LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: November 21st, 2014
Linux Security Week: November 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Debian: New ClamAV packages fix heap overflow Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Debian A heap overflow has been discovered in ClamAV, a virus scanner, which could allow an attacker to execute arbitrary code by sending a carefully crafted UPX-encoded executable to a system runnig ClamAV. In addition, other potential overflows have been corrected.
- --------------------------------------------------------------------------
Debian Security Advisory DSA 947-1                     security@debian.org
http://www.debian.org/security/                              Michael Stone
January 21st, 2006                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : clamav
Vulnerability  : heap overflow
Problem type   : remote
Debian-specific: no
CVE IDs        : CVE-2006-0162
Debian Bug     : 320014

A heap overflow has been discovered in ClamAV, a virus scanner, which
could allow an attacker to execute arbitrary code by sending a carefully
crafted UPX-encoded executable to a system runnig ClamAV. In addition,
other potential overflows have been corrected.

The old stable distribution (woody) does not include ClamAV.

For the stable distribution (sarge) this problem has been fixed in
version 0.84-2.sarge.7.

For the unstable distribution (sid) this problem has been fixed in
version 0.86.2-1.

We recommend that you upgrade your clamav package immediately.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.7.dsc
      Size/MD5 checksum:      872 df3aecc6060155de842ad1851143d85c
    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.7.diff.gz
      Size/MD5 checksum:   179637 b25e29ec071c32768df2689f3d7061a4
    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84.orig.tar.gz
      Size/MD5 checksum:  4006624 c43213da01d510faf117daa9a4d5326c

  Architecture independent components:

    http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.84-2.sarge.7_all.deb
      Size/MD5 checksum:   154692 5149fc2bd991fd87863932ed0ac3e7fd
    http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.84-2.sarge.7_all.deb
      Size/MD5 checksum:   690338 5b7e9db683622fb49b766bfbd9168a4d
    http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.84-2.sarge.7_all.deb
      Size/MD5 checksum:   123696 6707d97d0544a6cd245d75f3aa1542b1

  Alpha architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.7_alpha.deb
      Size/MD5 checksum:    74672 bfd688e1fa1041d819c3319aa15a8530
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.7_alpha.deb
      Size/MD5 checksum:    48798 673fc52d2a3fe74bef2637114f2cd453
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.7_alpha.deb
      Size/MD5 checksum:  2176344 49586708a8006ec8f32e0128e817d2a7
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.7_alpha.deb
      Size/MD5 checksum:    42110 2f52766489cba71f29daf38455b52020
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.7_alpha.deb
      Size/MD5 checksum:   255576 f813f572a9b8b83225e4e9ad24461a17
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.7_alpha.deb
      Size/MD5 checksum:   285310 0135368aab8cb6def0573b62de849964

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.7_amd64.deb
      Size/MD5 checksum:    68868 cd0022f63fbd4b64b662c8c8aa092d3e
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.7_amd64.deb
      Size/MD5 checksum:    44190 4db755a324f658589732bd2ce6aa4b8d
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.7_amd64.deb
      Size/MD5 checksum:  2173202 cb7d17d25ee13d02ce8c72e0ed06a3e9
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.7_amd64.deb
      Size/MD5 checksum:    39994 63e129299ea15b26a4ade57e96a452b8
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.7_amd64.deb
      Size/MD5 checksum:   176356 5846918c951fac82f23a88619a2cea3d
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.7_amd64.deb
      Size/MD5 checksum:   259488 5df5123b2619575ea5e955550ba71f24

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.7_i386.deb
      Size/MD5 checksum:    65156 1946d6cf8d0af3ebf4ed758f59c19b65
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.7_i386.deb
      Size/MD5 checksum:    40204 c64e261503f707d6c647521feda8b4bf
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.7_i386.deb
      Size/MD5 checksum:  2171518 502a36afbd597e4b0389b4e2621a63ce
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.7_i386.deb
      Size/MD5 checksum:    38016 b4538b96bf9460a87ffc96a7eeae0f22
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.7_i386.deb
      Size/MD5 checksum:   159468 50857534f3bac68c8a1825c622fca79d
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.7_i386.deb
      Size/MD5 checksum:   254174 23d65ce39c60118ad01a5e2f631dcaa7

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.7_ia64.deb
      Size/MD5 checksum:    81718 b61f42422463bc3ffb660ed4aa580fa4
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.7_ia64.deb
      Size/MD5 checksum:    55100 301227c416f24fd8d2ef0ab36c9603ba
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.7_ia64.deb
      Size/MD5 checksum:  2180080 8f4e17639f1c984dd5aea42e938f2f10
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.7_ia64.deb
      Size/MD5 checksum:    49204 a37aeeba10fb089f32ad70c94bfed116
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.7_ia64.deb
      Size/MD5 checksum:   251894 02f094895cd7590fb2b2ce2f91d59dcc
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.7_ia64.deb
      Size/MD5 checksum:   317446 b627015d823405aec3429dc9b7b21e53

