LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 21st, 2014
Linux Security Week: April 7th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Debian: New clamav packages fix several vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Debian Several remote vulnerabilities have been discovered in the Clam anti-virus toolkit. It was discovered that the RTF and RFC2397 parsers can be tricked into dereferencing a NULL pointer, resulting in denial of service.
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1366-1                    security@debian.org
http://www.debian.org/security/                         Moritz Muehlenhoff
September 1st, 2007                     http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : clamav
Vulnerability  : several
Problem-Type   : remote
Debian-specific: no
CVE ID         : CVE-2007-4510 CVE-2007-4560

Several remote vulnerabilities have been discovered in the Clam anti-virus
toolkit. The Common Vulnerabilities and Exposures project identifies the
following problems:

CVE-2007-4510

    It was discovered that the RTF and RFC2397 parsers can be tricked
    into dereferencing a NULL pointer, resulting in denial of service.

CVE-2007-4560

    It was discovered clamav-milter performs insufficicient input
    sanitising, resulting in the execution of arbitrary shell commands.

The oldstable distribution (sarge) is only affected by a subset of 
the problems. An update will be provided later.

For the stable distribution (etch) these problems have been fixed
in version 0.90.1-3etch7.

For the unstable distribution (sid) these problems have been fixed in
version 0.91.2-1.

We recommend that you upgrade your clamav packages. 

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7.dsc
      Size/MD5 checksum:      886 76508137da0c93a144d130323f7eca87
    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7.diff.gz
      Size/MD5 checksum:   203232 127d4844eb36f41a52c67d461d554c09
    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1.orig.tar.gz
      Size/MD5 checksum: 11643310 cd11c05b5476262eaea4fa3bd7dc25bf

  Architecture independent components:

    http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.90.1-3etch7_all.deb
      Size/MD5 checksum:   201648 4f87137fc2d9dc12ae774ed149c11080
    http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.90.1-3etch7_all.deb
      Size/MD5 checksum:  1003456 a2aacc240716f6da56c9cda24e288af1
    http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.90.1-3etch7_all.deb
      Size/MD5 checksum:   157834 820e470f5c428c599fc174e0fcadc7ee

  Alpha architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_alpha.deb
      Size/MD5 checksum:   863492 e4bb31adae25ba8270c3a7693a5ac203
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_alpha.deb
      Size/MD5 checksum:   184710 65a6b05e5f59a1373b27524267f81f61
    http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_alpha.deb
      Size/MD5 checksum:   644772 fc182ead4b1858dd9e295a1e774f13c7
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_alpha.deb
      Size/MD5 checksum:  9303850 fccfb44066fd7028855dd92ac61918ca
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_alpha.deb
      Size/MD5 checksum:   180304 d34adfc21674bfd5f804f4c721aff9d5
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_alpha.deb
      Size/MD5 checksum:   511144 223b48dbd9cb9a4003a67dbba4bf265e
    http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_alpha.deb
      Size/MD5 checksum:   406406 6bca766fb1a86d0a58793f7f9603dd85

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_amd64.deb
      Size/MD5 checksum:   856522 cae033c2c4d2245ed0c3742982f9bb67
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_amd64.deb
      Size/MD5 checksum:   178452 cf29bd7447cfc3163974b60cc29955a1
    http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_amd64.deb
      Size/MD5 checksum:   638384 11df3244f048ed156ef97d99ddf13ee2
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_amd64.deb
      Size/MD5 checksum:  9301956 ee98e922039c3ae2e58e00fa46f3682f
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_amd64.deb
      Size/MD5 checksum:   177470 a2fc25aecce75dfd7b506bfd852110cd
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_amd64.deb
      Size/MD5 checksum:   386568 6a1f79b33c45bbf7f63361c5bc3e5301
    http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_amd64.deb
      Size/MD5 checksum:   367274 a313b9e7a274000923f2a4c508ce630d

