DSA 1024-1: New clamav packages fix several vulnerabilities
Posted on: 04/05/2006 09:22 PM

The Debian Security Team published a new security update for Debian GNU/Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1024-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
April 5th, 2006 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : clamav
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2006-1614 CVE-2006-1615 CVE-2006-1630

Several remote vulnerabilities have been discovered in the ClamAV
anti-virus toolkit, which may lead to denial of service and potentially
to the execution of arbitrary code. The Common Vulnerabilities and
Exposures project identifies the following problems:

CVE-2006-1614

Damian Put discovered an integer overflow in the PE header parser.
This is only exploitable if the ArchiveMaxFileSize option is disabled.

CVE-2006-1615

Format string vulnerabilities in the logging code have been discovered,
which might lead to the execution of arbitrary code.

CVE-2006-1630

David Luyer discovered, that ClamAV can be tricked into an invalid
memory access in the cli_bitset_set() function, which may lead to
a denial of service.

The old stable distribution (woody) doesn't contain clamav packages.

For the stable distribution (sarge) these problems have been fixed in
version 0.84-2.sarge.8.

For the unstable distribution (sid) these problems have been fixed in
version 0.88.1-1.

We recommend that you upgrade your clamav package.


Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge
- --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8.dsc
Size/MD5 checksum: 872 ab3b8945329f3ead12e0bc4665a7b1c8
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8.diff.gz
Size/MD5 checksum: 175767 1c70e8d67a61d49a51ffd11e2574323b
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84.orig.tar.gz
Size/MD5 checksum: 4006624 c43213da01d510faf117daa9a4d5326c

Architecture independent components:

http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.84-2.sarge.8_all.deb
Size/MD5 checksum: 154760 d5856a0d9cc9d79842e840417e6eddea
http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.84-2.sarge.8_all.deb
Size/MD5 checksum: 694302 0c2adbade7ac8834f17cd93b2bb2d04a
http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.84-2.sarge.8_all.deb
Size/MD5 checksum: 123772 bb7b5e11599fbc3626561334a4cc3b41

Alpha architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8_alpha.deb
Size/MD5 checksum: 74762 8f4e4c084200e30791eb02cc82b94a7d
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.8_alpha.deb
Size/MD5 checksum: 48838 87a9f130d2f8b196d2705d3f5f9652c9
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.8_alpha.deb
Size/MD5 checksum: 2176362 a5d414c3933204fca40fdc65a631bf85
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.8_alpha.deb
Size/MD5 checksum: 42116 0dd5f21866df4fb3103eef16f699b63b
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.8_alpha.deb
Size/MD5 checksum: 255666 ee3063a5b42e80426680a4d3a6548742
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.8_alpha.deb
Size/MD5 checksum: 285526 8b60096789652370a9c1eb23426de0fb

AMD64 architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8_amd64.deb
Size/MD5 checksum: 68836 759081eefaefe1fbbe20b54b32c731f9
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.8_amd64.deb
Size/MD5 checksum: 44190 750a423f1cebbb0e307fcbbd20fa2a52
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.8_amd64.deb
Size/MD5 checksum: 2173214 2ba25c51303c97a105f8d38953bf3387
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.8_amd64.deb
Size/MD5 checksum: 40006 0456d63d7fb286a73036df807e0e1b9c
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.8_amd64.deb
Size/MD5 checksum: 176430 3b2092a8a89d581692bd26ba4e249524
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.8_amd64.deb
Size/MD5 checksum: 259636 de8ff1433bfd159c83eaf40fcbb5a9c3

ARM architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8_arm.deb
Size/MD5 checksum: 63914 950154f957a11c66fc2c7528abe1f80c
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.8_arm.deb
Size/MD5 checksum: 39592 bc92d523a15df87c66df15165815f684
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.8_arm.deb
Size/MD5 checksum: 2171222 91e209cec252cd6e3303dbb15e61f38c
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.8_arm.deb
Size/MD5 checksum: 37310 8de5836510b35692e52ad04ff7e99909
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.8_arm.deb
Size/MD5 checksum: 174784 916270130f4ae7f8d19476e8ed2696bb
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.8_arm.deb
Size/MD5 checksum: 249626 6239b4680637783bc25da305a5840c97

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8_i386.deb
Size/MD5 checksum: 65186 075b0a1e041ef16465f747e8615478eb
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.8_i386.deb
Size/MD5 checksum: 40306 186f3f67d4e01eefa9bd4de61cbc7597
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.8_i386.deb
Size/MD5 checksum: 2171576 447093a4486b108a86daa3b1fb05df01
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.8_i386.deb
Size/MD5 checksum: 38028 a3b09e4e355290b59442c4f55a221fc6
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.8_i386.deb
Size/MD5 checksum: 159538 61d3a1e151a892a93ff59b5e32406e44
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.8_i386.deb
Size/MD5 checksum: 254266 00e35cca8aa52ca3025881de3ee6b843

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8_ia64.deb
Size/MD5 checksum: 81818 84308736db6948a227fee4d603d5e9c3
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.8_ia64.deb
Size/MD5 checksum: 55238 5b0c1145c0c7df81cef8ef147d6a67fb
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.8_ia64.deb
Size/MD5 checksum: 2180132 15de24581d6bd4237cc6e629b8fe2129
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.8_ia64.deb
Size/MD5 checksum: 49192 6423e0364941f3fd5a0a94db3a41cbc0
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.8_ia64.deb
Size/MD5 checksum: 252030 2b27bb90564d6d11a1ab7433878cfe2a
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.8_ia64.deb
Size/MD5 checksum: 317596 7194c5171e051cec740d3e26b8ac1921

