LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 20th, 2014
Linux Advisory Watch: October 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Debian: New ClamAV packages fix denial of service Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Debian Updated package.
- --------------------------------------------------------------------------
Debian Security Advisory DSA 824-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
September 29th, 2005                    http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : clamav
Vulnerability  : infinite loop, buffer overflow
Problem type   : remote
Debian-specific: no
CVE ID         : CAN-2005-2919 CAN-2005-2920
Debian Bug     : 328660

Two vulnerabilities have been discovered in Clam AntiVirus, the
antivirus scanner for Unix, designed for integration with mail servers
to perform attachment scanning.  The following problems were
identified:

CAN-2005-2919

    A potentially infinite loop could lead to a denial of service.

CAN-2005-2920

    A buffer overflow could lead to a denial of service.

The old stable distribution (woody) does not contain ClamAV packages.

For the stable distribution (sarge) these problems have been fixed in
version 0.84-2.sarge.4.

For the unstable distribution (sid) these problems have been fixed in
version 0.87-1.

We recommend that you upgrade your clamav package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4.dsc
      Size/MD5 checksum:      872 1a1aaa3318ae10c6806f582588e307bb
    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4.diff.gz
      Size/MD5 checksum:   175215 e44e7c828b916a87c94985cf8eae3d13
    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84.orig.tar.gz
      Size/MD5 checksum:  4006624 c43213da01d510faf117daa9a4d5326c

  Architecture independent components:

    http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.84-2.sarge.4_all.deb
      Size/MD5 checksum:   154302 764277db36650876f13658e2e5f0751b
    http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.84-2.sarge.4_all.deb
      Size/MD5 checksum:   689924 e5aba73a0a6f949f7ddf2e6efa6b0aeb
    http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.84-2.sarge.4_all.deb
      Size/MD5 checksum:   123298 5792bbcedba7c7b19b118976c23d7dff

  Alpha architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_alpha.deb
      Size/MD5 checksum:    74672 e6725d68591dd710cce840b8020647c9
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_alpha.deb
      Size/MD5 checksum:    48792 ab341735b610360d211d93aae21f8c04
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_alpha.deb
      Size/MD5 checksum:  2176364 57135c04ea09bb8571e1fcb31db492e0
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_alpha.deb
      Size/MD5 checksum:    42112 d9881a7457c16df6c279e3de6715a8c1
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_alpha.deb
      Size/MD5 checksum:   254516 d8dff4ba494bb9dcfa1a2be51c0b3a8c
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_alpha.deb
      Size/MD5 checksum:   283868 4cf4e2c9a673c679af6d53cd19fd86e2

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_amd64.deb
      Size/MD5 checksum:    68858 e1cf55557564afe9eb85b8028ed95576
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_amd64.deb
      Size/MD5 checksum:    44188 f043d16b9b1fa8755fb27b97b24bfa6c
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_amd64.deb
      Size/MD5 checksum:  2173194 9c1766d7351dea3e1c6529b77c03e3e4
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_amd64.deb
      Size/MD5 checksum:    40006 2407a0b2ca24d6bf745c2bd9c509a7e8
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_amd64.deb
      Size/MD5 checksum:   175354 2fb4df2228763488f9fbb5b6ae52d38e
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_amd64.deb
      Size/MD5 checksum:   257910 ce9eef9c38187a70582528ef6a99f9e6

  ARM architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_arm.deb
      Size/MD5 checksum:    63824 d6cb239e323084cfc6b5a30f36a52c01
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_arm.deb
      Size/MD5 checksum:    39520 76997f2c09141dfc517570f0c0f77598
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_arm.deb
      Size/MD5 checksum:  2171212 6b64588c64a58e275b226a8289cbffd3
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_arm.deb
      Size/MD5 checksum:    37304 8f29746edb67c02477b662b473ac4234
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_arm.deb
      Size/MD5 checksum:   173526 02a315f3ad72931252a2fcfaf7682561
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_arm.deb
      Size/MD5 checksum:   248328 7de5f21da6ebd76b9e6bce64b1935df9

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_i386.deb
      Size/MD5 checksum:    65124 f53eadb97b80d0b2f7c8a8f6d15c7fcc
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_i386.deb
      Size/MD5 checksum:    40194 11affc953259da108bb6ac9015703c9a
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_i386.deb
      Size/MD5 checksum:  2171518 136c46a06385fbb5e8d896d642bc0f05
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_i386.deb
      Size/MD5 checksum:    38030 ef402381cb175820ea4b0c01d2974b54
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_i386.deb
      Size/MD5 checksum:   158546 89741c1bf059281f1ca2aa0dd7f40861
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_i386.deb
      Size/MD5 checksum:   252594 60e13cb2197362fbda1d8d122b841cfe

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_ia64.deb
      Size/MD5 checksum:    81706 8267ad55e4b5b58bf80911973a635e02
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_ia64.deb
      Size/MD5 checksum:    55102 f90bc4bac2fed23429feecdbe92fb850
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_ia64.deb
      Size/MD5 checksum:  2180084 0200268cac161cc694f2eb87e050521a
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_ia64.deb
      Size/MD5 checksum:    49208 f143c1c98036aa4d404c8c9c9b533e33
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_ia64.deb
      Size/MD5 checksum:   250412 12a7b80cc296d1825ff40c297f7b2592
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_ia64.deb
      Size/MD5 checksum:   315812 a8e46a8c22ab740d51b80da4edcbde8d