  ARM architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_arm.deb
      Size/MD5 checksum:   852934 030a5f8950c9917033dd4a73e500d177
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_arm.deb
      Size/MD5 checksum:   171200 c37973b52dbee496410dc338826c89c3
    http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_arm.deb
      Size/MD5 checksum:   598014 2e698cb351c2a6821e4cc4a4c4f39d48
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_arm.deb
      Size/MD5 checksum:  9299226 06ca0c49348eb0deeddac6e1b4d87378
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_arm.deb
      Size/MD5 checksum:   175344 b38253709f390f65a27363f0d41e14c7
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_arm.deb
      Size/MD5 checksum:   366618 f555885ad50c5a205bfe52bc5c05bf32
    http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_arm.deb
      Size/MD5 checksum:   363474 47905b28d3fa482eb2ba05c08de1f395

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_hppa.deb
      Size/MD5 checksum:   857242 7d921dd3dc4d8dc97c8289e6ed2dc56c
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_hppa.deb
      Size/MD5 checksum:   178162 f0e8edeadf8a35002982a166b84f5bd8
    http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_hppa.deb
      Size/MD5 checksum:   618354 dd56899c90c0826a029ad632fe3d784e
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_hppa.deb
      Size/MD5 checksum:  9303278 352b5455ef66f4faebf1622bba6d6abb
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_hppa.deb
      Size/MD5 checksum:   177404 1d571b923902dfeadab4c4d79485ca24
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_hppa.deb
      Size/MD5 checksum:   432894 5700bd90730816ae355bb969a3a0d726
    http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_hppa.deb
      Size/MD5 checksum:   405100 8e2345c87a460779a4588a51b5d3d4fa

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_i386.deb
      Size/MD5 checksum:   853954 9cb2105c0b125d06b6cd55c3afc034df
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_i386.deb
      Size/MD5 checksum:   174810 26e058c602e245cdd93b617a6433f3eb
    http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_i386.deb
      Size/MD5 checksum:   604246 9229e00e4fd2f479c4991579527dda05
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_i386.deb
      Size/MD5 checksum:  9300180 2ea193af166b258bafc507ee39fe5ed5
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_i386.deb
      Size/MD5 checksum:   175306 a9249b84ddf8381fddaefdad2d838a7e
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_i386.deb
      Size/MD5 checksum:   367860 d88bcc54abe004b0cac9dace8b1a97cb
    http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_i386.deb
      Size/MD5 checksum:   365930 25dfe3b0f5db7fd318f508f981447c5b

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_ia64.deb
      Size/MD5 checksum:   878502 6819ecbe6de1e78d7a794bd57be5242c
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_ia64.deb
      Size/MD5 checksum:   201696 b6aad73bb42bc06ebe2c7e7cf6638e8e
    http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_ia64.deb
      Size/MD5 checksum:   657016 a8700ddde5a27b6e5543c26b94ebaccb
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_ia64.deb
      Size/MD5 checksum:  9315332 5e70f38d3e2c545c2a3a0e886a9d31bf
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_ia64.deb
      Size/MD5 checksum:   191962 096679339d39f00c721efb8b443a4eaa
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_ia64.deb
      Size/MD5 checksum:   521666 d782256097bd91daac7c281bc5b9c04a
    http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_ia64.deb
      Size/MD5 checksum:   475118 9672c4a0370689ab46e98bbe4b5abdae

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_mips.deb
      Size/MD5 checksum:   854704 4c88a5d9a1dba0a9b1bff65a873b3088
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_mips.deb
      Size/MD5 checksum:   179932 6eddaad912a230c6b5e8d7b66503a99d
    http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_mips.deb
      Size/MD5 checksum:   647356 783a1e4fed71df9f0556616b54cb3a93
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_mips.deb
      Size/MD5 checksum:  9301594 fc06728c15469aace7857a24f5fc53ee
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_mips.deb
      Size/MD5 checksum:   175694 1389bf57964bee7e61a49fe148dfd06c
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_mips.deb
      Size/MD5 checksum:   435530 6ff83829f607222759f9bc74add7b77e
    http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_mips.deb
      Size/MD5 checksum:   372356 569d451c407c05823032836b2b44d89c

