USN-770-1: ClamAV vulnerability
Posted on: 05/05/2009 02:20 AM

A new ClamAV vulnerability update is available for Ubuntu Linux. Here the announcement:

Ubuntu Security Notice USN-770-1 May 04, 2009
clamav vulnerability
https://launchpad.net/bugs/365823
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 9.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 9.04:
clamav-milter 0.95.1+dfsg-1ubuntu1.2

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

A flaw was discovered in the clamav-milter initscript which caused the
ownership of the current working directory to be changed to the 'clamav'
user. This update attempts to repair the incorrect ownership for standard
system directories, but it is recommended that the following command be
performed to report any other directories that may be affected:

$ sudo find -H / -type d -user clamav \\! -group clamav 2gt;/dev/null

Systems configured to run clamav as a user other than the default 'clamav'
user will need to adjust the above command accordingly.


Updated packages for Ubuntu 9.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.95.1+dfsg-1ubuntu1.2.diff.gz
Size/MD5: 240956 16d828dea428d031cc59d41b24b592d1
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.95.1+dfsg-1ubuntu1.2.dsc
Size/MD5: 1540 575dace049ba5216b8ccbd3333b6c2c3
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.95.1+dfsg.orig.tar.gz
Size/MD5: 24233062 1e9618ac1b9b58e5c1c1b665adf26749

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-base_0.95.1+dfsg-1ubuntu1.2_all.deb
Size/MD5: 21399900 52b7926a51ada72067819f1c646db8b3
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-docs_0.95.1+dfsg-1ubuntu1.2_all.deb
Size/MD5: 1110124 f7759ab6a73007be3605276cb0e7f28d
http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-testfiles_0.95.1+dfsg-1ubuntu1.2_all.deb
Size/MD5: 225956 d4cc917a76574e27fe7b51643628bb4d

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-daemon_0.95.1+dfsg-1ubuntu1.2_amd64.deb
Size/MD5: 393938 b905639abb64cbb62f6b088abf5a0231
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-dbg_0.95.1+dfsg-1ubuntu1.2_amd64.deb
Size/MD5: 1184152 675a9cea68762ac8e0dca483292e15cf
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-freshclam_0.95.1+dfsg-1ubuntu1.2_amd64.deb
Size/MD5: 281792 d0cbd33bd85b022ee85bbdac7511213f
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.95.1+dfsg-1ubuntu1.2_amd64.deb
Size/MD5: 273934 86fa7c88dd44a77cf563b401d22a1139
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav-dev_0.95.1+dfsg-1ubuntu1.2_amd64.deb
Size/MD5: 605768 951853d338127eb686432233bfb5a341
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav6_0.95.1+dfsg-1ubuntu1.2_amd64.deb
Size/MD5: 569884 20ce2a8275351db1eee604558d79d4f7
http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-milter_0.95.1+dfsg-1ubuntu1.2_amd64.deb
Size/MD5: 266000 33d736985619ca166f8f917fb7271d87

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-daemon_0.95.1+dfsg-1ubuntu1.2_i386.deb
Size/MD5: 382140 4440322bc961f0a410ebc92bb95f17aa
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-dbg_0.95.1+dfsg-1ubuntu1.2_i386.deb
Size/MD5: 1095416 9e2b92403f60728922113a3a27982533
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-freshclam_0.95.1+dfsg-1ubuntu1.2_i386.deb
Size/MD5: 279266 5f2fe7d3e0d045fe4f68e356fd977a04
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.95.1+dfsg-1ubuntu1.2_i386.deb
Size/MD5: 268354 db1afab9a4b57a37bdcc3ccf471c5cc2
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav-dev_0.95.1+dfsg-1ubuntu1.2_i386.deb
Size/MD5: 574290 c33b885b054cd55655292c55bed96295
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav6_0.95.1+dfsg-1ubuntu1.2_i386.deb
Size/MD5: 557328 643fd52c2f12ac522a87121e93978e79
http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-milter_0.95.1+dfsg-1ubuntu1.2_i386.deb
Size/MD5: 263040 0ab591f0b668adb5587edd485e987c13

