Linux Security
    Linux Security
    Linux Security

    Debian: ClamAV fix denial of service DSA-824-1

    Date 29 Sep 2005
    6657
    Posted By LinuxSecurity Advisories
    Updated package.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 824-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                             Martin Schulze
    September 29th, 2005                    https://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : clamav
    Vulnerability  : infinite loop, buffer overflow
    Problem type   : remote
    Debian-specific: no
    CVE ID         : CAN-2005-2919 CAN-2005-2920
    Debian Bug     : 328660
    
    Two vulnerabilities have been discovered in Clam AntiVirus, the
    antivirus scanner for Unix, designed for integration with mail servers
    to perform attachment scanning.  The following problems were
    identified:
    
    CAN-2005-2919
    
        A potentially infinite loop could lead to a denial of service.
    
    CAN-2005-2920
    
        A buffer overflow could lead to a denial of service.
    
    The old stable distribution (woody) does not contain ClamAV packages.
    
    For the stable distribution (sarge) these problems have been fixed in
    version 0.84-2.sarge.4.
    
    For the unstable distribution (sid) these problems have been fixed in
    version 0.87-1.
    
    We recommend that you upgrade your clamav package.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
    
      Source archives:
    
        https://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4.dsc
          Size/MD5 checksum:      872 1a1aaa3318ae10c6806f582588e307bb
        https://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4.diff.gz
          Size/MD5 checksum:   175215 e44e7c828b916a87c94985cf8eae3d13
        https://security.debian.org/pool/updates/main/c/clamav/clamav_0.84.orig.tar.gz
          Size/MD5 checksum:  4006624 c43213da01d510faf117daa9a4d5326c
    
      Architecture independent components:
    
        https://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.84-2.sarge.4_all.deb
          Size/MD5 checksum:   154302 764277db36650876f13658e2e5f0751b
        https://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.84-2.sarge.4_all.deb
          Size/MD5 checksum:   689924 e5aba73a0a6f949f7ddf2e6efa6b0aeb
        https://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.84-2.sarge.4_all.deb
          Size/MD5 checksum:   123298 5792bbcedba7c7b19b118976c23d7dff
    
      Alpha architecture:
    
        https://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_alpha.deb
          Size/MD5 checksum:    74672 e6725d68591dd710cce840b8020647c9
        https://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_alpha.deb
          Size/MD5 checksum:    48792 ab341735b610360d211d93aae21f8c04
        https://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_alpha.deb
          Size/MD5 checksum:  2176364 57135c04ea09bb8571e1fcb31db492e0
        https://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_alpha.deb
          Size/MD5 checksum:    42112 d9881a7457c16df6c279e3de6715a8c1
        https://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_alpha.deb
          Size/MD5 checksum:   254516 d8dff4ba494bb9dcfa1a2be51c0b3a8c
        https://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_alpha.deb
          Size/MD5 checksum:   283868 4cf4e2c9a673c679af6d53cd19fd86e2
    
      AMD64 architecture:
    
        https://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_amd64.deb
          Size/MD5 checksum:    68858 e1cf55557564afe9eb85b8028ed95576
        https://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_amd64.deb
          Size/MD5 checksum:    44188 f043d16b9b1fa8755fb27b97b24bfa6c
        https://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_amd64.deb
          Size/MD5 checksum:  2173194 9c1766d7351dea3e1c6529b77c03e3e4
        https://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_amd64.deb
          Size/MD5 checksum:    40006 2407a0b2ca24d6bf745c2bd9c509a7e8
        https://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_amd64.deb
          Size/MD5 checksum:   175354 2fb4df2228763488f9fbb5b6ae52d38e
        https://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_amd64.deb
          Size/MD5 checksum:   257910 ce9eef9c38187a70582528ef6a99f9e6
    
