Debian: New clamav packages fix several vulnerabilities

    Date16 Feb 2008
    CategoryDebian
    3600
    Posted ByLinuxSecurity Advisories
    It was discovered that temporary files are created insecurely, which may result in local denial of service by overwriting files.
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1497-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                       Moritz Muehlenhoff
    February 16, 2008                     http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : clamav
    Vulnerability  : several
    Problem type   : local/remote
    Debian-specific: no
    CVE Id(s)      : CVE-2007-6595 CVE-2008-0318
    
    Several vulnerabilities have been discovered in the Clam anti-virus
    toolkit, which may lead to the execution of arbitrary or local denial
    of service. The Common Vulnerabilities and Exposures project identifies
    the following problems:
    
    CVE-2007-6595
    
        It was discovered that temporary files are created insecurely,
        which may result in local denial of service by overwriting files.
    
    CVE-2008-0318
    
        Silvio Cesare discovered an integer overflow in the parser for PE
        headers.
    
    
    For the stable distribution (etch), these problems have been fixed in
    version 0.90.1dfsg-3etch10. In addition to these fixes, this update
    also incorporates changes from the upcoming point release of the
    stable distribution (non-free RAR handling code was removed).
    
    The version of clamav in the old stable distribution (sarge) is no
    longer supported with security updates.
    
    We recommend that you upgrade your clamav packages.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian 4.0 (stable)
    - -------------------
    
    Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg.orig.tar.gz
        Size/MD5 checksum: 11610428 6dc18602b0aa653924d47316f9411e49
      http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch10.dsc
        Size/MD5 checksum:      900 fdaf84e03a9eb28d67bbd7f5d3e3614a
      http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch10.diff.gz
        Size/MD5 checksum:   208025 ed8148dbb71bedbbe65fe189010713e5
    
    Architecture independent packages:
    
