joel Heenan
n:Heenan;Joel
org:Sensory Networks
adr:East Sydney NSW 2011;;Level 6, 140 William Street;Sydney;NSW;2011;Australia
email;internet:joel.heenan@sensorynetworks.com
title:Systems Administrator
tel;work:+61 02 8302 2744
tel;fax:+61 02 9475 0316
x-mozilla-html:FALSE
url:http://www.sensorynetworks.com
version:2.1
end:vcard
Reply to: