USN-684-1: ClamAV vulnerability
Posted on: 12/03/2008 12:25 AM

A new ClamAV vulnerability update is available for Ubuntu Linux. Here the announcement:

Ubuntu Security Notice USN-684-1 December 02, 2008
clamav vulnerability
https://bugs.launchpad.net/bugs/304017
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.10:
libclamav5 0.94.dfsg.2-1ubuntu0.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Ilja van Sprundel discovered that ClamAV did not handle recursive JPEG
information. If a remote attacker sent a specially crafted JPEG file,
ClamAV would crash, leading to a denial of service.


Updated packages for Ubuntu 8.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.1.diff.gz
Size/MD5: 159258 35b619fff489b7fdbfacd86170572cfa
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.1.dsc
Size/MD5: 1545 d35181ceb4a8b93aa8ef3d80f424a52e
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.94.dfsg.2.orig.tar.gz
Size/MD5: 22073819 7b45b0c54b887b23cb49e4bff807cf58

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-base_0.94.dfsg.2-1ubuntu0.1_all.deb
Size/MD5: 19497162 d2d7052e4859a66f9556a33839be072b
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-docs_0.94.dfsg.2-1ubuntu0.1_all.deb
Size/MD5: 1077346 0c0e57cf0a6d5004611621c81d158b3e
http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-testfiles_0.94.dfsg.2-1ubuntu0.1_all.deb
Size/MD5: 208058 8dd86c35b97cfa0c111ec6a99f90d7b4

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-daemon_0.94.dfsg.2-1ubuntu0.1_amd64.deb
Size/MD5: 239628 465bacd5ebfec386196f83b90c59b1d5
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-dbg_0.94.dfsg.2-1ubuntu0.1_amd64.deb
Size/MD5: 914866 309f142bd797da5b06bae9f3273c729a
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1ubuntu0.1_amd64.deb
Size/MD5: 255448 b28942a9a6ecd5b09eea78f22f56658c
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.1_amd64.deb
Size/MD5: 235612 d7fc1fbc5112f2b8b4bb81f26f8495bd
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav-dev_0.94.dfsg.2-1ubuntu0.1_amd64.deb
Size/MD5: 573860 1a499485cdee3a5ed728fdb115d4708e
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav5_0.94.dfsg.2-1ubuntu0.1_amd64.deb
Size/MD5: 538626 f1ec69b8d9bc15cf1b6ab9b483b37568
http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-milter_0.94.dfsg.2-1ubuntu0.1_amd64.deb
Size/MD5: 232722 4abb421ae13f2c04ccf7e975d68344f1

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-daemon_0.94.dfsg.2-1ubuntu0.1_i386.deb
Size/MD5: 233172 1e14e971a76712c4a38d3250e3f84a4f
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-dbg_0.94.dfsg.2-1ubuntu0.1_i386.deb
Size/MD5: 849368 dc7e8747a2f1b40db10fd3dfa80d6d8f
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1ubuntu0.1_i386.deb
Size/MD5: 253682 2dfbb18dbe45b97fe537e440c86079f0
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.1_i386.deb
Size/MD5: 232686 f5fc69f35bb5206e6f3f1802eab27b87
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav-dev_0.94.dfsg.2-1ubuntu0.1_i386.deb
Size/MD5: 541856 cc9e3b0f262968372c5cdf8b62606280
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav5_0.94.dfsg.2-1ubuntu0.1_i386.deb
Size/MD5: 524410 2d1f9e712a3ef57c99434469a584f38d
http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-milter_0.94.dfsg.2-1ubuntu0.1_i386.deb
Size/MD5: 229260 280079fa42c8ff6a18a8fd1406956f3c

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/c/clamav/clamav-daemon_0.94.dfsg.2-1ubuntu0.1_lpia.deb
Size/MD5: 232694 509ca94dd8ba239e70df349015eab8b6
http://ports.ubuntu.com/pool/main/c/clamav/clamav-dbg_0.94.dfsg.2-1ubuntu0.1_lpia.deb
Size/MD5: 866262 636afb92077246666719c22544dda5bd
http://ports.ubuntu.com/pool/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1ubuntu0.1_lpia.deb
Size/MD5: 253738 0581fb06ce78fd9a2d1e2d81cfa95e87
http://ports.ubuntu.com/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.1_lpia.deb
Size/MD5: 232232 7e301b68901a3435da4768b2845bf61d
http://ports.ubuntu.com/pool/main/c/clamav/libclamav-dev_0.94.dfsg.2-1ubuntu0.1_lpia.deb
Size/MD5: 543754 bd8453f227ae9bebcec4fb41b9e9d427
http://ports.ubuntu.com/pool/main/c/clamav/libclamav5_0.94.dfsg.2-1ubuntu0.1_lpia.deb
Size/MD5: 527060 b903aa2ec89a2b3c327e170f3b23e021
http://ports.ubuntu.com/pool/universe/c/clamav/clamav-milter_0.94.dfsg.2-1ubuntu0.1_lpia.deb
Size/MD5: 229286 d2af0a51fa4beb6eb3045f2dfa3abe9e

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/c/clamav/clamav-daemon_0.94.dfsg.2-1ubuntu0.1_powerpc.deb
Size/MD5: 242896 a8a6f8ef5d43b0856cb250879b6d741d
http://ports.ubuntu.com/pool/main/c/clamav/clamav-dbg_0.94.dfsg.2-1ubuntu0.1_powerpc.deb
Size/MD5: 903632 275eb13f4b9caa6ab4089aa0d8e97b24
http://ports.ubuntu.com/pool/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1ubuntu0.1_powerpc.deb
Size/MD5: 258198 2109d15b9bcb4cedeb380ac295c26364
http://ports.ubuntu.com/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.1_powerpc.deb
Size/MD5: 240246 c373dfb0ec6bd9539575aad28310a5ae
http://ports.ubuntu.com/pool/main/c/clamav/libclamav-dev_0.94.dfsg.2-1ubuntu0.1_powerpc.deb
Size/MD5: 613886 8a59e0abf3597d1c13ffa47ee0700b48
http://ports.ubuntu.com/pool/main/c/clamav/libclamav5_0.94.dfsg.2-1ubuntu0.1_powerpc.deb
Size/MD5: 554872 992aa23fb6ed82684c8325743e366947
http://ports.ubuntu.com/pool/universe/c/clamav/clamav-milter_0.94.dfsg.2-1ubuntu0.1_powerpc.deb
Size/MD5: 232832 36d93e39e3f1f74dde643bc78e38c4a7

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/c/clamav/clamav-daemon_0.94.dfsg.2-1ubuntu0.1_sparc.deb
Size/MD5: 232694 22f99a7b96cf3ab8749316cb3256b168
http://ports.ubuntu.com/pool/main/c/clamav/clamav-dbg_0.94.dfsg.2-1ubuntu0.1_sparc.deb
Size/MD5: 836388 a2eb3d95d9a6254db4d7375844f18f57
http://ports.ubuntu.com/pool/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1ubuntu0.1_sparc.deb
Size/MD5: 252954 b21baca5066e5e27a8b8154cc17b9d2c
http://ports.ubuntu.com/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.1_sparc.deb
Size/MD5: 233100 3c0b967b8a11e701698a1099a171ee82
http://ports.ubuntu.com/pool/main/c/clamav/libclamav-dev_0.94.dfsg.2-1ubuntu0.1_sparc.deb
Size/MD5: 577734 05eb85bfb1a2ac3b223eba160167c7e2
http://ports.ubuntu.com/pool/main/c/clamav/libclamav5_0.94.dfsg.2-1ubuntu0.1_sparc.deb
Size/MD5: 543454 09533df800dafec77af220c81897cb0e
http://ports.ubuntu.com/pool/universe/c/clamav/clamav-milter_0.94.dfsg.2-1ubuntu0.1_sparc.deb
Size/MD5: 230206 5abbd9810492e866183bb1033a284b18


--zx4FCpZtqtKETZ7O
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Kees Cook lt;kees@outflux.netgt;

iEYEARECAAYFAkk1tKkACgkQH/9LqRcGPm22ZACgnhO3wB4ZTW/AgqT8yElelAEQ
Xo8AoI64nEkkXbL3REwNr6j8+LjSjZjx
=NfCK
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_684_1_clamav_vulnerability.html)