Linux Security
    Linux Security
    Linux Security

    Debian: ClamAV fix arbitrary code execution DSA-1153-1

    Date 18 Aug 2006
    4811
    Posted By LinuxSecurity Advisories
    Damian Put discovered a heap overflow vulneravility in the UPX unpacker of the ClamAV anti-virus toolkit which could allow remote attackers to execute arbitrary code or cause denial of service.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 1153-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                             Martin Schulze
    August 18th, 2006                       https://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : clamav
    Vulnerability  : buffer overflow
    Problem type   : remote
    Debian-specific: no
    CVE ID         : CVE-2006-4018
    BugTraq ID     : 19381
    
    Damian Put discovered a heap overflow vulneravility in the UPX
    unpacker of the ClamAV anti-virus toolkit which could allow remote
    attackers to execute arbitrary code or cause denial of service.
    
    For the stable distribution (sarge) this problem has been fixed in
    version 0.84-2.sarge.10.
    
    For the stable distribution (sarge) this problem has been fixed in
    version 0.88.4-0volatile1 in the volatile archive.
    
    For the unstable distribution (sid) this problem has been fixed in
    version 0.88.4-2.
    
    We recommend that you upgrade your clamav packages.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given at the end of this advisory:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
    
      Source archives:
    
        https://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.10.dsc
          Size/MD5 checksum:      874 579ac9552dbc0075d4d087042c231804
        https://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.10.diff.gz
          Size/MD5 checksum:   176298 01bb523d1fd48f70a3277e12b965d426
        https://security.debian.org/pool/updates/main/c/clamav/clamav_0.84.orig.tar.gz
          Size/MD5 checksum:  4006624 c43213da01d510faf117daa9a4d5326c
    
      Architecture independent components:
    
        https://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.84-2.sarge.10_all.deb
          Size/MD5 checksum:   154834 aa3600fb1bccc896debdf371c6b94979
        https://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.84-2.sarge.10_all.deb
          Size/MD5 checksum:   694360 6cd87074ba63f69e7cf065af1665839f
        https://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.84-2.sarge.10_all.deb
          Size/MD5 checksum:   123846 317f7c5a1fcba2c7502a7011edf07640
    
      Alpha architecture:
    
        https://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.10_alpha.deb
          Size/MD5 checksum:    74756 ee20948ad40b44d08ea016becd29c59d
        https://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.10_alpha.deb
          Size/MD5 checksum:    48832 1f24a23e371f0c7cec48123dbc62d87f
        https://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.10_alpha.deb
          Size/MD5 checksum:  2176454 f76987654e839526da6d30ef50678fee
        https://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.10_alpha.deb
          Size/MD5 checksum:    42108 ca5ad43ec67d02f425db4cde24ea359c
        https://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.10_alpha.deb
          Size/MD5 checksum:   255698 b0c02ebb16c838039d25c837887e2b20
        https://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.10_alpha.deb
          Size/MD5 checksum:   285520 b7e6deae0b3f715ce64bd450fa1bed55
    
      AMD64 architecture:
    
        https://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.10_amd64.deb
          Size/MD5 checksum:    68854 eeca1c599d8423fedbd7458c2823e675
        https://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.10_amd64.deb
          Size/MD5 checksum:    44190 a9ffbdbf3145ed7ee1b09f754f6f1cba
        https://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.10_amd64.deb
          Size/MD5 checksum:  2173266 b2bbfd444309513e0fbb0ffae9f7ca6f
        https://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.10_amd64.deb
          Size/MD5 checksum:    39992 c69a8afe5eb511d6d8fda40f4430acc4
        https://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.10_amd64.deb
          Size/MD5 checksum:   176430 114e0b901947b5c05e14863372b20371
        https://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.10_amd64.deb
          Size/MD5 checksum:   259648 34f48f60ab045c94bccdb2ef545c58bf
    
