Linux Security
    Linux Security
    Linux Security

    Debian: New clamav packages fix potential code execution

    Date 03 Dec 2008
    Posted By LinuxSecurity Advisories
    Moritz Jodeit discovered that ClamAV, an anti-virus solution, suffers from an off-by-one-error in its VBA project file processing, leading to a heap-based buffer overflow and potentially arbitrary code execution (CVE-2008-5050).
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1680-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.                           Florian Weimer
    December 04, 2008           
    - ------------------------------------------------------------------------
    Package        : clamav
    Vulnerability  : buffer overflow, stack consumption
    Problem type   : local (remote)
    Debian-specific: no
    CVE Id(s)      : CVE-2008-5050 CVE-2008-5314
    Debian Bug     : 505134 507624
    Moritz Jodeit discovered that ClamAV, an anti-virus solution, suffers
    from an off-by-one-error in its VBA project file processing, leading to
    a heap-based buffer overflow and potentially arbitrary code execution
    Ilja van Sprundel discovered that ClamAV contains a denial of service
    condition in its JPEG file processing because it does not limit the
    recursion depth when processing JPEG thumbnails (CVE-2008-5314).
    For the stable distribution (etch), these problems have been fixed in
    version 0.90.1dfsg-4etch16.
    For the unstable distribution (sid), these problems have been fixed in
    version 0.94.dfsg.2-1.
    The testing distribution (lenny) will be fixed soon.
    We recommend that you upgrade your clamav packages.
    Upgrade instructions
    - --------------------
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian GNU/Linux 4.0 alias etch
    - -------------------------------
    Source archives:
        Size/MD5 checksum: 11610428 6dc18602b0aa653924d47316f9411e49
        Size/MD5 checksum:      908 ebc60299a69aab41dfdb77e667e2857c
        Size/MD5 checksum:   216130 5ae1da1b6351a13b5c385919960ca9b7
    Architecture independent packages:
        Size/MD5 checksum:   201408 63e3898029276baf914fafa347747996
        Size/MD5 checksum:  1003722 5d316f2ea821b441971b0e05e58e481d
        Size/MD5 checksum:   158564 189a55ca25bdf9e03a0ae3b9f4a565e9
    alpha architecture (DEC Alpha)
        Size/MD5 checksum:   373052 b59a6787be52e776d3b6238bac4e7fff
        Size/MD5 checksum:   182812 289769066d1883af6c455255725c1c81
        Size/MD5 checksum:  9305338 e2d5290afa1484ffc3ee6abfc99a7e5f
        Size/MD5 checksum:   465410 ad42ee7f6355353575f05de54d67fa2b
        Size/MD5 checksum:   598714 6f862583fe87d09e3c3a3c288c75a787
        Size/MD5 checksum:   180954 7122cfc98ec69b5b012d9794dc3f44cd
        Size/MD5 checksum:   862390 df3cb4e88d62cbc641d1c48c14d5c551
    amd64 architecture (AMD x86_64 (AMD64))
        Size/MD5 checksum:   856672 bc8b467814eb5b76b6a165ee7abbbb7d
        Size/MD5 checksum:   177968 c2aa51b550584931f3f1b7b1f6df6508
        Size/MD5 checksum:  9302094 cd9f623cfb4f23d1777cf21e830d74b2
        Size/MD5 checksum:   355706 e0db968192096ac9215ab676b5750c7d
        Size/MD5 checksum:   179200 99ba1e041488e76a7d6e457ed51536f0
        Size/MD5 checksum:   341684 6207bf783731c636eaa192d696466a88
        Size/MD5 checksum:   594608 5e87c000b193a1d25e03580496b91fc2
    hppa architecture (HP PA RISC)
        Size/MD5 checksum:   178252 a2dadc8689fd265609265d65f9ba5cf7
        Size/MD5 checksum:   178500 e26b37f74b35c6128654305c2d8f68eb
        Size/MD5 checksum:   373174 c8815805d7a9cf555a1611b7314cbe93
        Size/MD5 checksum:   573090 724ad2d96fcd7b80e7a1c8c090fb9b04
        Size/MD5 checksum:  9303992 c463499f12992880b420a015b1bd5d9a
        Size/MD5 checksum:   857738 1ebd69a77c29a7fc69f02b27b2dad3e6
