Network Security: Detailed info on [Full-disclosure] [SECURITY] [DSA 1616-2] New clamav packages fix denial

Subject:	[Full-disclosure] [SECURITY] [DSA 1616-2] New clamav packages fix denial of service
Date:	Sat, 26 Jul 2008 04:49:24 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1616-2                  security@debian.org
http://www.debian.org/security/                           Devin Carraway
July 26, 2008                         http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : clamav
Vulnerability  : denial of service
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2008-2713
Debian Bug     : 490925

This update corrects a packaging and build error in the packages
released in DSA-1616-1.  Those packages, while functional, did not
actually apply the fix intended.  This update restores the fix
to the package build; no other changes are introduced.  For
reference, the text of the original advisory follows.

Damian Put discovered a vulnerability in the ClamAV anti-virus
toolkit's parsing of Petite-packed Win32 executables.  The weakness
leads to an invalid memory access, and could enable an attacker to
crash clamav by supplying a maliciously crafted Petite-compressed
binary for scanning.  In some configurations, such as when clamav
is used in combination with mail servers, this could cause a system
to "fail open," facilitating a follow-on viral attack.

The Common Vulnerabilities and Exposures project identifies this
weakness as CVE-2008-2713.

For the stable distribution (etch), this problem has been fixed in
version 0.90.1dfsg-3.1+etch14.  For the unstable distribution (sid),
the problem has been fixed in version 0.93.1.dfsg-1.1.

We recommend that you upgrade your clamav packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, 
mipsel, powerpc, s390 and sparc.

Source archives:

  
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg.orig.tar.gz
    Size/MD5 checksum: 11610428 6dc18602b0aa653924d47316f9411e49
  
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3.1+etch14.diff.gz
    Size/MD5 checksum:   212774 199de1c758a33edf439dde87ae569bac
  
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3.1+etch14.dsc
    Size/MD5 checksum:      906 71a4fbac6552c6a24d1a0e2c4ca1c7da

Architecture independent packages:

  
http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.90.1dfsg-3.1+etch14_all.deb
    Size/MD5 checksum:  1006914 a5feccd106ffa258beae4901d25db623
  
http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.90.1dfsg-3.1+etch14_all.deb
    Size/MD5 checksum:   158430 bbc7804704709ae18176c737c0b134e9
  
http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.90.1dfsg-3.1+etch14_all.deb
    Size/MD5 checksum:   201298 868f961ab7554df5417736f335aa488d

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3.1+etch14_alpha.deb
    Size/MD5 checksum:   182644 8e84fae267fb377cabf7317d2f44c692
  
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3.1+etch14_alpha.deb
    Size/MD5 checksum:  9305178 b750c3292f0e7d1cdb56238683571734
  
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3.1+etch14_alpha.deb
    Size/MD5 checksum:   597516 fc362f29653a1f7b4502ad194b67b847
  
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3.1+etch14_alpha.deb
    Size/MD5 checksum:   862222 7efe4391739d6a09c405b18d29f3044a
  
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3.1+etch14_alpha.deb
    Size/MD5 checksum:   465260 b63d35f63e5aaf44156887abd1d1459e
  
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3.1+etch14_alpha.deb
    Size/MD5 checksum:   372814 60af231db0dff0eaff0a672263dfcd7d
  
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3.1+etch14_alpha.deb
    Size/MD5 checksum:   180822 e63e83fef5fecfe72af5ec219de783b0

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3.1+etch14_amd64.deb
    Size/MD5 checksum:   341534 6c0bc2832930b33660a112bf19935a83
  
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3.1+etch14_amd64.deb
    Size/MD5 checksum:   857172 a48f0ceee8dfcc931f644c8ce1e6f538
  
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3.1+etch14_amd64.deb
    Size/MD5 checksum:   177770 4207030fd20cca2180859ec443f0a0f1
  
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3.1+etch14_amd64.deb
    Size/MD5 checksum:   178482 03f5be30b79ef71176f6ae719401f436
  
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3.1+etch14_amd64.deb
    Size/MD5 checksum:   594702 3abad9e4419716ab642f8c017559bb6a
  
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3.1+etch14_amd64.deb
    Size/MD5 checksum:  9301618 1bcd0de2457edd37d6ffc3b0903696b1
  
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3.1+etch14_amd64.deb
    Size/MD5 checksum:   355674 0ae17bf7e335891cdbeeb4b60be92632

arm architecture (ARM)

  
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3.1+etch14_arm.deb
    Size/MD5 checksum:   171748 3ed60880f21579874b4ad6a9e015f68a
  
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3.1+etch14_arm.deb
    Size/MD5 checksum:  9299608 7e9e3f4609257394f40b2d6857474064
  
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3.1+etch14_arm.deb
    Size/MD5 checksum:   335664 db92882e9aa7b6ca64da3cf9891449d2
  
