Debian: clamav fix denial of service DSA-1616-2
July 26, 2008
Damian Put discovered a vulnerability in the ClamAV anti-virus
toolkit's parsing of Petite-packed Win32 executables
Summary
Severity
- ------------------------------------------------------------------------Debian Security Advisory DSA-1616-2 security@debian.org
http://www.debian.org/security/ Devin Carraway
July 26, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------Package : clamav
Vulnerability : denial of service
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-2713
Debian Bug : 490925
This update corrects a packaging and build error in the packages
released in DSA-1616-1. Those packages, while functional, did not
actually apply the fix intended. This update restores the fix
to the package build; no other changes are introduced. For
reference, the text of the original advisory follows.
Damian Put discovered a vulnerability in the ClamAV anti-virus
toolkit's parsing of Petite-packed Win32 executables. The weakness
leads to an invalid memory access, and could enable an attacker to
crash clamav by supplying a maliciously crafted Petite-compressed
binary for scanning. In some configurations, such as when clamav
is used in combination with mail servers, this could cause a system
to "fail open," facilitating a follow-on viral attack.
The Common Vulnerabilities and Exposures project identifies this
weakness as CVE-2008-2713.
For the stable distribution (etch), this problem has been fixed in
version 0.90.1dfsg-3.1+etch14. For the unstable distribution (sid),
the problem has been fixed in version 0.93.1.dfsg-1.1.
We recommend that you upgrade your clamav packages.
Upgrade instructions
- --------------------wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------Debian (stable)
- ---------------Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
Size/MD5 checksum: 11610428 6dc18602b0aa653924d47316f9411e49
Size/MD5 checksum: 212774 199de1c758a33edf439dde87ae569bac
Size/MD5 checksum: 906 71a4fbac6552c6a24d1a0e2c4ca1c7da
Architecture independent packages:
Size/MD5 checksum: 1006914 a5feccd106ffa258beae4901d25db623
Size/MD5 checksum: 158430 bbc7804704709ae18176c737c0b134e9
Size/MD5 checksum: 201298 868f961ab7554df5417736f335aa488d
alpha architecture (DEC Alpha)
Size/MD5 checksum: 182644 8e84fae267fb377cabf7317d2f44c692
Size/MD5 checksum: 9305178 b750c3292f0e7d1cdb56238683571734
Size/MD5 checksum: 597516 fc362f29653a1f7b4502ad194b67b847
Size/MD5 checksum: 862222 7efe4391739d6a09c405b18d29f3044a
Size/MD5 checksum: 465260 b63d35f63e5aaf44156887abd1d1459e
Size/MD5 checksum: 372814 60af231db0dff0eaff0a672263dfcd7d
Size/MD5 checksum: 180822 e63e83fef5fecfe72af5ec219de783b0
amd64 architecture (AMD x86_64 (AMD64))
Size/MD5 checksum: 341534 6c0bc2832930b33660a112bf19935a83
Size/MD5 checksum: 857172 a48f0ceee8dfcc931f644c8ce1e6f538
Size/MD5 checksum: 177770 4207030fd20cca2180859ec443f0a0f1
Size/MD5 checksum: 178482 03f5be30b79ef71176f6ae719401f436
Size/MD5 checksum: 594702 3abad9e4419716ab642f8c017559bb6a
Size/MD5 checksum: 9301618 1bcd0de2457edd37d6ffc3b0903696b1
Size/MD5 checksum: 355674 0ae17bf7e335891cdbeeb4b60be92632
arm architecture (ARM)
Size/MD5 checksum: 171748 3ed60880f21579874b4ad6a9e015f68a
Size/MD5 checksum: 9299608 7e9e3f4609257394f40b2d6857474064
Size/MD5 checksum: 335664 db92882e9aa7b6ca64da3cf9891449d2
Size/MD5 checksum: 853812 c38d6afa529c6436676e53ccba32ec2f
Size/MD5 checksum: 336382 644bcae8f4c896753dad02f1b2009d1a
Size/MD5 checksum: 175872 10d4176f16d8be11a06b6146c7779109
Size/MD5 checksum: 554138 95ffde3c2906b6841b27434853f079f2
hppa architecture (HP PA RISC)
