DSA 1263-1: New clamav packages fix denial of service
Posted on: 03/07/2007 12:40 AM

The Debian Security Team published a new security update for Debian GNU/Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1263-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
March 6th, 2006 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : clamav
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2007-0897 CVE-2007-0898
Debian Bug : 411118

Several remote vulnerabilities have been discovered in in the Clam
anti-virus toolkit, which may lead to denial of service. The Common
Vulnerabilities and Exposures project identifies the following problems:

CVE-2007-0897

It was discovered that malformed CAB archives may exhaust file
descriptors, which allows denial of service.

CVE-2007-0898

It was discovered that a directory traversal vulnerability in the MIME
header parser may lead to denial of service.

For the stable distribution (sarge) these problems have been fixed in
version 0.84-2.sarge.15.

For the upcoming stable distribution (etch) these problems have been fixed
in version 0.88.7-2.

For the unstable distribution (sid) these problems have been fixed in
version 0.90-1.

We recommend that you upgrade your clamav packages.


Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15.dsc
Size/MD5 checksum: 874 164ac3671dc1ede72f116703ff47f5c7
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15.diff.gz
Size/MD5 checksum: 181092 4cb9909ef8d4d1da088a44a40a3d0a5d
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84.orig.tar.gz
Size/MD5 checksum: 4006624 c43213da01d510faf117daa9a4d5326c

Architecture independent components:

http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.84-2.sarge.15_all.deb
Size/MD5 checksum: 155290 d03243c2e40548b1ed8a7187dbbe05c0
http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.84-2.sarge.15_all.deb
Size/MD5 checksum: 690908 6a35ca9ba3a2cccafe60ee6ba15dff30
http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.84-2.sarge.15_all.deb
Size/MD5 checksum: 124274 50a76314d37beaa54c9939d01268a295

Alpha architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_alpha.deb
Size/MD5 checksum: 74852 2f8ba776b5b8ecabb5ced89124df8711
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_alpha.deb
Size/MD5 checksum: 48910 3c1e853f2c6cd9e75c1f88f9e607196c
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_alpha.deb
Size/MD5 checksum: 2176498 f00a4e4a4724e7c278b356f74dcd6e9f
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_alpha.deb
Size/MD5 checksum: 42160 1632e0df7ee729b9863ddd3deb70f57c
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_alpha.deb
Size/MD5 checksum: 256108 8cd276b750093c23907973a9d3e80031
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_alpha.deb
Size/MD5 checksum: 286304 85f2cd7418bb2bae13615499b52211fe

AMD64 architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_amd64.deb
Size/MD5 checksum: 69010 5c1285590a4068fe6253145862a4ade9
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_amd64.deb
Size/MD5 checksum: 44278 5b7a1bc8cd6034bbc5ea6b4af21c5adc
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_amd64.deb
Size/MD5 checksum: 2173282 eedaa60dcb78037af56c2868aaa70a8a
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_amd64.deb
Size/MD5 checksum: 40038 92967a280f254f2254851bed6f1dfd0f
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_amd64.deb
Size/MD5 checksum: 176818 c76d900e5c2b6add3da38f4ef84adc2b
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_amd64.deb
Size/MD5 checksum: 260378 b6b0304db0b1ac7306b43d854eb8a4d5

ARM architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_arm.deb
Size/MD5 checksum: 63970 a8146a69333876298408f196c7b6de18
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_arm.deb
Size/MD5 checksum: 39636 f3768da7d1f98159134b0d5375585567
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_arm.deb
Size/MD5 checksum: 2171278 b728182250c04bb804c25150a1c008bc
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_arm.deb
Size/MD5 checksum: 37320 1dbc35eb0c07bb0b19f83f002346462c
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_arm.deb
Size/MD5 checksum: 175142 e1a4473d761f38ea9e22aeede630d8af
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_arm.deb
Size/MD5 checksum: 250250 5be64956ab66d665a714dd889616d8a7

HP Precision architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_hppa.deb
Size/MD5 checksum: 68470 75c8d1e6c3f6d20d8955178dc1f9a74d
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_hppa.deb
Size/MD5 checksum: 43276 23d1c8cacac81c26942fb1fc91a57756
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_hppa.deb
Size/MD5 checksum: 2173656 13c73779b34757f034a924aa72c589f3
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_hppa.deb
Size/MD5 checksum: 39534 cc09b2a89978af3c674d3b908bac0ce6
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_hppa.deb
Size/MD5 checksum: 202948 cd2bd9baaf5784217111a7527c085faa
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_hppa.deb
Size/MD5 checksum: 283994 91570ebc055a4c6542369090b9c42833

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_i386.deb
Size/MD5 checksum: 65324 27e131c923911d74c77b081081efd53b
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_i386.deb
Size/MD5 checksum: 40372 302701e63dd3ed03f4d6df6be0ea9fda
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_i386.deb
Size/MD5 checksum: 2171596 4df76765279396b0c35e5f08c45ed9ba
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_i386.deb
Size/MD5 checksum: 38044 56981cfac9af7758ee3c9bfb900312e8
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_i386.deb
Size/MD5 checksum: 159896 ae0b9dab053b2a5e14f795298b27a4dd
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_i386.deb
Size/MD5 checksum: 255084 dce16317d32ee0c1fa89e7b881627ae3