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3.1+etch14_arm.deb
    Size/MD5 checksum:   853812 c38d6afa529c6436676e53ccba32ec2f
  
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3.1+etch14_arm.deb
    Size/MD5 checksum:   336382 644bcae8f4c896753dad02f1b2009d1a
  
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3.1+etch14_arm.deb
    Size/MD5 checksum:   175872 10d4176f16d8be11a06b6146c7779109
  
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3.1+etch14_arm.deb
    Size/MD5 checksum:   554138 95ffde3c2906b6841b27434853f079f2

hppa architecture (HP PA RISC)

  
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3.1+etch14_hppa.deb
    Size/MD5 checksum:   178090 8991c9cc08ee36c63edf94008acfa594
  
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3.1+etch14_hppa.deb
    Size/MD5 checksum:  9303416 4bc7ace973a6d7b38a8b51f61c85aefb
  
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3.1+etch14_hppa.deb
    Size/MD5 checksum:   572296 49cc89497b0f53af36fe674baf3137b5
  
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3.1+etch14_hppa.deb
    Size/MD5 checksum:   856748 f55ee39b6d74332e7445052c40dfdb03
  
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3.1+etch14_hppa.deb
    Size/MD5 checksum:   177814 8909ac03518b4a5f3c32e64ca1788dc1
  
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3.1+etch14_hppa.deb
    Size/MD5 checksum:   372458 07afbcca403412e6d15d605084fe5dc9
  
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3.1+etch14_hppa.deb
    Size/MD5 checksum:   396254 4af9d29063c5d7e69c4ab9f338c0394c

i386 architecture (Intel ia32)

  
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3.1+etch14_i386.deb
    Size/MD5 checksum:   175282 424fa862dad29ea379904129391e41d1
  
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3.1+etch14_i386.deb
    Size/MD5 checksum:   338196 cf2864c712dfbfc8b69c9b1273175fb3
  
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3.1+etch14_i386.deb
    Size/MD5 checksum:   175836 090d742a6210c51592fe1ecc280c8b39
  
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3.1+etch14_i386.deb
    Size/MD5 checksum:   853006 1533b5f937508351cebf4fea531d06a5
  
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3.1+etch14_i386.deb
    Size/MD5 checksum:   559576 7617c8c357f9f6e3727dedc3df01663e
  
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3.1+etch14_i386.deb
    Size/MD5 checksum:   339726 e90b7aca9c23b8f7806db6140585b753
  
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3.1+etch14_i386.deb
    Size/MD5 checksum:  9299954 ed782c4d674b7dabc492a81c886be34c

ia64 architecture (Intel ia64)

  
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3.1+etch14_ia64.deb
    Size/MD5 checksum:  9315878 7e185a585d7847067b2b8ab671f0c2dc
  
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3.1+etch14_ia64.deb
    Size/MD5 checksum:   879008 930ead56956e3b853a9ac95f321451fd
  
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3.1+etch14_ia64.deb
    Size/MD5 checksum:   427704 a9b75983eef41d65d0a55fc4e60465bc
  
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3.1+etch14_ia64.deb
    Size/MD5 checksum:   192526 559aecb601fea34925ad47915c835475
  
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3.1+etch14_ia64.deb
    Size/MD5 checksum:   610678 6f56f8a76b88dde718029ce0e8c3eb07
  
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3.1+etch14_ia64.deb
    Size/MD5 checksum:   465838 8f8cb866007dbec4079c77ea6bac0319
  
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3.1+etch14_ia64.deb
    Size/MD5 checksum:   202260 36c874543c4b57ccf087701b9afcbf43

mips architecture (MIPS (Big Endian))

  
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3.1+etch14_mips.deb
    Size/MD5 checksum:  9301614 51ef706f4e02abf651bb5f204d78cb25
  
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3.1+etch14_mips.deb
    Size/MD5 checksum:   179662 91c4d43018b2578afcfa691a362766fd
  
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3.1+etch14_mips.deb
    Size/MD5 checksum:   855158 0d1392dbda84cfc0ddb85980f691efc4
  
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3.1+etch14_mips.deb
    Size/MD5 checksum:   343444 0566593cd104727051462bdfca0a737f
  
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3.1+etch14_mips.deb
    Size/MD5 checksum:   599850 2c32b41dc36d46c2284a059246bc81e8
  
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3.1+etch14_mips.deb
    Size/MD5 checksum:   175536 535b43fc2080b1e154f5fbc45067e102
  
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3.1+etch14_mips.deb
    Size/MD5 checksum:   398480 a034805b291260d2c65071cd9019e762

mipsel architecture (MIPS (Little Endian))

  
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3.1+etch14_mipsel.deb
    Size/MD5 checksum:   855196 fe395546187d33676b2e52d8ae6311c7
  
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3.1+etch14_mipsel.deb
    Size/MD5 checksum:   176512 fffe8e028d63a4d60d09fe2fa779ad09
  
