-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 824-1 security@debian.org http://www.debian.org/security/ Martin Schulze September 29th, 2005 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : clamav Vulnerability : infinite loop, buffer overflow Problem type : remote Debian-specific: no CVE ID : CAN-2005-2919 CAN-2005-2920 Debian Bug : 328660 Two vulnerabilities have been discovered in Clam AntiVirus, the antivirus scanner for Unix, designed for integration with mail servers to perform attachment scanning. The following problems were identified: CAN-2005-2919 A potentially infinite loop could lead to a denial of service. CAN-2005-2920 A buffer overflow could lead to a denial of service. The old stable distribution (woody) does not contain ClamAV packages. For the stable distribution (sarge) these problems have been fixed in version 0.84-2.sarge.4. For the unstable distribution (sid) these problems have been fixed in version 0.87-1. We recommend that you upgrade your clamav package. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4.dsc Size/MD5 checksum: 872 1a1aaa3318ae10c6806f582588e307bb http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4.diff.gz Size/MD5 checksum: 175215 e44e7c828b916a87c94985cf8eae3d13 http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84.orig.tar.gz Size/MD5 checksum: 4006624 c43213da01d510faf117daa9a4d5326c Architecture independent components: http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.84-2.sarge.4_all.deb Size/MD5 checksum: 154302 764277db36650876f13658e2e5f0751b http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.84-2.sarge.4_all.deb Size/MD5 checksum: 689924 e5aba73a0a6f949f7ddf2e6efa6b0aeb http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.84-2.sarge.4_all.deb Size/MD5 checksum: 123298 5792bbcedba7c7b19b118976c23d7dff Alpha architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_alpha.deb Size/MD5 checksum: 74672 e6725d68591dd710cce840b8020647c9 http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_alpha.deb Size/MD5 checksum: 48792 ab341735b610360d211d93aae21f8c04 http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_alpha.deb Size/MD5 checksum: 2176364 57135c04ea09bb8571e1fcb31db492e0 http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_alpha.deb Size/MD5 checksum: 42112 d9881a7457c16df6c279e3de6715a8c1 http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_alpha.deb Size/MD5 checksum: 254516 d8dff4ba494bb9dcfa1a2be51c0b3a8c http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_alpha.deb Size/MD5 checksum: 283868 4cf4e2c9a673c679af6d53cd19fd86e2 AMD64 architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_amd64.deb Size/MD5 checksum: 68858 e1cf55557564afe9eb85b8028ed95576 http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_amd64.deb Size/MD5 checksum: 44188 f043d16b9b1fa8755fb27b97b24bfa6c http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_amd64.deb Size/MD5 checksum: 2173194 9c1766d7351dea3e1c6529b77c03e3e4 http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_amd64.deb Size/MD5 checksum: 40006 2407a0b2ca24d6bf745c2bd9c509a7e8 http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_amd64.deb Size/MD5 checksum: 175354 2fb4df2228763488f9fbb5b6ae52d38e http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_amd64.deb Size/MD5 checksum: 257910 ce9eef9c38187a70582528ef6a99f9e6 ARM architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_arm.deb Size/MD5 checksum: 63824 d6cb239e323084cfc6b5a30f36a52c01 http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_arm.deb Size/MD5 checksum: 39520 76997f2c09141dfc517570f0c0f77598 http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_arm.deb Size/MD5 checksum: 2171212 6b64588c64a58e275b226a8289cbffd3 http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_arm.deb Size/MD5 checksum: 37304 8f29746edb67c02477b662b473ac4234 http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_arm.deb Size/MD5 checksum: 173526 02a315f3ad72931252a2fcfaf7682561 http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_arm.deb Size/MD5 checksum: 248328 7de5f21da6ebd76b9e6bce64b1935df9 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_i386.deb Size/MD5 checksum: 65124 f53eadb97b80d0b2f7c8a8f6d15c7fcc http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_i386.deb Size/MD5 checksum: 40194 11affc953259da108bb6ac9015703c9a http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_i386.deb Size/MD5 checksum: 2171518 136c46a06385fbb5e8d896d642bc0f05 http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_i386.deb Size/MD5 checksum: 38030 ef402381cb175820ea4b0c01d2974b54 http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_i386.deb Size/MD5 checksum: 158546 89741c1bf059281f1ca2aa0dd7f40861 http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_i386.deb Size/MD5 checksum: 252594 60e13cb2197362fbda1d8d122b841cfe Intel IA-64 architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_ia64.deb Size/MD5 checksum: 81706 8267ad55e4b5b58bf80911973a635e02 http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_ia64.deb Size/MD5 checksum: 55102 f90bc4bac2fed23429feecdbe92fb850 http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_ia64.deb Size/MD5 checksum: 2180084 0200268cac161cc694f2eb87e050521a http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_ia64.deb Size/MD5 checksum: 49208 f143c1c98036aa4d404c8c9c9b533e33 http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_ia64.deb Size/MD5 checksum: 250412 12a7b80cc296d1825ff40c297f7b2592 http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_ia64.deb Size/MD5 