Linux Security
    Linux Security
    Linux Security

    Debian: New clamav packages fix several vulnerabilities

    Date 05 Apr 2006
    3772
    Posted By LinuxSecurity Advisories
    Updated package.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 1024-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                         Moritz Muehlenhoff
    April 5th, 2006                         https://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : clamav 
    Vulnerability  : several
    Problem-Type   : remote
    Debian-specific: no
    CVE ID         : CVE-2006-1614 CVE-2006-1615 CVE-2006-1630
    
    Several remote vulnerabilities have been discovered in the ClamAV
    anti-virus toolkit, which may lead to denial of service and potentially
    to the execution of arbitrary code. The Common Vulnerabilities and
    Exposures project identifies the following problems:
    
    CVE-2006-1614
    
        Damian Put discovered an integer overflow in the PE header parser.
        This is only exploitable if the ArchiveMaxFileSize option is disabled.
    
    CVE-2006-1615
    
        Format string vulnerabilities in the logging code have been discovered,
        which might lead to the execution of arbitrary code.
    
    CVE-2006-1630
        
        David Luyer discovered, that ClamAV can be tricked into an invalid
        memory access in the cli_bitset_set() function, which may lead to
        a denial of service.
    
    The old stable distribution (woody) doesn't contain clamav packages.
    
    For the stable distribution (sarge) these problems have been fixed in
    version 0.84-2.sarge.8.
    
    For the unstable distribution (sid) these problems have been fixed in
    version 0.88.1-1.
    
    We recommend that you upgrade your clamav package.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
    
      Source archives:
    
        https://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8.dsc
          Size/MD5 checksum:      872 ab3b8945329f3ead12e0bc4665a7b1c8
        https://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8.diff.gz
          Size/MD5 checksum:   175767 1c70e8d67a61d49a51ffd11e2574323b
        https://security.debian.org/pool/updates/main/c/clamav/clamav_0.84.orig.tar.gz
          Size/MD5 checksum:  4006624 c43213da01d510faf117daa9a4d5326c
    
      Architecture independent components:
    
        https://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.84-2.sarge.8_all.deb
          Size/MD5 checksum:   154760 d5856a0d9cc9d79842e840417e6eddea
        https://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.84-2.sarge.8_all.deb
          Size/MD5 checksum:   694302 0c2adbade7ac8834f17cd93b2bb2d04a
        https://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.84-2.sarge.8_all.deb
          Size/MD5 checksum:   123772 bb7b5e11599fbc3626561334a4cc3b41
    
      Alpha architecture:
    
        https://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8_alpha.deb
          Size/MD5 checksum:    74762 8f4e4c084200e30791eb02cc82b94a7d
        https://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.8_alpha.deb
          Size/MD5 checksum:    48838 87a9f130d2f8b196d2705d3f5f9652c9
        https://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.8_alpha.deb
          Size/MD5 checksum:  2176362 a5d414c3933204fca40fdc65a631bf85
        https://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.8_alpha.deb
          Size/MD5 checksum:    42116 0dd5f21866df4fb3103eef16f699b63b
        https://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.8_alpha.deb
          Size/MD5 checksum:   255666 ee3063a5b42e80426680a4d3a6548742
        https://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.8_alpha.deb
          Size/MD5 checksum:   285526 8b60096789652370a9c1eb23426de0fb
    
      AMD64 architecture:
    
        https://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8_amd64.deb
          Size/MD5 checksum:    68836 759081eefaefe1fbbe20b54b32c731f9
        https://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.8_amd64.deb
          Size/MD5 checksum:    44190 750a423f1cebbb0e307fcbbd20fa2a52
        https://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.8_amd64.deb
          Size/MD5 checksum:  2173214 2ba25c51303c97a105f8d38953bf3387
        https://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.8_amd64.deb
          Size/MD5 checksum:    40006 0456d63d7fb286a73036df807e0e1b9c
        https://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.8_amd64.deb
          Size/MD5 checksum:   176430 3b2092a8a89d581692bd26ba4e249524
        https://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.8_amd64.deb
          Size/MD5 checksum:   259636 de8ff1433bfd159c83eaf40fcbb5a9c3
    