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_ia64.deb
Size/MD5 checksum: 81954 38e69159641cd1a96823bca6bd9dbe65
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_ia64.deb
Size/MD5 checksum: 55336 5c9ed951a1c11eb69c99c4b896b79b8d
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_ia64.deb
Size/MD5 checksum: 2180266 7d15c59e8b1c8514c654deab1902aed2
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_ia64.deb
Size/MD5 checksum: 49252 9184c9e05f4bb5d42e8d837016065946
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_ia64.deb
Size/MD5 checksum: 252442 936bbea0fb4950db7be9bb8a01164fc3
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_ia64.deb
Size/MD5 checksum: 318470 07a022c3616a0a1b5ddc5f6acb132b50

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_m68k.deb
Size/MD5 checksum: 62640 6315cbb887a6e57471451c8a4d930b51
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_m68k.deb
Size/MD5 checksum: 38258 76d989cd3d071c5600d9239ec44d5e10
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_m68k.deb
Size/MD5 checksum: 2170534 f35dcc6912fb0acd0b259acae8a9b9a2
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_m68k.deb
Size/MD5 checksum: 35122 40b89cf394c25f79e17acc8dfb329b0d
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_m68k.deb
Size/MD5 checksum: 146484 0098c6f52a629d5e1997ada7e752170e
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_m68k.deb
Size/MD5 checksum: 251086 888c34801a5588dbc49f66e2acf1216a

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_mips.deb
Size/MD5 checksum: 68062 9d6a26efae1f42e04162a5423ac317fb
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_mips.deb
Size/MD5 checksum: 43874 f1cd8daafda6e91f288a8206d168f301
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_mips.deb
Size/MD5 checksum: 2173058 6f5c70b355790ce6d4ff9c082e8506a3
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_mips.deb
Size/MD5 checksum: 37682 a6706508bb4aaf8098968d60f8397be6
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_mips.deb
Size/MD5 checksum: 195860 ea70cd36f235d4f2326307df22e06f69
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_mips.deb
Size/MD5 checksum: 258188 9d874d790e66793797211be2a5a8ce86

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_mipsel.deb
Size/MD5 checksum: 67650 9a9146d5667ccf4b111dd30d752f0a91
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_mipsel.deb
Size/MD5 checksum: 43684 21fb06cf16611c12fdacdb8937ae92b1
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_mipsel.deb
Size/MD5 checksum: 2173010 cc75d6c3f0f2fe5e597e79d547199a0f
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_mipsel.deb
Size/MD5 checksum: 37996 3aeecfbf91fa68a8a2175ab5a1caa013
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_mipsel.deb
Size/MD5 checksum: 192220 c612ee4b274d41ee7c7a2f7c06665958
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_mipsel.deb
Size/MD5 checksum: 255722 66f071a933589d62c11c161a49015702

PowerPC architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_powerpc.deb
Size/MD5 checksum: 69390 57c24e63fb8b9eee0ba65f82ebce29c5
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_powerpc.deb
Size/MD5 checksum: 44732 b79f087c2d6b9a6a0443257dd664cd28
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_powerpc.deb
Size/MD5 checksum: 2173690 c13fd5c3eb38db179db4db8a25017bd1
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_powerpc.deb
Size/MD5 checksum: 38886 902c240c9ba87fb45d2018d6e7071b9e
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_powerpc.deb
Size/MD5 checksum: 187852 cbfcd17a7acf154d92f2324aa6cc9bc3
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_powerpc.deb
Size/MD5 checksum: 265522 5803d3f1b222cfd28229a2e47076bcae

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_s390.deb
Size/MD5 checksum: 67960 8abf60927cc67e39c30af5147038457f
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_s390.deb
Size/MD5 checksum: 43632 2087d0ad268f72be98b9c711543b4e15
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_s390.deb
Size/MD5 checksum: 2172968 1e93b48d8eabf027a2885c44eeb2f694
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_s390.deb
Size/MD5 checksum: 38974 15884fe049d94ea78d1392025734f719
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_s390.deb
Size/MD5 checksum: 182844 894b86b7256a132a8c4d7ddf9adc3a0e
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_s390.deb
Size/MD5 checksum: 270124 b804fa150e7e2c85e09ebb4fa5c15d8a

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_sparc.deb
Size/MD5 checksum: 64742 57b8bb2c49e2eb5360b8f105ed4b9f91
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_sparc.deb
Size/MD5 checksum: 39522 59eb16c39f5c0dd52919b5fa3b2096fb
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_sparc.deb
Size/MD5 checksum: 2171204 d66238ca67d4f22ff1145cf9ca393d9c
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_sparc.deb
Size/MD5 checksum: 36890 5ffe48cc0fdea294f6382f73a668fe30
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_sparc.deb
Size/MD5 checksum: 176144 1110fde33987418132d3ee6df0990ac8
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_sparc.deb
Size/MD5 checksum: 265558 a2096ed70b830e852a72099dc9962641


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show lt;pkggt;' and http://packages.debian.org/lt;pkggt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFF7ewBXm3vHE4uyloRAp+FAKDK2+l25JCKPiiY/BJc6LCarkFLbgCfck0k
Wr6nOPT+eQ6P3Z+mSFoLA/o=
=7tJE
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/dsa_1263_1_new_clamav_packages_fix_denial_of_service.html)