HP Precision architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8_hppa.deb
Size/MD5 checksum: 68280 fab75c3065bc0daef29c03de7eb95616
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.8_hppa.deb
Size/MD5 checksum: 43290 8fb3f438a608a015394dc63c2e2262b7
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.8_hppa.deb
Size/MD5 checksum: 2173664 6ac357059b165b64597b4298f2eb7c53
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.8_hppa.deb
Size/MD5 checksum: 39452 22c7fc2ead648754db1280ed45382f0c
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.8_hppa.deb
Size/MD5 checksum: 202622 60c9ecb6f7de4f23d81f3a60a6f86af8
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.8_hppa.deb
Size/MD5 checksum: 283312 92eec506c9c9c6c3e75f0180c83d9700

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8_m68k.deb
Size/MD5 checksum: 62522 caaba4e546fa8c4bed7c6f43004cb5ab
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.8_m68k.deb
Size/MD5 checksum: 38208 176ca281e6004227c266b31dc8ba8b47
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.8_m68k.deb
Size/MD5 checksum: 2170472 090cb28e973bde8ab2d44fdf348ea3ad
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.8_m68k.deb
Size/MD5 checksum: 35068 80e3b711fa0b3c7b6eb481b76bbc0c96
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.8_m68k.deb
Size/MD5 checksum: 146248 8f95efb7f3ac12667fedf66014107fcd
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.8_m68k.deb
Size/MD5 checksum: 250348 2cf8b9fdfcdaaf51e9ea2e3695e6d0e4

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8_mips.deb
Size/MD5 checksum: 67952 5576ba2f730b4a4e73c08d85956a0fe1
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.8_mips.deb
Size/MD5 checksum: 43782 b93619f9da106b1ecbfb405ee022c1ee
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.8_mips.deb
Size/MD5 checksum: 2172990 85507c94a036d0c39fb1c645bb050512
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.8_mips.deb
Size/MD5 checksum: 37678 5a8947a6f3c6ba9c7c307c0fd48050dc
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.8_mips.deb
Size/MD5 checksum: 195428 c8b23ed440bccb7d24fd809f96daad87
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.8_mips.deb
Size/MD5 checksum: 257460 3538a15689317678f878c28b1ab89d38

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8_mipsel.deb
Size/MD5 checksum: 67556 0547466b220feec6a84bb78803604cde
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.8_mipsel.deb
Size/MD5 checksum: 43580 524a0264d0a5fbb55ee3f97bec588a27
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.8_mipsel.deb
Size/MD5 checksum: 2172940 8823057cd5d1aa1a0c2b1bbab22f0e37
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.8_mipsel.deb
Size/MD5 checksum: 37962 cae611d3f09c245cb58e4605d9d59702
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.8_mipsel.deb
Size/MD5 checksum: 191858 a0760438641ec43b77b19e2884c94e96
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.8_mipsel.deb
Size/MD5 checksum: 255080 0e54a23a6c5ecf5c7a5a47772cda3c78

PowerPC architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8_powerpc.deb
Size/MD5 checksum: 69288 f057daede2d7b7123681918d177ce539
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.8_powerpc.deb
Size/MD5 checksum: 44674 59aefa09eaf2445d8359f0e420602be6
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.8_powerpc.deb
Size/MD5 checksum: 2173578 af9dec3e7e471453ec51bcf48ce266d8
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.8_powerpc.deb
Size/MD5 checksum: 38870 bf9fe9d09d8da16d71d29257b25c3831
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.8_powerpc.deb
Size/MD5 checksum: 187656 71a796fc913828ce8533e26133dc5905
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.8_powerpc.deb
Size/MD5 checksum: 264812 d1c3dd57001bda9bcd7e069d2d5fe4fb

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8_s390.deb
Size/MD5 checksum: 67904 9b1b8122712a2dd196766ebf29b5489a
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.8_s390.deb
Size/MD5 checksum: 43576 0794d581c44455ab27f08d81e55603c4
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.8_s390.deb
Size/MD5 checksum: 2172900 d2ac57b7351650121ed6d3eb956e5ca4
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.8_s390.deb
Size/MD5 checksum: 38936 83eeff4b13a29ff65228c1b6a1ceb630
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.8_s390.deb
Size/MD5 checksum: 182596 38d749ca8410825c236a506d5948a823
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.8_s390.deb
Size/MD5 checksum: 269402 b23c60b45653f744ef38e397c1fd9dbc

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8_sparc.deb
Size/MD5 checksum: 64416 70a8646252c0d3e0b78c8a37b7e25ab5
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.8_sparc.deb
Size/MD5 checksum: 39466 b68bca7161019ac2e2405973028ea710
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.8_sparc.deb
Size/MD5 checksum: 2171110 49331350eee02929c0616fb459ff6c2e
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.8_sparc.deb
Size/MD5 checksum: 36844 11eb76ec82a9faf969d3de83cdc341c8
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.8_sparc.deb
Size/MD5 checksum: 175778 a57ba409c803d60813cf2202a6ed46e1
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.8_sparc.deb
Size/MD5 checksum: 264714 eb2ab58670f241fc3d712a2ad56d9f70

These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show lt;pkggt;' and http://packages.debian.org/lt;pkggt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFENCN3Xm3vHE4uyloRAuEiAKDc1onOL69izdvTQFSfeBYlq9I8RwCdGWvF
oAnQjx2aTKwOqZgWZJ344nY=
=Bb/9
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/dsa_1024_1_new_clamav_packages_fix_several_vulnerabilities.html)