      ARM architecture:
    
        https://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.10_arm.deb
          Size/MD5 checksum:    63940 0149c2854989385bc91dd7f3857c22de
        https://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.10_arm.deb
          Size/MD5 checksum:    39602 3069d8dbd7134cdbe2aafbee73f394eb
        https://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.10_arm.deb
          Size/MD5 checksum:  2171302 36abc779119678735260f262abd46b14
        https://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.10_arm.deb
          Size/MD5 checksum:    37320 1a2b2bf609209bf679f1dc0595c014f5
        https://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.10_arm.deb
          Size/MD5 checksum:   174866 dd1d6ecdae9b72d4370269553de7822c
        https://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.10_arm.deb
          Size/MD5 checksum:   249684 ea978f5d747b263abbab696f3ee43d84
    
      Intel IA-32 architecture:
    
        https://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.10_i386.deb
          Size/MD5 checksum:    65192 65526868baf4727a43f50c3fc9d5bfaf
        https://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.10_i386.deb
          Size/MD5 checksum:    40314 3dcbd76b10f316cb966c9d0481c86d95
        https://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.10_i386.deb
          Size/MD5 checksum:  2171614 56f381689bb923aff94ea1c089c972e6
        https://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.10_i386.deb
          Size/MD5 checksum:    38036 0ba3584e974098cacb54356f01ba5b81
        https://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.10_i386.deb
          Size/MD5 checksum:   159624 f1df89303a47b8feadb0cc34a3af524e
        https://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.10_i386.deb
          Size/MD5 checksum:   254320 fa8338410aacfed8a7699cb2e89f2f24
    
      Intel IA-64 architecture:
    
        https://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.10_ia64.deb
          Size/MD5 checksum:    81812 24394b30b3d05645157d681e31e4a334
        https://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.10_ia64.deb
          Size/MD5 checksum:    55236 0547745bea0ea7c00874cb28bb8c6076
        https://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.10_ia64.deb
          Size/MD5 checksum:  2180240 bb88c2a0b8d3954e4c8c0bb2eb254626
        https://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.10_ia64.deb
          Size/MD5 checksum:    49200 e89b9424d435e4b54b5541310df54d18
        https://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.10_ia64.deb
          Size/MD5 checksum:   252048 307a1171d4d24ec18b405300c8abc8c3
        https://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.10_ia64.deb
          Size/MD5 checksum:   317632 f26a3c8aa9686fe1325f19ceb21ae876
    
      HP Precision architecture:
    
        https://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.10_hppa.deb
          Size/MD5 checksum:    68266 53f9a7dc51264112fa03824a6f159a55
        https://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.10_hppa.deb
          Size/MD5 checksum:    43282 2cd52c92c09be751c18871aa1779e412
        https://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.10_hppa.deb
          Size/MD5 checksum:  2173738 3b5b881e2c5a9e68ea3ef9181acb8f00
        https://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.10_hppa.deb
          Size/MD5 checksum:    39448 452a3eca157ec974030633ecd149f1d7
        https://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.10_hppa.deb
          Size/MD5 checksum:   202646 f11e31f03249e881007664e1fe68e575
        https://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.10_hppa.deb
          Size/MD5 checksum:   283402 84b6b57ffe3d653db556102896b32d73
    
      Motorola 680x0 architecture:
    
        https://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.10_m68k.deb
          Size/MD5 checksum:    62518 cc621b1387c92be1ac653e05f3ca5971
        https://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.10_m68k.deb
          Size/MD5 checksum:    38206 36154fc4bd779e3ab9ac3eb51ea0f833
        https://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.10_m68k.deb
          Size/MD5 checksum:  2170522 8b576066f0b981f9e55b4400f6ecbe69
        https://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.10_m68k.deb
          Size/MD5 checksum:    35060 61a22458f305bd2c28834c62cdaa9e9a
        https://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.10_m68k.deb
          Size/MD5 checksum:   146266 0fbd30a2c656ef6ec0d75c010aedb5a4
        https://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.10_m68k.deb
          Size/MD5 checksum:   250410 8b804dadd0fc35420d477228d254d543
    
      Big endian MIPS architecture:
    
        https://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.10_mips.deb
          Size/MD5 checksum:    67948 5c5216d18d7d584a5f0859f0094aa417
        https://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.10_mips.deb
          Size/MD5 checksum:    43792 512afdde1b2da6791bd463de827449f4
        https://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.10_mips.deb
          Size/MD5 checksum:  2173022 48dae648fe0713d6afc79127838d5271
        https://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.10_mips.deb
          Size/MD5 checksum:    37672 e34c78057e3f92367bd8591364550e3c
        https://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.10_mips.deb
          Size/MD5 checksum:   195464 1fb3cda50e0d5c2db77ae4fb985516e7
        https://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.10_mips.deb
          Size/MD5 checksum:   257498 0262d853aa80aa7a58d19a2eca3b44e8
    