      http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.90.1dfsg-3etch10_all.deb
        Size/MD5 checksum:   158102 421560c1c6070241a5507617e2f46f7a
      http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.90.1dfsg-3etch10_all.deb
        Size/MD5 checksum:   201866 5b0642d866ef0bc29f165937aa560112
      http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.90.1dfsg-3etch10_all.deb
        Size/MD5 checksum:  1005158 55a5202ff06ca5e16b10aa5d3661fe75
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3etch10_alpha.deb
        Size/MD5 checksum:   464362 f84e2ff9cd5456bbd4e5243ac8349824
      http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3etch10_alpha.deb
        Size/MD5 checksum:   372286 09c72a290ec14dba2bd69a54441f106b
      http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch10_alpha.deb
        Size/MD5 checksum:   863734 c6b4cb433f8b507b535e8f6b2ec786a4
      http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3etch10_alpha.deb
        Size/MD5 checksum:  9304100 283349257ed19031005efabbc3952ccb
      http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3etch10_alpha.deb
        Size/MD5 checksum:   598478 dff2f56a270fc6d27849e2cefaa411d1
      http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3etch10_alpha.deb
        Size/MD5 checksum:   180538 f931506803e06aef134241b1d84c7b2d
      http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3etch10_alpha.deb
        Size/MD5 checksum:   184926 a83fc8a8555a69c9a59c5e15240dc7a4
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3etch10_amd64.deb
        Size/MD5 checksum:   177260 e5e7228d643484ddb117bbf3931f476c
      http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3etch10_amd64.deb
        Size/MD5 checksum:   177828 61b1d02a43bd1a1721338c4ce7c3a422
      http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3etch10_amd64.deb
        Size/MD5 checksum:   593024 d4b2eb626b4e6fef5bcde4ac222c6454
      http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3etch10_amd64.deb
        Size/MD5 checksum:  9301526 a917f5918ca948b1b706f9f97130cbff
      http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3etch10_amd64.deb
        Size/MD5 checksum:   341212 074e61d5932c8273aa3648a01b3d199d
      http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3etch10_amd64.deb
        Size/MD5 checksum:   354574 e9d7cd1db27d4d6ff0e831edd3fef2e7
      http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch10_amd64.deb
        Size/MD5 checksum:   856322 6c33d3f144ffa61bab3b520ce2848157
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3etch10_arm.deb
        Size/MD5 checksum:   171432 d1b27aca7795f9efcf24ca635a88e183
      http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3etch10_arm.deb
        Size/MD5 checksum:   175574 a02de1a18d3bddafdea347edffc6df93
      http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3etch10_arm.deb
        Size/MD5 checksum:   335222 b3d1e8b2e533096db0e23355b120a215
      http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3etch10_arm.deb
        Size/MD5 checksum:  9299406 23766091d8962592de83172d6e38519d
      http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch10_arm.deb
        Size/MD5 checksum:   853168 bb3033315390a31b4b2ea286b9462444
      http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3etch10_arm.deb
        Size/MD5 checksum:   553796 273ec96bb8eb1bebba67b2948a5b555d
      http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3etch10_arm.deb
        Size/MD5 checksum:   335776 bb2869b91aaeb6897c9485f3300f3ed3
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3etch10_hppa.deb
        Size/MD5 checksum:   396356 f5e732fe99bd168a4ae70c70eebcd1fa
      http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3etch10_hppa.deb
        Size/MD5 checksum:   178356 267a08d94c9680072d5a48e59aa4091e
      http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3etch10_hppa.deb
        Size/MD5 checksum:  9303518 11be572a7eb2cdecd2ec5468490ec123
      http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3etch10_hppa.deb
        Size/MD5 checksum:   571608 318206fa992b380ab7cbc2d3fddb962a
      http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3etch10_hppa.deb
        Size/MD5 checksum:   372312 a7f72014c1c37ca35d59e53ae9029e31
      http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3etch10_hppa.deb
        Size/MD5 checksum:   177664 87a684e9fc27b82b488eaa96ec1b21ce
      http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch10_hppa.deb
        Size/MD5 checksum:   857448 ae1563fdebe259c63439cdb9ed93fbb6
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3etch10_i386.deb
        Size/MD5 checksum:   172654 120ceba726419c8f0c7bf36702a165b6
      http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch10_i386.deb
        Size/MD5 checksum:   855988 4379ab276bcddfa2de2afb4a28d45b92
      http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3etch10_i386.deb
        Size/MD5 checksum:  9300936 3de4dc89b270bfb43e4d3060ac083769
      http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3etch10_i386.deb
        Size/MD5 checksum:   559940 5965d3bb43c964272f0e374b495520a7
      http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3etch10_i386.deb
        Size/MD5 checksum:   338418 752b3738479c070b0934294470d16f2d
      http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3etch10_i386.deb
        Size/MD5 checksum:   339656 73b2c60bb4357188b4e6da5258c9313d
      http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3etch10_i386.deb
        Size/MD5 checksum:   175332 62182b035a595edf9900528b31a93636
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3etch10_ia64.deb
        Size/MD5 checksum:   610248 ae421a5085da3c747f7ae61970653089
      http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3etch10_ia64.deb
        Size/MD5 checksum:   192218 96b2dac90209942f6fd76d89b06051b6
      http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3etch10_ia64.deb
        Size/MD5 checksum:   201948 a6afd51d36c3beb42d2a8c9ee81c791a
      http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3etch10_ia64.deb
        Size/MD5 checksum:   465282 9674fecaea45d00e6cafbb968bc9c84f
      http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3etch10_ia64.deb
        Size/MD5 checksum:  9315570 a6494553e580af204acfc3ef57815c66
      http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch10_ia64.deb
        Size/MD5 checksum:   878724 02cb3b6d395462cca58e4d71df92c9f5
      http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3etch10_ia64.deb
        Size/MD5 checksum:   427098 940933bfd1a6ae8209ccba7ac9ad5c15
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3etch10_mips.deb
        Size/MD5 checksum:   175204 2fa965bed67d384ec9a011bb9ac2d023
      http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3etch10_mips.deb
        Size/MD5 checksum:   343012 20916656010a03b84a28801c0a4340b5
      http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3etch10_mips.deb
        Size/MD5 checksum:   398084 4efac167cb091944c8669040b3e2ddc5
      http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3etch10_mips.deb
        Size/MD5 checksum:  9301350 b071e55bceed1b74b3ef5e87d41600c1
      http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3etch10_mips.deb
        Size/MD5 checksum:   599362 891879d3f4b662e8bb1b311a081941f3
      http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch10_mips.deb
        Size/MD5 checksum:   854890 c5b72bfa592c5b42ab7753ce91b7559c
      http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3etch10_mips.deb
        Size/MD5 checksum:   179370 d1d697ad74196477910fee87a5125d6e
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3etch10_mipsel.deb
        Size/MD5 checksum:   336394 9e24d8323eabc7ff6b4956760807cfdd
      http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3etch10_mipsel.deb
        Size/MD5 checksum:   389264 d3e430dccc4b5607d17b24054a8057ee
      http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3etch10_mipsel.deb
        Size/MD5 checksum:   176198 ddc27f8c962278ee672d74b69c309852
      http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch10_mipsel.deb
        Size/MD5 checksum:   854884 d92f4118974da878fc145700874af7cc
      http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3etch10_mipsel.deb
        Size/MD5 checksum:   180264 8059ea705c23baacee90fc25baf8f5be
      http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3etch10_mipsel.deb
        Size/MD5 checksum:   590418 6747b1e6c47885abbed4f69c6498839d
      http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3etch10_mipsel.deb
        Size/MD5 checksum:  9301872 cec2eddb15c0c0cc2aa74153abbaf773
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3etch10_s390.deb
        Size/MD5 checksum:   361024 0d8d132cc01ac81897f86323fef0bbb0
      http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch10_s390.deb
        Size/MD5 checksum:   855508 5c90da24c7729ebaf76070b7a8de2188
      http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3etch10_s390.deb
        Size/MD5 checksum:  9301126 0f5305603804e2cb3b707a96f565715d
      http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3etch10_s390.deb
        Size/MD5 checksum:   177422 ea3f44572ccb4d250deab0631fbb9977
      http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3etch10_s390.deb
        Size/MD5 checksum:   581234 6d2e198b8d7b402b3c904ff389de74c8
      http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3etch10_s390.deb
        Size/MD5 checksum:   176640 c38feac81c33f0bf9d328b94eba94321
      http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3etch10_s390.deb
        Size/MD5 checksum:   369494 dae23d207fa1b58e113781f4b536fc7b
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3etch10_sparc.deb
        Size/MD5 checksum:   540684 444abf601591de3668474e11cc4f185d
      http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3etch10_sparc.deb
        Size/MD5 checksum:   174316 93dd45b1841345c08740b3087d1b315c
      http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3etch10_sparc.deb
        Size/MD5 checksum:   348604 1f82ef68229b550698bb731fd774e025
      http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3etch10_sparc.deb
        Size/MD5 checksum:   357318 cf4a75b40792078268e28470d79d4945
      http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3etch10_sparc.deb
        Size/MD5 checksum:   172386 bb9b8f6f9400f17d7d25a7b9cc5f8a4f
      http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch10_sparc.deb
        Size/MD5 checksum:   851638 f916bf0a41766c16ffb49440e9fc0170
      http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3etch10_sparc.deb
        Size/MD5 checksum:  9299024 0516d4ccf319dd4cd4d85b1226763b8d
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"5","type":"x","order":"1","pct":55.56,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":33.33,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":11.11,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.