      ARM architecture:
    
        https://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_arm.deb
          Size/MD5 checksum:    63824 d6cb239e323084cfc6b5a30f36a52c01
        https://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_arm.deb
          Size/MD5 checksum:    39520 76997f2c09141dfc517570f0c0f77598
        https://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_arm.deb
          Size/MD5 checksum:  2171212 6b64588c64a58e275b226a8289cbffd3
        https://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_arm.deb
          Size/MD5 checksum:    37304 8f29746edb67c02477b662b473ac4234
        https://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_arm.deb
          Size/MD5 checksum:   173526 02a315f3ad72931252a2fcfaf7682561
        https://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_arm.deb
          Size/MD5 checksum:   248328 7de5f21da6ebd76b9e6bce64b1935df9
    
      Intel IA-32 architecture:
    
        https://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_i386.deb
          Size/MD5 checksum:    65124 f53eadb97b80d0b2f7c8a8f6d15c7fcc
        https://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_i386.deb
          Size/MD5 checksum:    40194 11affc953259da108bb6ac9015703c9a
        https://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_i386.deb
          Size/MD5 checksum:  2171518 136c46a06385fbb5e8d896d642bc0f05
        https://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_i386.deb
          Size/MD5 checksum:    38030 ef402381cb175820ea4b0c01d2974b54
        https://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_i386.deb
          Size/MD5 checksum:   158546 89741c1bf059281f1ca2aa0dd7f40861
        https://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_i386.deb
          Size/MD5 checksum:   252594 60e13cb2197362fbda1d8d122b841cfe
    
      Intel IA-64 architecture:
    
        https://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_ia64.deb
          Size/MD5 checksum:    81706 8267ad55e4b5b58bf80911973a635e02
        https://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_ia64.deb
          Size/MD5 checksum:    55102 f90bc4bac2fed23429feecdbe92fb850
        https://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_ia64.deb
          Size/MD5 checksum:  2180084 0200268cac161cc694f2eb87e050521a
        https://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_ia64.deb
          Size/MD5 checksum:    49208 f143c1c98036aa4d404c8c9c9b533e33
        https://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_ia64.deb
          Size/MD5 checksum:   250412 12a7b80cc296d1825ff40c297f7b2592
        https://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_ia64.deb
          Size/MD5 checksum:   315812 a8e46a8c22ab740d51b80da4edcbde8d
    
      HP Precision architecture:
    
        https://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_hppa.deb
          Size/MD5 checksum:    68182 9b08058ca6bdfc769a091c7c89a7ce64
        https://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_hppa.deb
          Size/MD5 checksum:    43234 4ebf553bf0a02e8179260d04c7dd7238
        https://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_hppa.deb
          Size/MD5 checksum:  2173616 d8d57d8b12fddd5c9ea61b5affdfb34e
        https://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_hppa.deb
          Size/MD5 checksum:    39450 adffa3c170aea391e410e997f57cf535
        https://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_hppa.deb
          Size/MD5 checksum:   201266 29b0927ba2b89df397423e6e520cfa1f
        https://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_hppa.deb
          Size/MD5 checksum:   281814 4916e2bb671314195cf51e50c375101d
    
      Motorola 680x0 architecture:
    
        https://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_m68k.deb
          Size/MD5 checksum:    62456 f83ffc5a1b29336b95d29480976f3229
        https://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_m68k.deb
          Size/MD5 checksum:    38072 237a81f8ae94f568a7ab288b01d7294b
        https://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_m68k.deb
          Size/MD5 checksum:  2170454 38f3c19b1d3600361a3eff93b2c08924
        https://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_m68k.deb
          Size/MD5 checksum:    35068 d54fa55db1fe03921ce0e080946a3006
        https://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_m68k.deb
          Size/MD5 checksum:   145372 27ff086da84d8b2b7e1a7b5e0ec6faad
        https://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_m68k.deb
          Size/MD5 checksum:   249018 8ec76ffcdd22dc2216b29c0a5b0967b2
    