      ARM architecture:
    
        https://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8_arm.deb
          Size/MD5 checksum:    63914 950154f957a11c66fc2c7528abe1f80c
        https://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.8_arm.deb
          Size/MD5 checksum:    39592 bc92d523a15df87c66df15165815f684
        https://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.8_arm.deb
          Size/MD5 checksum:  2171222 91e209cec252cd6e3303dbb15e61f38c
        https://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.8_arm.deb
          Size/MD5 checksum:    37310 8de5836510b35692e52ad04ff7e99909
        https://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.8_arm.deb
          Size/MD5 checksum:   174784 916270130f4ae7f8d19476e8ed2696bb
        https://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.8_arm.deb
          Size/MD5 checksum:   249626 6239b4680637783bc25da305a5840c97
    
      Intel IA-32 architecture:
    
        https://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8_i386.deb
          Size/MD5 checksum:    65186 075b0a1e041ef16465f747e8615478eb
        https://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.8_i386.deb
          Size/MD5 checksum:    40306 186f3f67d4e01eefa9bd4de61cbc7597
        https://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.8_i386.deb
          Size/MD5 checksum:  2171576 447093a4486b108a86daa3b1fb05df01
        https://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.8_i386.deb
          Size/MD5 checksum:    38028 a3b09e4e355290b59442c4f55a221fc6
        https://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.8_i386.deb
          Size/MD5 checksum:   159538 61d3a1e151a892a93ff59b5e32406e44
        https://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.8_i386.deb
          Size/MD5 checksum:   254266 00e35cca8aa52ca3025881de3ee6b843
    
      Intel IA-64 architecture:
    
        https://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8_ia64.deb
          Size/MD5 checksum:    81818 84308736db6948a227fee4d603d5e9c3
        https://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.8_ia64.deb
          Size/MD5 checksum:    55238 5b0c1145c0c7df81cef8ef147d6a67fb
        https://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.8_ia64.deb
          Size/MD5 checksum:  2180132 15de24581d6bd4237cc6e629b8fe2129
        https://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.8_ia64.deb
          Size/MD5 checksum:    49192 6423e0364941f3fd5a0a94db3a41cbc0
        https://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.8_ia64.deb
          Size/MD5 checksum:   252030 2b27bb90564d6d11a1ab7433878cfe2a
        https://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.8_ia64.deb
          Size/MD5 checksum:   317596 7194c5171e051cec740d3e26b8ac1921
    
      HP Precision architecture:
    
        https://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8_hppa.deb
          Size/MD5 checksum:    68280 fab75c3065bc0daef29c03de7eb95616
        https://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.8_hppa.deb
          Size/MD5 checksum:    43290 8fb3f438a608a015394dc63c2e2262b7
        https://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.8_hppa.deb
          Size/MD5 checksum:  2173664 6ac357059b165b64597b4298f2eb7c53
        https://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.8_hppa.deb
          Size/MD5 checksum:    39452 22c7fc2ead648754db1280ed45382f0c
        https://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.8_hppa.deb
          Size/MD5 checksum:   202622 60c9ecb6f7de4f23d81f3a60a6f86af8
        https://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.8_hppa.deb
          Size/MD5 checksum:   283312 92eec506c9c9c6c3e75f0180c83d9700
    
      Motorola 680x0 architecture:
    
        https://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8_m68k.deb
          Size/MD5 checksum:    62522 caaba4e546fa8c4bed7c6f43004cb5ab
        https://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.8_m68k.deb
          Size/MD5 checksum:    38208 176ca281e6004227c266b31dc8ba8b47
        https://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.8_m68k.deb
          Size/MD5 checksum:  2170472 090cb28e973bde8ab2d44fdf348ea3ad
        https://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.8_m68k.deb
          Size/MD5 checksum:    35068 80e3b711fa0b3c7b6eb481b76bbc0c96
        https://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.8_m68k.deb
          Size/MD5 checksum:   146248 8f95efb7f3ac12667fedf66014107fcd
        https://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.8_m68k.deb
          Size/MD5 checksum:   250348 2cf8b9fdfcdaaf51e9ea2e3695e6d0e4
    