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3.1+etch14_mipsel.deb
    Size/MD5 checksum:   389714 8baf3767f9c032cbb8d41ae765a04129
  
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3.1+etch14_mipsel.deb
    Size/MD5 checksum:  9302090 64a4984f8215b36ec199bd62ce43e5e1
  
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3.1+etch14_mipsel.deb
    Size/MD5 checksum:   180540 86cb92398f1de1d910e99f2c8dafaef5
  
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3.1+etch14_mipsel.deb
    Size/MD5 checksum:   590596 80bc2c27892e72164d4e2979ef7c9a8c
  
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3.1+etch14_mipsel.deb
    Size/MD5 checksum:   336880 a64b54f0c011823596e81f676ec30535

powerpc architecture (PowerPC)

  
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3.1+etch14_powerpc.deb
    Size/MD5 checksum:   176940 d165050c2dda9b0c04173a600670dc60
  
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3.1+etch14_powerpc.deb
    Size/MD5 checksum:  9302922 4ce517ac4194aee7413166bc5e3a3c55
  
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3.1+etch14_powerpc.deb
    Size/MD5 checksum:   372472 304f0d7daf701aeb080c57e803614bdd
  
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3.1+etch14_powerpc.deb
    Size/MD5 checksum:   590982 79f675fd08cdef59591b73ddb756b57d
  
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3.1+etch14_powerpc.deb
    Size/MD5 checksum:   857860 499b3df5f4a3a75219cae4fcbe7de74d
  
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3.1+etch14_powerpc.deb
    Size/MD5 checksum:   350472 790d98cebecfcf302578f259d3db4944
  
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3.1+etch14_powerpc.deb
    Size/MD5 checksum:   182340 4bc61a48fc1cba04e41fbfcee0e6153f

s390 architecture (IBM S/390)

  
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3.1+etch14_s390.deb
    Size/MD5 checksum:   855798 c48dfd49d40a99a8e6a422e7c4d57958
  
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3.1+etch14_s390.deb
    Size/MD5 checksum:   581570 8e91584fcd401c6aa4fd423fc66c5804
  
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3.1+etch14_s390.deb
    Size/MD5 checksum:   177732 37fb6afe5c9b497d7807d7ba9de7c60e
  
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3.1+etch14_s390.deb
    Size/MD5 checksum:   370092 2bf800750709e2a85ab0c8d20120dd35
  
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3.1+etch14_s390.deb
    Size/MD5 checksum:  9301540 a7faa325d0520f0e3fa6cb6388817354
  
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3.1+etch14_s390.deb
    Size/MD5 checksum:   176904 49de4354abb82882b316c7eaa951f634
  
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3.1+etch14_s390.deb
    Size/MD5 checksum:   361538 041f98e36b075c2124a13ca7d821ec27

sparc architecture (Sun SPARC/UltraSPARC)

  
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3.1+etch14_sparc.deb
    Size/MD5 checksum:   851954 84e5342b68218f68c4f9098d6854a812
  
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3.1+etch14_sparc.deb
    Size/MD5 checksum:   349302 2ac1912b054a77725c26e1126cef9396
  
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3.1+etch14_sparc.deb
    Size/MD5 checksum:   357818 d3d49289c7448b2ab8144519fb09d2dc
  
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3.1+etch14_sparc.deb
    Size/MD5 checksum:   540964 902c896aea414d26ba171f24ebf7f9d7
  
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3.1+etch14_sparc.deb
    Size/MD5 checksum:  9299278 4a00f95c77563140ea860f62d49feb9c
  
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3.1+etch14_sparc.deb
    Size/MD5 checksum:   174636 b72067dd6e27fcefe97ace2a0911f05c
  
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3.1+etch14_sparc.deb
    Size/MD5 checksum:   172690 d6fa013c61cc962447de1c4f85c78927


  These files will probably be moved into the stable distribution on
  its next update.

- 
---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security 
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIiqrmU5XKDemr/NIRAoLWAJwPrE4DuB4Pzu2Nqy8VwHQAp6X1ggCffak6
7YkaoDQuhWSw2Xc12CA2xZs=
=VW7q
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
<Prev in Thread]	Current Thread	[Next in Thread>
[Full-disclosure] [SECURITY] [DSA 1616-2] New clamav packages fix denial of service, Devin Carraway <=
Previous by Date:	Re: [Full-disclosure] Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution, Jan MinÃÅ
Next by Date:	Re: [Full-disclosure] Kaminsky's Law, Adam Chesnutt
Previous by Thread:	[Full-disclosure] DNS spoofing issue. Thoughts on, RandallMan
Next by Thread:	[Full-disclosure] [SECURITY] [DSA 1618-1] New ruby1.9 packages fix several vulnerabilities, Moritz Muehlenhoff
Indexes:	[Date] [Thread] [Top] [All Lists]