Debian: ClamAV fix arbitrary code execution DSA-1153-1

    Date 18 Aug 2006
    Posted By LinuxSecurity Advisories
    Damian Put discovered a heap overflow vulneravility in the UPX unpacker of the ClamAV anti-virus toolkit which could allow remote attackers to execute arbitrary code or cause denial of service.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 1153-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.                             Martin Schulze
    August 18th, 2006             
    - --------------------------------------------------------------------------
    Package        : clamav
    Vulnerability  : buffer overflow
    Problem type   : remote
    Debian-specific: no
    CVE ID         : CVE-2006-4018
    BugTraq ID     : 19381
    Damian Put discovered a heap overflow vulneravility in the UPX
    unpacker of the ClamAV anti-virus toolkit which could allow remote
    attackers to execute arbitrary code or cause denial of service.
    For the stable distribution (sarge) this problem has been fixed in
    version 0.84-2.sarge.10.
    For the stable distribution (sarge) this problem has been fixed in
    version 0.88.4-0volatile1 in the volatile archive.
    For the unstable distribution (sid) this problem has been fixed in
    version 0.88.4-2.
    We recommend that you upgrade your clamav packages.
    Upgrade Instructions
    - --------------------
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given at the end of this advisory:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
      Source archives:
          Size/MD5 checksum:      874 579ac9552dbc0075d4d087042c231804
          Size/MD5 checksum:   176298 01bb523d1fd48f70a3277e12b965d426
          Size/MD5 checksum:  4006624 c43213da01d510faf117daa9a4d5326c
      Architecture independent components:
          Size/MD5 checksum:   154834 aa3600fb1bccc896debdf371c6b94979
          Size/MD5 checksum:   694360 6cd87074ba63f69e7cf065af1665839f
          Size/MD5 checksum:   123846 317f7c5a1fcba2c7502a7011edf07640
      Alpha architecture:
          Size/MD5 checksum:    74756 ee20948ad40b44d08ea016becd29c59d
          Size/MD5 checksum:    48832 1f24a23e371f0c7cec48123dbc62d87f
          Size/MD5 checksum:  2176454 f76987654e839526da6d30ef50678fee
          Size/MD5 checksum:    42108 ca5ad43ec67d02f425db4cde24ea359c
          Size/MD5 checksum:   255698 b0c02ebb16c838039d25c837887e2b20
          Size/MD5 checksum:   285520 b7e6deae0b3f715ce64bd450fa1bed55
      AMD64 architecture:
          Size/MD5 checksum:    68854 eeca1c599d8423fedbd7458c2823e675
          Size/MD5 checksum:    44190 a9ffbdbf3145ed7ee1b09f754f6f1cba
          Size/MD5 checksum:  2173266 b2bbfd444309513e0fbb0ffae9f7ca6f
          Size/MD5 checksum:    39992 c69a8afe5eb511d6d8fda40f4430acc4
          Size/MD5 checksum:   176430 114e0b901947b5c05e14863372b20371
          Size/MD5 checksum:   259648 34f48f60ab045c94bccdb2ef545c58bf
      ARM architecture:
          Size/MD5 checksum:    63940 0149c2854989385bc91dd7f3857c22de
          Size/MD5 checksum:    39602 3069d8dbd7134cdbe2aafbee73f394eb
          Size/MD5 checksum:  2171302 36abc779119678735260f262abd46b14
          Size/MD5 checksum:    37320 1a2b2bf609209bf679f1dc0595c014f5
          Size/MD5 checksum:   174866 dd1d6ecdae9b72d4370269553de7822c
          Size/MD5 checksum:   249684 ea978f5d747b263abbab696f3ee43d84
      Intel IA-32 architecture:
          Size/MD5 checksum:    65192 65526868baf4727a43f50c3fc9d5bfaf
          Size/MD5 checksum:    40314 3dcbd76b10f316cb966c9d0481c86d95
          Size/MD5 checksum:  2171614 56f381689bb923aff94ea1c089c972e6
          Size/MD5 checksum:    38036 0ba3584e974098cacb54356f01ba5b81
          Size/MD5 checksum:   159624 f1df89303a47b8feadb0cc34a3af524e
          Size/MD5 checksum:   254320 fa8338410aacfed8a7699cb2e89f2f24
      Intel IA-64 architecture:
          Size/MD5 checksum:    81812 24394b30b3d05645157d681e31e4a334
          Size/MD5 checksum:    55236 0547745bea0ea7c00874cb28bb8c6076
          Size/MD5 checksum:  2180240 bb88c2a0b8d3954e4c8c0bb2eb254626
          Size/MD5 checksum:    49200 e89b9424d435e4b54b5541310df54d18
          Size/MD5 checksum:   252048 307a1171d4d24ec18b405300c8abc8c3