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.7_hppa.deb
      Size/MD5 checksum:    68186 63eec7e0e90b6fc8f86c3babc6e82f56
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.7_hppa.deb
      Size/MD5 checksum:    43250 11ba8ecd4a732575461275a7484909f2
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.7_hppa.deb
      Size/MD5 checksum:  2173636 8e7c104c58b497e7a433ade110d2c180
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.7_hppa.deb
      Size/MD5 checksum:    39442 ebac1fc335c9439a50bd8d3e006ad453
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.7_hppa.deb
      Size/MD5 checksum:   202424 3d002ce40e0fc3998ac8a6378e9ca8ce
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.7_hppa.deb
      Size/MD5 checksum:   283226 4a06474427572cdb4e12b1319f75b04d

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.7_m68k.deb
      Size/MD5 checksum:    62464 7027409bec94fabd943ff225bd9223e2
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.7_m68k.deb
      Size/MD5 checksum:    38076 472e2770dbe8604f6cb7911f5eae3476
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.7_m68k.deb
      Size/MD5 checksum:  2170434 4e34f115c603d78ad8bda209e6af637d
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.7_m68k.deb
      Size/MD5 checksum:    35070 a23dd7f83de0edd777ec2273779d1bfa
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.7_m68k.deb
      Size/MD5 checksum:   146176 1a4cea45e3ced312277798317a02f435
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.7_m68k.deb
      Size/MD5 checksum:   250122 c4da2db2305664e34a1d8c63ceab5e42

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.7_mips.deb
      Size/MD5 checksum:    67854 863b035070058be0aba33ed4d3dcf05c
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.7_mips.deb
      Size/MD5 checksum:    43676 cf16ba18ec6c1f781305ecc51d58e09d
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.7_mips.deb
      Size/MD5 checksum:  2172970 117d308e5403c682cfdedfd9adf1794c
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.7_mips.deb
      Size/MD5 checksum:    37674 d4c7280abc505d092eb71bfe3f512a4e
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.7_mips.deb
      Size/MD5 checksum:   195386 d1b4cf396c148c451ab75b0a330bb564
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.7_mips.deb
      Size/MD5 checksum:   257298 1c9e948e084bce86929a3607005e63d8

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.7_mipsel.deb
      Size/MD5 checksum:    67484 9e3d8af7bbe1467e758cc77a4ea8cd01
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.7_mipsel.deb
      Size/MD5 checksum:    43510 93d697215e9097c1b8591b0bc0b5e63c
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.7_mipsel.deb
      Size/MD5 checksum:  2172916 ff2c34e00fbef8ab22cb9d7dba130fca
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.7_mipsel.deb
      Size/MD5 checksum:    37966 c7fed399a7710a8b97735fea92582fb7
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.7_mipsel.deb
      Size/MD5 checksum:   191722 5c1a2761a44b4cd3ef84ffd263de795c
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.7_mipsel.deb
      Size/MD5 checksum:   254890 ac8cccfc09c1514ca3b3b36f17bfdf4f

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.7_powerpc.deb
      Size/MD5 checksum:    69222 23d6780eaef8b389e592bfa56966ad12
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.7_powerpc.deb
      Size/MD5 checksum:    44584 ebfefcf4dae235511c7e7fa894ebca79
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.7_powerpc.deb
      Size/MD5 checksum:  2173550 c83136cb13f45502680a4dddb6ba222c
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.7_powerpc.deb
      Size/MD5 checksum:    38872 cd220dfa23ebb70b61ac58ffa4007189
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.7_powerpc.deb
      Size/MD5 checksum:   187578 a3d58d08dd81372d517cbdf675d60b21
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.7_powerpc.deb
      Size/MD5 checksum:   264616 76f9bd4db6421a3ddc648995c80d8668

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.7_s390.deb
      Size/MD5 checksum:    67780 ce6e06ba73a315849d11493941fb9e81
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.7_s390.deb
      Size/MD5 checksum:    43438 8c9b2489a98ac88e64f8fbda83185fda
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.7_s390.deb
      Size/MD5 checksum:  2172856 cfbff79cb40c7160a87d0c292657d5bb
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.7_s390.deb
      Size/MD5 checksum:    38936 a83437aa3b3d90c521e84af


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Google Removes SSLv3 Fallback Support From Chrome
Hacker Lexicon: What Is End-to-End Encryption?
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.