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_mipsel.deb
      Size/MD5 checksum:   854664 4d78fb80f34622cfabd610d707b74ed3
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_mipsel.deb
      Size/MD5 checksum:   180046 e2a0871e9171da32be01adf62ad1d128
    http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_mipsel.deb
      Size/MD5 checksum:   636224 2476d9168a9dc29ec7c466f87a234dbc
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_mipsel.deb
      Size/MD5 checksum:  9301726 91fbb41f97a05431b3a192b7fb1be1ab
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_mipsel.deb
      Size/MD5 checksum:   175936 bca774cbae1f58760b3e865189615238
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_mipsel.deb
      Size/MD5 checksum:   426980 282f62187b9cd468416f8fd614d4067c
    http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_mipsel.deb
      Size/MD5 checksum:   365596 6a7c6a9c3f466ec1af406bc5c58d8322

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_powerpc.deb
      Size/MD5 checksum:   857324 71e8777c0bd9373b31bafc1aa00c8be0
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_powerpc.deb
      Size/MD5 checksum:   181870 76e72290201ed98010991f3639c6a87e
    http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_powerpc.deb
      Size/MD5 checksum:   637432 d3d0cf8a8288a340ade551737721ddcf
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_powerpc.deb
      Size/MD5 checksum:  9302318 7574fcc75525c788c93ff3b28b214458
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_powerpc.deb
      Size/MD5 checksum:   176394 9f861a15da4a7d3d460948dce1e97037
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_powerpc.deb
      Size/MD5 checksum:   405822 f84a324e6d6101046dce37495a5fc1db
    http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_powerpc.deb
      Size/MD5 checksum:   378474 ec5ab7ea0b45d507ad5ffd0bdd91921b

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_s390.deb
      Size/MD5 checksum:   855284 451dd987867f18df691343826ae2f11f
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_s390.deb
      Size/MD5 checksum:   176424 46cc5eddcc876479e988b9e10e879f8c
    http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_s390.deb
      Size/MD5 checksum:   628526 2c75c9e4150a0b8eb0c6446e5d112735
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_s390.deb
      Size/MD5 checksum:  9300942 04eb856a3a44098ea1e483921e272c46
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_s390.deb
      Size/MD5 checksum:   177166 52c5cba6197a33b62c912bfddde59782
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_s390.deb
      Size/MD5 checksum:   401818 b8f39319d247f3aa8077c5cfd308185c
    http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_s390.deb
      Size/MD5 checksum:   391486 24119acc8394847bbde1a957449b0f15

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_sparc.deb
      Size/MD5 checksum:   851414 6da36840b5725d962426971f01e2419c
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_sparc.deb
      Size/MD5 checksum:   172124 0ad57992d8e2538850137a3b9580dfc0
    http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_sparc.deb
      Size/MD5 checksum:   584052 69fd3f5d67b2a54b1735414184f6a92c
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_sparc.deb
      Size/MD5 checksum:  9298816 2c3e7b1aa338c7fb3d04ce3807ec28bd
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_sparc.deb
      Size/MD5 checksum:   174044 16c23d0e5057d3d852e21ad226601ec2
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_sparc.deb
      Size/MD5 checksum:   389466 45e786e946ddde5fc22c9532a7169f5e
    http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_sparc.deb
      Size/MD5 checksum:   377484 58b6b3b0d422300d241f406f9985cfa9

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Fixing OpenSSL's Heartbleed flaw will take MONTHS, warns Secunia
Even the most secure cloud storage may not be so secure, study finds
Targeted Attack Uses Heartbleed to Hijack VPN Sessions
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.