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_hppa.deb
      Size/MD5 checksum:    68182 9b08058ca6bdfc769a091c7c89a7ce64
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_hppa.deb
      Size/MD5 checksum:    43234 4ebf553bf0a02e8179260d04c7dd7238
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_hppa.deb
      Size/MD5 checksum:  2173616 d8d57d8b12fddd5c9ea61b5affdfb34e
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_hppa.deb
      Size/MD5 checksum:    39450 adffa3c170aea391e410e997f57cf535
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_hppa.deb
      Size/MD5 checksum:   201266 29b0927ba2b89df397423e6e520cfa1f
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_hppa.deb
      Size/MD5 checksum:   281814 4916e2bb671314195cf51e50c375101d

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_m68k.deb
      Size/MD5 checksum:    62456 f83ffc5a1b29336b95d29480976f3229
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_m68k.deb
      Size/MD5 checksum:    38072 237a81f8ae94f568a7ab288b01d7294b
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_m68k.deb
      Size/MD5 checksum:  2170454 38f3c19b1d3600361a3eff93b2c08924
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_m68k.deb
      Size/MD5 checksum:    35068 d54fa55db1fe03921ce0e080946a3006
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_m68k.deb
      Size/MD5 checksum:   145372 27ff086da84d8b2b7e1a7b5e0ec6faad
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_m68k.deb
      Size/MD5 checksum:   249018 8ec76ffcdd22dc2216b29c0a5b0967b2

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_mips.deb
      Size/MD5 checksum:    67858 ff8ac22975ec3987744b41635334032a
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_mips.deb
      Size/MD5 checksum:    43674 3672906fe3fde3bc7a94ad54c47d07d4
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_mips.deb
      Size/MD5 checksum:  2172970 a8580f8e196acba4d9d625c4cc423338
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_mips.deb
      Size/MD5 checksum:    37670 ccdc395e404f330c20598d5b02ddaf49
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_mips.deb
      Size/MD5 checksum:   194320 bb910353a34fea0942afab88a31d7dea
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_mips.deb
      Size/MD5 checksum:   256088 7ec97820fa2470e7b58bf2d3b7d5c696

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_mipsel.deb
      Size/MD5 checksum:    67478 b78451c1753da62285c74c07e0fe263f
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_mipsel.deb
      Size/MD5 checksum:    43488 06e92d862ef6cd8a6ecd20f3537c4d7b
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_mipsel.deb
      Size/MD5 checksum:  2172916 f5a1eee003eb3995b97fe10b4ea09809
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_mipsel.deb
      Size/MD5 checksum:    37958 6cdc8361e786e419383ca407b287c65b
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_mipsel.deb
      Size/MD5 checksum:   190670 c464b1c69c97529361b0317d5db6fdc5
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_mipsel.deb
      Size/MD5 checksum:   253560 b892c53f46239ed94dc23d74c7958b06

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_powerpc.deb
      Size/MD5 checksum:    69226 dd9cc43999a009d6df890de345a692cd
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_powerpc.deb
      Size/MD5 checksum:    44584 58799c4b2e083df36b7a70d6b084d026
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_powerpc.deb
      Size/MD5 checksum:  2173556 bb02308f91a0b63bb560db20973d28f7
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_powerpc.deb
      Size/MD5 checksum:    38876 09a8c78537033a725fba8214735b5882
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_powerpc.deb
      Size/MD5 checksum:   186618 459c027d740cf25932665586f55a68ff
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_powerpc.deb
      Size/MD5 checksum:   263206 5a0fa00dd636ae40a62f0e02d63bc19b

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_s390.deb
      Size/MD5 checksum:    67772 1ec4fd75cf9b37c1b124e14cad82d75e
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_s390.deb
      Size/MD5 checksum:    43434 1e0ce0535300f7176e550df27af61097
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_s390.deb
      Size/MD5 checksum:  2172868 3884882c922c7a32b4d486545400b384
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_s390.deb
      Size/MD5 checksum:    38934 a85a83dfd24e7fd3ebb8236782273c36
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_s390.deb
      Size/MD5 checksum:   181596 c419b59dc3bad8208f6d0c4ff9248e13
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_s390.deb
      Size/MD5 checksum:   267778 00ea85457a4457d7539f9e939fa38524

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_sparc.deb
      Size/MD5 checksum:    64334 9e1a24f503ce5d8ef70798f0dad6714a
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_sparc.deb
      Size/MD5 checksum:    39392 7eaf2f1afd3bd2ab143f5b5f78cdd51b
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_sparc.deb
      Size/MD5 checksum:  2171076 e9e6a7aa3e48315dd9905e407ed6b969
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_sparc.deb
      Size/MD5 checksum:    36854 1d81507b5ee8ae42506dad08b6a9a452
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_sparc.deb
      Size/MD5 checksum:   174900 a6a7fcfed104d7351832f7eba3b5e6b1
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_sparc.deb
      Size/MD5 checksum:   263458 4f26cd6ff0466652766d7ce5ae183a63


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
USB is now UEC (use with extreme caution)
iPhone Encryption and the Return of the Crypto Wars
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.