      Big endian MIPS architecture:
    
        https://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_mips.deb
          Size/MD5 checksum:    67858 ff8ac22975ec3987744b41635334032a
        https://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_mips.deb
          Size/MD5 checksum:    43674 3672906fe3fde3bc7a94ad54c47d07d4
        https://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_mips.deb
          Size/MD5 checksum:  2172970 a8580f8e196acba4d9d625c4cc423338
        https://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_mips.deb
          Size/MD5 checksum:    37670 ccdc395e404f330c20598d5b02ddaf49
        https://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_mips.deb
          Size/MD5 checksum:   194320 bb910353a34fea0942afab88a31d7dea
        https://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_mips.deb
          Size/MD5 checksum:   256088 7ec97820fa2470e7b58bf2d3b7d5c696
    
      Little endian MIPS architecture:
    
        https://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_mipsel.deb
          Size/MD5 checksum:    67478 b78451c1753da62285c74c07e0fe263f
        https://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_mipsel.deb
          Size/MD5 checksum:    43488 06e92d862ef6cd8a6ecd20f3537c4d7b
        https://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_mipsel.deb
          Size/MD5 checksum:  2172916 f5a1eee003eb3995b97fe10b4ea09809
        https://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_mipsel.deb
          Size/MD5 checksum:    37958 6cdc8361e786e419383ca407b287c65b
        https://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_mipsel.deb
          Size/MD5 checksum:   190670 c464b1c69c97529361b0317d5db6fdc5
        https://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_mipsel.deb
          Size/MD5 checksum:   253560 b892c53f46239ed94dc23d74c7958b06
    
      PowerPC architecture:
    
        https://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_powerpc.deb
          Size/MD5 checksum:    69226 dd9cc43999a009d6df890de345a692cd
        https://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_powerpc.deb
          Size/MD5 checksum:    44584 58799c4b2e083df36b7a70d6b084d026
        https://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_powerpc.deb
          Size/MD5 checksum:  2173556 bb02308f91a0b63bb560db20973d28f7
        https://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_powerpc.deb
          Size/MD5 checksum:    38876 09a8c78537033a725fba8214735b5882
        https://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_powerpc.deb
          Size/MD5 checksum:   186618 459c027d740cf25932665586f55a68ff
        https://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_powerpc.deb
          Size/MD5 checksum:   263206 5a0fa00dd636ae40a62f0e02d63bc19b
    
      IBM S/390 architecture:
    
        https://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_s390.deb
          Size/MD5 checksum:    67772 1ec4fd75cf9b37c1b124e14cad82d75e
        https://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_s390.deb
          Size/MD5 checksum:    43434 1e0ce0535300f7176e550df27af61097
        https://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_s390.deb
          Size/MD5 checksum:  2172868 3884882c922c7a32b4d486545400b384
        https://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_s390.deb
          Size/MD5 checksum:    38934 a85a83dfd24e7fd3ebb8236782273c36
        https://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_s390.deb
          Size/MD5 checksum:   181596 c419b59dc3bad8208f6d0c4ff9248e13
        https://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_s390.deb
          Size/MD5 checksum:   267778 00ea85457a4457d7539f9e939fa38524
    
      Sun Sparc architecture:
    
        https://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_sparc.deb
          Size/MD5 checksum:    64334 9e1a24f503ce5d8ef70798f0dad6714a
        https://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_sparc.deb
          Size/MD5 checksum:    39392 7eaf2f1afd3bd2ab143f5b5f78cdd51b
        https://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_sparc.deb
          Size/MD5 checksum:  2171076 e9e6a7aa3e48315dd9905e407ed6b969
        https://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_sparc.deb
          Size/MD5 checksum:    36854 1d81507b5ee8ae42506dad08b6a9a452
        https://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_sparc.deb
          Size/MD5 checksum:   174900 a6a7fcfed104d7351832f7eba3b5e6b1
        https://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_sparc.deb
          Size/MD5 checksum:   263458 4f26cd6ff0466652766d7ce5ae183a63
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb https://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/49-tis-the-season-of-giving-how-have-you-given-back-to-the-open-source-community?task=poll.vote&format=json
    49
    radio
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"11","type":"x","order":"1","pct":34.38,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":18.75,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":46.88,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.