checksum: 315812 a8e46a8c22ab740d51b80da4edcbde8d HP Precision architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_hppa.deb Size/MD5 checksum: 68182 9b08058ca6bdfc769a091c7c89a7ce64 http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_hppa.deb Size/MD5 checksum: 43234 4ebf553bf0a02e8179260d04c7dd7238 http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_hppa.deb Size/MD5 checksum: 2173616 d8d57d8b12fddd5c9ea61b5affdfb34e http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_hppa.deb Size/MD5 checksum: 39450 adffa3c170aea391e410e997f57cf535 http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_hppa.deb Size/MD5 checksum: 201266 29b0927ba2b89df397423e6e520cfa1f http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_hppa.deb Size/MD5 checksum: 281814 4916e2bb671314195cf51e50c375101d Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_m68k.deb Size/MD5 checksum: 62456 f83ffc5a1b29336b95d29480976f3229 http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_m68k.deb Size/MD5 checksum: 38072 237a81f8ae94f568a7ab288b01d7294b http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_m68k.deb Size/MD5 checksum: 2170454 38f3c19b1d3600361a3eff93b2c08924 http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_m68k.deb Size/MD5 checksum: 35068 d54fa55db1fe03921ce0e080946a3006 http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_m68k.deb Size/MD5 checksum: 145372 27ff086da84d8b2b7e1a7b5e0ec6faad http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_m68k.deb Size/MD5 checksum: 249018 8ec76ffcdd22dc2216b29c0a5b0967b2 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_mips.deb Size/MD5 checksum: 67858 ff8ac22975ec3987744b41635334032a http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_mips.deb Size/MD5 checksum: 43674 3672906fe3fde3bc7a94ad54c47d07d4 http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_mips.deb Size/MD5 checksum: 2172970 a8580f8e196acba4d9d625c4cc423338 http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_mips.deb Size/MD5 checksum: 37670 ccdc395e404f330c20598d5b02ddaf49 http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_mips.deb Size/MD5 checksum: 194320 bb910353a34fea0942afab88a31d7dea http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_mips.deb Size/MD5 checksum: 256088 7ec97820fa2470e7b58bf2d3b7d5c696 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_mipsel.deb Size/MD5 checksum: 67478 b78451c1753da62285c74c07e0fe263f http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_mipsel.deb Size/MD5 checksum: 43488 06e92d862ef6cd8a6ecd20f3537c4d7b http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_mipsel.deb Size/MD5 checksum: 2172916 f5a1eee003eb3995b97fe10b4ea09809 http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_mipsel.deb Size/MD5 checksum: 37958 6cdc8361e786e419383ca407b287c65b http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_mipsel.deb Size/MD5 checksum: 190670 c464b1c69c97529361b0317d5db6fdc5 http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_mipsel.deb Size/MD5 checksum: 253560 b892c53f46239ed94dc23d74c7958b06 PowerPC architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_powerpc.deb Size/MD5 checksum: 69226 dd9cc43999a009d6df890de345a692cd http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_powerpc.deb Size/MD5 checksum: 44584 58799c4b2e083df36b7a70d6b084d026 http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_powerpc.deb Size/MD5 checksum: 2173556 bb02308f91a0b63bb560db20973d28f7 http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_powerpc.deb Size/MD5 checksum: 38876 09a8c78537033a725fba8214735b5882 http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_powerpc.deb Size/MD5 checksum: 186618 459c027d740cf25932665586f55a68ff http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_powerpc.deb Size/MD5 checksum: 263206 5a0fa00dd636ae40a62f0e02d63bc19b IBM S/390 architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_s390.deb Size/MD5 checksum: 67772 1ec4fd75cf9b37c1b124e14cad82d75e http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_s390.deb Size/MD5 checksum: 43434 1e0ce0535300f7176e550df27af61097 http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_s390.deb Size/MD5 checksum: 2172868 3884882c922c7a32b4d486545400b384 http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_s390.deb Size/MD5 checksum: 38934 a85a83dfd24e7fd3ebb8236782273c36 http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_s390.deb Size/MD5 checksum: 181596 c419b59dc3bad8208f6d0c4ff9248e13 http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_s390.deb Size/MD5 checksum: 267778 00ea85457a4457d7539f9e939fa38524 Sun Sparc architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_sparc.deb Size/MD5 checksum: 64334 9e1a24f503ce5d8ef70798f0dad6714a http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_sparc.deb Size/MD5 checksum: 39392 7eaf2f1afd3bd2ab143f5b5f78cdd51b http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_sparc.deb Size/MD5 checksum: 2171076 e9e6a7aa3e48315dd9905e407ed6b969 http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_sparc.deb Size/MD5 checksum: 36854 1d81507b5ee8ae42506dad08b6a9a452 http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_sparc.deb Size/MD5 checksum: 174900 a6a7fcfed104d7351832f7eba3b5e6b1 http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_sparc.deb Size/MD5 checksum: 263458 4f26cd6ff0466652766d7ce5ae183a63 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDO9c1W5ql+IAeqTIRAngGAJ0e0cAiQPXIm9Vi0Rp0cSYc8kRQEgCdG8vt 1IRu7XWrqRONnuYZ/JQkEIU= =zeaO -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/