      Little endian MIPS architecture:
    
        https://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.10_mipsel.deb
          Size/MD5 checksum:    67554 4185522ad02b337b9da6663cbd1024ac
        https://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.10_mipsel.deb
          Size/MD5 checksum:    43592 fb26021b07612a92028d8830f6ff3804
        https://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.10_mipsel.deb
          Size/MD5 checksum:  2173004 9193ea804f2b7c19548417165178ca05
        https://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.10_mipsel.deb
          Size/MD5 checksum:    37960 2030dcaed3d04a2d7a918940e310d280
        https://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.10_mipsel.deb
          Size/MD5 checksum:   191886 2b3158916a4251c4d5a5381ebb49c838
        https://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.10_mipsel.deb
          Size/MD5 checksum:   255096 3bf9a5cee57791754a88bbb96a2c6fc0
    
      PowerPC architecture:
    
        https://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.10_powerpc.deb
          Size/MD5 checksum:    69290 63e95304cf75bbc09fdcdc74b5065e81
        https://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.10_powerpc.deb
          Size/MD5 checksum:    44666 000b1226fe5f62d5dab412f302ee2624
        https://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.10_powerpc.deb
          Size/MD5 checksum:  2173672 d72f0dbd55ddf72f68b7455b39318593
        https://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.10_powerpc.deb
          Size/MD5 checksum:    38866 3cbd90828e563181db163c8f2be59dbf
        https://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.10_powerpc.deb
          Size/MD5 checksum:   187672 529b30228ccd9858381953ef29a1a799
        https://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.10_powerpc.deb
          Size/MD5 checksum:   264866 3b4f8f04c88d0ae27db4c37d43adb7b8
    
      IBM S/390 architecture:
    
        https://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.10_s390.deb
          Size/MD5 checksum:    67900 6025940acf3fd7317140990d3b767598
        https://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.10_s390.deb
          Size/MD5 checksum:    43556 9121cc8c74337e8fc8df83b6f4d317aa
        https://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.10_s390.deb
          Size/MD5 checksum:  2172970 b76417d453c968451ca19abff7f3b1cf
        https://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.10_s390.deb
          Size/MD5 checksum:    38934 c6ba23cdab5a45fd0ed314ac85537ad6
        https://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.10_s390.deb
          Size/MD5 checksum:   182620 0d27f0ef5d3e2e530486ec2391f1ee0d
        https://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.10_s390.deb
          Size/MD5 checksum:   269456 272e24025e52efd9c7b1f41c3f92765e
    
      Sun Sparc architecture:
    
        https://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.10_sparc.deb
          Size/MD5 checksum:    64430 6a3177a86caaf0b5a1a9709c85e56749
        https://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.10_sparc.deb
          Size/MD5 checksum:    39468 81982545aa069ecface4252e0892f57e
        https://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.10_sparc.deb
          Size/MD5 checksum:  2171174 a7f6fb7b6e0948a598d7a85c12c5f1d5
        https://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.10_sparc.deb
          Size/MD5 checksum:    36856 37da7d38dfbeebdcb933892eb7826cab
        https://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.10_sparc.deb
          Size/MD5 checksum:   175820 3af502c16ea8a016050d84a24bc9278f
        https://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.10_sparc.deb
          Size/MD5 checksum:   264768 d9b5237456cfe44294020c771982b8c3
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb https://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    

    Advisories

    LinuxSecurity Poll

    I agree with Linus Torvalds - Apple's new M1-powered laptops should run on Linux.

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/45-i-agree-with-linus-torvalds-apple-s-new-m1-powered-laptops-should-run-on-linux?task=poll.vote&format=json
    45
    radio
    [{"id":"158","title":"True","votes":"18","type":"x","order":"1","pct":3.51,"resources":[]},{"id":"159","title":"False","votes":"495","type":"x","order":"2","pct":96.49,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.