        Size/MD5 checksum:   396534 d889914674f27507e6ca759d78d22995
    i386 architecture (Intel ia32)
        Size/MD5 checksum:   338494 19d7a1f5ba21bb2ea6ef65477559f94e
        Size/MD5 checksum:  9299810 7128061759b66acac727697fe89b64f1
        Size/MD5 checksum:   176040 be3736249dbc666ba1319b1c90846f6c
        Size/MD5 checksum:   561386 c9d821e32d55ef4a6a2ff6c53dfe5144
        Size/MD5 checksum:   855774 4d455d6519fb958ca80ccd64cf002733
        Size/MD5 checksum:   173110 19bb9a435ec67992ec1f64117bbe4ad5
        Size/MD5 checksum:   340104 febee614772fbd5bf27f05f121651a20
    ia64 architecture (Intel ia64)
        Size/MD5 checksum:   879178 e54e7a00d6997145abf9d0fd29125122
        Size/MD5 checksum:   611950 4688c0588b2c0289f7d1d1661afab75f
        Size/MD5 checksum:  9316052 a7621f1da45dc360701bb220375f75fa
        Size/MD5 checksum:   202432 97d25289436bab9657006c5a3111a46b
        Size/MD5 checksum:   192686 f749efd1adaa69f02cf333b59c1f8fe0
        Size/MD5 checksum:   466144 808f94a059ba40b6fb07d9455d09f6aa
        Size/MD5 checksum:   428106 1be6f7d9cdc26e37f306cf1b17d465ac
    mips architecture (MIPS (Big Endian))
        Size/MD5 checksum:   179864 87927a28c832d9591e72b57949c1dc6e
        Size/MD5 checksum:   600956 8e9a4325b6fca6a1233fa9fd0ca0555c
        Size/MD5 checksum:   855252 f6e1334c499c80f63aed3d29e44ae1bf
        Size/MD5 checksum:   398728 e6cd9d013cc52be551eba54b2720b983
        Size/MD5 checksum:   175734 a9282395129b667acb155dbcc2a0b93c
        Size/MD5 checksum:   343690 1c91c1d31700a461afc165781ae2f090
        Size/MD5 checksum:  9301736 4bc34b6d01389eb060b31952c2b1b27b
    powerpc architecture (PowerPC)
        Size/MD5 checksum:  9303100 e98394d3111c5ff1c612fb3e92a0f8b9
        Size/MD5 checksum:   857964 eda098ba91e370a95e9259b651fb684b
        Size/MD5 checksum:   177148 8b6840ca3ddf149b2dfa0c20112b63fd
        Size/MD5 checksum:   182514 e26515d0a92e205bca5d7e4438c51589
        Size/MD5 checksum:   350804 ab54eeb5d022ae08535dd90c9b5df157
        Size/MD5 checksum:   372856 999347aba8ba2a6481c33d0656aeaad3
        Size/MD5 checksum:   592144 305ef279c3840eb9fb3df233ed258333
    s390 architecture (IBM S/390)
        Size/MD5 checksum:   177908 d4a05f341abba5d5de91e328d841518d
        Size/MD5 checksum:   177060 4762fb05719e9ce0cb1ed3cad9c57960
        Size/MD5 checksum:  9301758 1bd5836e2d661378dfa9f4cf9f41091a
        Size/MD5 checksum:   370338 fa23bc8ee8d3f0d85b8b03d933398edb
        Size/MD5 checksum:   582564 a6ee552708c64b6d9dd0b891cc5fb797
        Size/MD5 checksum:   361764 06046ba7e4a989592a2ccca18a6f04a1
        Size/MD5 checksum:   855966 fab4913131e36fb3ee0619e516d60a41
    sparc architecture (Sun SPARC/UltraSPARC)
        Size/MD5 checksum:   349588 6dfb12eb76d35c2d91ae4e6ff1d516e1
        Size/MD5 checksum:  9298888 ec04c3d9ce44da80eeca6795d695d061
        Size/MD5 checksum:   357982 cfade6599939f4f83038e5334eaa3a2d
        Size/MD5 checksum:   542512 ffedc011073a2e0b2028bc700361e949
        Size/MD5 checksum:   852672 197bb1d08bea1ed5826bba231c54e99f
        Size/MD5 checksum:   174792 c7136015088cbdc0f3d74769b4c46efb
        Size/MD5 checksum:   172304 fc4153b27a708f0906ee7c041b67f81b
      These files will probably be moved into the stable distribution on
      its next update.
    - ---------------------------------------------------------------------------------
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"8","type":"x","order":"1","pct":27.59,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":20.69,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":51.72,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    You have already voted for this poll.


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.