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/c/clamav/clamav-daemon_0.95.1+dfsg-1ubuntu1.2_lpia.deb
Size/MD5: 382392 0ea691eea8bd953bc273da4c9b9debc4
http://ports.ubuntu.com/pool/main/c/clamav/clamav-dbg_0.95.1+dfsg-1ubuntu1.2_lpia.deb
Size/MD5: 1116512 52c01ee04b0107669c566b44cfac727e
http://ports.ubuntu.com/pool/main/c/clamav/clamav-freshclam_0.95.1+dfsg-1ubuntu1.2_lpia.deb
Size/MD5: 279020 aa4872b8c2d9f299d532888d3675ea51
http://ports.ubuntu.com/pool/main/c/clamav/clamav_0.95.1+dfsg-1ubuntu1.2_lpia.deb
Size/MD5: 268124 3a3175eb60cea6248bdd6767e5833de2
http://ports.ubuntu.com/pool/main/c/clamav/libclamav-dev_0.95.1+dfsg-1ubuntu1.2_lpia.deb
Size/MD5: 575506 96c1ca9f26aba0862f42b189fcae7354
http://ports.ubuntu.com/pool/main/c/clamav/libclamav6_0.95.1+dfsg-1ubuntu1.2_lpia.deb
Size/MD5: 559374 04a449e526bbb7d8be9b95c365b3b7f6
http://ports.ubuntu.com/pool/universe/c/clamav/clamav-milter_0.95.1+dfsg-1ubuntu1.2_lpia.deb
Size/MD5: 263008 ef2bcc6eb89e665ab5fba4cf10d2d2d8

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/c/clamav/clamav-daemon_0.95.1+dfsg-1ubuntu1.2_powerpc.deb
Size/MD5: 400204 94578b9dca844d1434025a51c0109c83
http://ports.ubuntu.com/pool/main/c/clamav/clamav-dbg_0.95.1+dfsg-1ubuntu1.2_powerpc.deb
Size/MD5: 1158670 5a7be46133af1bc18e47adfca1cf6587
http://ports.ubuntu.com/pool/main/c/clamav/clamav-freshclam_0.95.1+dfsg-1ubuntu1.2_powerpc.deb
Size/MD5: 283848 2ab5a37504e844051c48c6419e55f336
http://ports.ubuntu.com/pool/main/c/clamav/clamav_0.95.1+dfsg-1ubuntu1.2_powerpc.deb
Size/MD5: 276786 1003a47361604f8d3b54771e9bb0fa34
http://ports.ubuntu.com/pool/main/c/clamav/libclamav-dev_0.95.1+dfsg-1ubuntu1.2_powerpc.deb
Size/MD5: 645340 365e906bfacae713aa391e827933e9ad
http://ports.ubuntu.com/pool/main/c/clamav/libclamav6_0.95.1+dfsg-1ubuntu1.2_powerpc.deb
Size/MD5: 587074 d83bab7ca42ef3a0b37e704aa624558c
http://ports.ubuntu.com/pool/universe/c/clamav/clamav-milter_0.95.1+dfsg-1ubuntu1.2_powerpc.deb
Size/MD5: 269430 29c2c9c54774130407c28ed4422da83b

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/c/clamav/clamav-daemon_0.95.1+dfsg-1ubuntu1.2_sparc.deb
Size/MD5: 383556 1cea55a1fce839b2ca1e5b03ca632c32
http://ports.ubuntu.com/pool/main/c/clamav/clamav-dbg_0.95.1+dfsg-1ubuntu1.2_sparc.deb
Size/MD5: 1064340 a6c0dc3a0e3d40a4f89dff2290a6769a
http://ports.ubuntu.com/pool/main/c/clamav/clamav-freshclam_0.95.1+dfsg-1ubuntu1.2_sparc.deb
Size/MD5: 277894 fc8f08a7d044cc9246a8233d1a9cfd2a
http://ports.ubuntu.com/pool/main/c/clamav/clamav_0.95.1+dfsg-1ubuntu1.2_sparc.deb
Size/MD5: 268476 c4a9a06151ad123de3cb484f06fc8870
http://ports.ubuntu.com/pool/main/c/clamav/libclamav-dev_0.95.1+dfsg-1ubuntu1.2_sparc.deb
Size/MD5: 607604 f11ab004f8c8c5c6845bc90c38cf2f4a
http://ports.ubuntu.com/pool/main/c/clamav/libclamav6_0.95.1+dfsg-1ubuntu1.2_sparc.deb
Size/MD5: 574486 e1c8f67fa7300c4759d9c01b9bc4e3c2
http://ports.ubuntu.com/pool/universe/c/clamav/clamav-milter_0.95.1+dfsg-1ubuntu1.2_sparc.deb
Size/MD5: 262718 ff8884c64206061ec9830b029c06aa8e



--dWYAkE0V1FpFQHQ3
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkn/dPUACgkQW0JvuRdL8BofyQCfRDiWY7BvNvk9IQCExI7xRiLc
HAcAoIvz2cGuF8bYPZEB6ziiERw2bV/w
=9EPb
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_770_1_clamav_vulnerability.html)