Size/MD5 checksum: 178090 8991c9cc08ee36c63edf94008acfa594
Size/MD5 checksum: 9303416 4bc7ace973a6d7b38a8b51f61c85aefb
Size/MD5 checksum: 572296 49cc89497b0f53af36fe674baf3137b5
Size/MD5 checksum: 856748 f55ee39b6d74332e7445052c40dfdb03
Size/MD5 checksum: 177814 8909ac03518b4a5f3c32e64ca1788dc1
Size/MD5 checksum: 372458 07afbcca403412e6d15d605084fe5dc9
Size/MD5 checksum: 396254 4af9d29063c5d7e69c4ab9f338c0394c
i386 architecture (Intel ia32)
Size/MD5 checksum: 175282 424fa862dad29ea379904129391e41d1
Size/MD5 checksum: 338196 cf2864c712dfbfc8b69c9b1273175fb3
Size/MD5 checksum: 175836 090d742a6210c51592fe1ecc280c8b39
Size/MD5 checksum: 853006 1533b5f937508351cebf4fea531d06a5
Size/MD5 checksum: 559576 7617c8c357f9f6e3727dedc3df01663e
Size/MD5 checksum: 339726 e90b7aca9c23b8f7806db6140585b753
Size/MD5 checksum: 9299954 ed782c4d674b7dabc492a81c886be34c
ia64 architecture (Intel ia64)
Size/MD5 checksum: 9315878 7e185a585d7847067b2b8ab671f0c2dc
Size/MD5 checksum: 879008 930ead56956e3b853a9ac95f321451fd
Size/MD5 checksum: 427704 a9b75983eef41d65d0a55fc4e60465bc
Size/MD5 checksum: 192526 559aecb601fea34925ad47915c835475
Size/MD5 checksum: 610678 6f56f8a76b88dde718029ce0e8c3eb07
Size/MD5 checksum: 465838 8f8cb866007dbec4079c77ea6bac0319
Size/MD5 checksum: 202260 36c874543c4b57ccf087701b9afcbf43
mips architecture (MIPS (Big Endian))
Size/MD5 checksum: 9301614 51ef706f4e02abf651bb5f204d78cb25
Size/MD5 checksum: 179662 91c4d43018b2578afcfa691a362766fd
Size/MD5 checksum: 855158 0d1392dbda84cfc0ddb85980f691efc4
Size/MD5 checksum: 343444 0566593cd104727051462bdfca0a737f
Size/MD5 checksum: 599850 2c32b41dc36d46c2284a059246bc81e8
Size/MD5 checksum: 175536 535b43fc2080b1e154f5fbc45067e102
Size/MD5 checksum: 398480 a034805b291260d2c65071cd9019e762
mipsel architecture (MIPS (Little Endian))
Size/MD5 checksum: 855196 fe395546187d33676b2e52d8ae6311c7
Size/MD5 checksum: 176512 fffe8e028d63a4d60d09fe2fa779ad09
Size/MD5 checksum: 389714 8baf3767f9c032cbb8d41ae765a04129
Size/MD5 checksum: 9302090 64a4984f8215b36ec199bd62ce43e5e1
Size/MD5 checksum: 180540 86cb92398f1de1d910e99f2c8dafaef5
Size/MD5 checksum: 590596 80bc2c27892e72164d4e2979ef7c9a8c
Size/MD5 checksum: 336880 a64b54f0c011823596e81f676ec30535
powerpc architecture (PowerPC)
Size/MD5 checksum: 176940 d165050c2dda9b0c04173a600670dc60
Size/MD5 checksum: 9302922 4ce517ac4194aee7413166bc5e3a3c55
Size/MD5 checksum: 372472 304f0d7daf701aeb080c57e803614bdd
Size/MD5 checksum: 590982 79f675fd08cdef59591b73ddb756b57d
Size/MD5 checksum: 857860 499b3df5f4a3a75219cae4fcbe7de74d
Size/MD5 checksum: 350472 790d98cebecfcf302578f259d3db4944
Size/MD5 checksum: 182340 4bc61a48fc1cba04e41fbfcee0e6153f
s390 architecture (IBM S/390)
Size/MD5 checksum: 855798 c48dfd49d40a99a8e6a422e7c4d57958
Size/MD5 checksum: 581570 8e91584fcd401c6aa4fd423fc66c5804
Size/MD5 checksum: 177732 37fb6afe5c9b497d7807d7ba9de7c60e
Size/MD5 checksum: 370092 2bf800750709e2a85ab0c8d20120dd35
Size/MD5 checksum: 9301540 a7faa325d0520f0e3fa6cb6388817354
Size/MD5 checksum: 176904 49de4354abb82882b316c7eaa951f634
Size/MD5 checksum: 361538 041f98e36b075c2124a13ca7d821ec27
sparc architecture (Sun SPARC/UltraSPARC)
Size/MD5 checksum: 851954 84e5342b68218f68c4f9098d6854a812
Size/MD5 checksum: 349302 2ac1912b054a77725c26e1126cef9396
Size/MD5 checksum: 357818 d3d49289c7448b2ab8144519fb09d2dc
Size/MD5 checksum: 540964 902c896aea414d26ba171f24ebf7f9d7
Size/MD5 checksum: 9299278 4a00f95c77563140ea860f62d49feb9c
Size/MD5 checksum: 174636 b72067dd6e27fcefe97ace2a0911f05c
Size/MD5 checksum: 172690 d6fa013c61cc962447de1c4f85c78927
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