      Big endian MIPS architecture:
    
        https://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8_mips.deb
          Size/MD5 checksum:    67952 5576ba2f730b4a4e73c08d85956a0fe1
        https://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.8_mips.deb
          Size/MD5 checksum:    43782 b93619f9da106b1ecbfb405ee022c1ee
        https://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.8_mips.deb
          Size/MD5 checksum:  2172990 85507c94a036d0c39fb1c645bb050512
        https://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.8_mips.deb
          Size/MD5 checksum:    37678 5a8947a6f3c6ba9c7c307c0fd48050dc
        https://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.8_mips.deb
          Size/MD5 checksum:   195428 c8b23ed440bccb7d24fd809f96daad87
        https://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.8_mips.deb
          Size/MD5 checksum:   257460 3538a15689317678f878c28b1ab89d38
    
      Little endian MIPS architecture:
    
        https://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8_mipsel.deb
          Size/MD5 checksum:    67556 0547466b220feec6a84bb78803604cde
        https://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.8_mipsel.deb
          Size/MD5 checksum:    43580 524a0264d0a5fbb55ee3f97bec588a27
        https://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.8_mipsel.deb
          Size/MD5 checksum:  2172940 8823057cd5d1aa1a0c2b1bbab22f0e37
        https://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.8_mipsel.deb
          Size/MD5 checksum:    37962 cae611d3f09c245cb58e4605d9d59702
        https://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.8_mipsel.deb
          Size/MD5 checksum:   191858 a0760438641ec43b77b19e2884c94e96
        https://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.8_mipsel.deb
          Size/MD5 checksum:   255080 0e54a23a6c5ecf5c7a5a47772cda3c78
    
      PowerPC architecture:
    
        https://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8_powerpc.deb
          Size/MD5 checksum:    69288 f057daede2d7b7123681918d177ce539
        https://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.8_powerpc.deb
          Size/MD5 checksum:    44674 59aefa09eaf2445d8359f0e420602be6
        https://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.8_powerpc.deb
          Size/MD5 checksum:  2173578 af9dec3e7e471453ec51bcf48ce266d8
        https://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.8_powerpc.deb
          Size/MD5 checksum:    38870 bf9fe9d09d8da16d71d29257b25c3831
        https://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.8_powerpc.deb
          Size/MD5 checksum:   187656 71a796fc913828ce8533e26133dc5905
        https://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.8_powerpc.deb
          Size/MD5 checksum:   264812 d1c3dd57001bda9bcd7e069d2d5fe4fb
    
      IBM S/390 architecture:
    
        https://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8_s390.deb
          Size/MD5 checksum:    67904 9b1b8122712a2dd196766ebf29b5489a
        https://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.8_s390.deb
          Size/MD5 checksum:    43576 0794d581c44455ab27f08d81e55603c4
        https://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.8_s390.deb
          Size/MD5 checksum:  2172900 d2ac57b7351650121ed6d3eb956e5ca4
        https://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.8_s390.deb
          Size/MD5 checksum:    38936 83eeff4b13a29ff65228c1b6a1ceb630
        https://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.8_s390.deb
          Size/MD5 checksum:   182596 38d749ca8410825c236a506d5948a823
        https://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.8_s390.deb
          Size/MD5 checksum:   269402 b23c60b45653f744ef38e397c1fd9dbc
    
      Sun Sparc architecture:
    
        https://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8_sparc.deb
          Size/MD5 checksum:    64416 70a8646252c0d3e0b78c8a37b7e25ab5
        https://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.8_sparc.deb
          Size/MD5 checksum:    39466 b68bca7161019ac2e2405973028ea710
        https://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.8_sparc.deb
          Size/MD5 checksum:  2171110 49331350eee02929c0616fb459ff6c2e
        https://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.8_sparc.deb
          Size/MD5 checksum:    36844 11eb76ec82a9faf969d3de83cdc341c8
        https://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.8_sparc.deb
          Size/MD5 checksum:   175778 a57ba409c803d60813cf2202a6ed46e1
        https://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.8_sparc.deb
          Size/MD5 checksum:   264714 eb2ab58670f241fc3d712a2ad56d9f70
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb https://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/49-tis-the-season-of-giving-how-have-you-given-back-to-the-open-source-community?task=poll.vote&format=json
    49
    radio
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"11","type":"x","order":"1","pct":34.38,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":18.75,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":46.88,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.