          Size/MD5 checksum:   317632 f26a3c8aa9686fe1325f19ceb21ae876
      HP Precision architecture:
          Size/MD5 checksum:    68266 53f9a7dc51264112fa03824a6f159a55
          Size/MD5 checksum:    43282 2cd52c92c09be751c18871aa1779e412
          Size/MD5 checksum:  2173738 3b5b881e2c5a9e68ea3ef9181acb8f00
          Size/MD5 checksum:    39448 452a3eca157ec974030633ecd149f1d7
          Size/MD5 checksum:   202646 f11e31f03249e881007664e1fe68e575
          Size/MD5 checksum:   283402 84b6b57ffe3d653db556102896b32d73
      Motorola 680x0 architecture:
          Size/MD5 checksum:    62518 cc621b1387c92be1ac653e05f3ca5971
          Size/MD5 checksum:    38206 36154fc4bd779e3ab9ac3eb51ea0f833
          Size/MD5 checksum:  2170522 8b576066f0b981f9e55b4400f6ecbe69
          Size/MD5 checksum:    35060 61a22458f305bd2c28834c62cdaa9e9a
          Size/MD5 checksum:   146266 0fbd30a2c656ef6ec0d75c010aedb5a4
          Size/MD5 checksum:   250410 8b804dadd0fc35420d477228d254d543
      Big endian MIPS architecture:
          Size/MD5 checksum:    67948 5c5216d18d7d584a5f0859f0094aa417
          Size/MD5 checksum:    43792 512afdde1b2da6791bd463de827449f4
          Size/MD5 checksum:  2173022 48dae648fe0713d6afc79127838d5271
          Size/MD5 checksum:    37672 e34c78057e3f92367bd8591364550e3c
          Size/MD5 checksum:   195464 1fb3cda50e0d5c2db77ae4fb985516e7
          Size/MD5 checksum:   257498 0262d853aa80aa7a58d19a2eca3b44e8
      Little endian MIPS architecture:
          Size/MD5 checksum:    67554 4185522ad02b337b9da6663cbd1024ac
          Size/MD5 checksum:    43592 fb26021b07612a92028d8830f6ff3804
          Size/MD5 checksum:  2173004 9193ea804f2b7c19548417165178ca05
          Size/MD5 checksum:    37960 2030dcaed3d04a2d7a918940e310d280
          Size/MD5 checksum:   191886 2b3158916a4251c4d5a5381ebb49c838
          Size/MD5 checksum:   255096 3bf9a5cee57791754a88bbb96a2c6fc0
      PowerPC architecture:
          Size/MD5 checksum:    69290 63e95304cf75bbc09fdcdc74b5065e81
          Size/MD5 checksum:    44666 000b1226fe5f62d5dab412f302ee2624
          Size/MD5 checksum:  2173672 d72f0dbd55ddf72f68b7455b39318593
          Size/MD5 checksum:    38866 3cbd90828e563181db163c8f2be59dbf
          Size/MD5 checksum:   187672 529b30228ccd9858381953ef29a1a799
          Size/MD5 checksum:   264866 3b4f8f04c88d0ae27db4c37d43adb7b8
      IBM S/390 architecture:
          Size/MD5 checksum:    67900 6025940acf3fd7317140990d3b767598
          Size/MD5 checksum:    43556 9121cc8c74337e8fc8df83b6f4d317aa
          Size/MD5 checksum:  2172970 b76417d453c968451ca19abff7f3b1cf
          Size/MD5 checksum:    38934 c6ba23cdab5a45fd0ed314ac85537ad6
          Size/MD5 checksum:   182620 0d27f0ef5d3e2e530486ec2391f1ee0d
          Size/MD5 checksum:   269456 272e24025e52efd9c7b1f41c3f92765e
      Sun Sparc architecture:
          Size/MD5 checksum:    64430 6a3177a86caaf0b5a1a9709c85e56749
          Size/MD5 checksum:    39468 81982545aa069ecface4252e0892f57e
          Size/MD5 checksum:  2171174 a7f6fb7b6e0948a598d7a85c12c5f1d5
          Size/MD5 checksum:    36856 37da7d38dfbeebdcb933892eb7826cab
          Size/MD5 checksum:   175820 3af502c16ea8a016050d84a24bc9278f
          Size/MD5 checksum:   264768 d9b5237456cfe44294020c771982b8c3
      These files will probably be moved into the stable distribution on
      its next update.
    - ---------------------------------------------------------------------------------
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.

    LinuxSecurity Poll

    Are you considering making the switch to Purism's new Librem 14 Linux laptop to improve your security and privacy online?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"109","title":"Yes - the hardware kill switches and default ad blocking\/tracking protection sold me on it.","votes":"2","type":"x","order":"1","pct":40,"resources":[]},{"id":"110","title":"Not sure yet - I need to do more research.","votes":"2","type":"x","order":"2","pct":40,"resources":[]},{"id":"111","title":"No - I'm satisfied with my current laptop and have no security\/privacy concerns.","votes":"1","type":"x","order":"3","pct":20,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200


    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.