-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1263-1 security@xxxxxxxxxx http://www.debian.org/security/ Moritz Muehlenhoff March 6th, 2006 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : clamav Vulnerability : several Problem-Type : remote Debian-specific: no CVE ID : CVE-2007-0897 CVE-2007-0898 Debian Bug : 411118 Several remote vulnerabilities have been discovered in in the Clam anti-virus toolkit, which may lead to denial of service. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-0897 It was discovered that malformed CAB archives may exhaust file descriptors, which allows denial of service. CVE-2007-0898 It was discovered that a directory traversal vulnerability in the MIME header parser may lead to denial of service. For the stable distribution (sarge) these problems have been fixed in version 0.84-2.sarge.15. For the upcoming stable distribution (etch) these problems have been fixed in version 0.88.7-2. For the unstable distribution (sid) these problems have been fixed in version 0.90-1. We recommend that you upgrade your clamav packages. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15.dsc Size/MD5 checksum: 874 164ac3671dc1ede72f116703ff47f5c7 http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15.diff.gz Size/MD5 checksum: 181092 4cb9909ef8d4d1da088a44a40a3d0a5d http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84.orig.tar.gz Size/MD5 checksum: 4006624 c43213da01d510faf117daa9a4d5326c Architecture independent components: http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.84-2.sarge.15_all.deb Size/MD5 checksum: 155290 d03243c2e40548b1ed8a7187dbbe05c0 http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.84-2.sarge.15_all.deb Size/MD5 checksum: 690908 6a35ca9ba3a2cccafe60ee6ba15dff30 http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.84-2.sarge.15_all.deb Size/MD5 checksum: 124274 50a76314d37beaa54c9939d01268a295 Alpha architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_alpha.deb Size/MD5 checksum: 74852 2f8ba776b5b8ecabb5ced89124df8711 http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_alpha.deb Size/MD5 checksum: 48910 3c1e853f2c6cd9e75c1f88f9e607196c http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_alpha.deb Size/MD5 checksum: 2176498 f00a4e4a4724e7c278b356f74dcd6e9f http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_alpha.deb Size/MD5 checksum: 42160 1632e0df7ee729b9863ddd3deb70f57c http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_alpha.deb Size/MD5 checksum: 256108 8cd276b750093c23907973a9d3e80031 http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_alpha.deb Size/MD5 checksum: 286304 85f2cd7418bb2bae13615499b52211fe AMD64 architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_amd64.deb Size/MD5 checksum: 69010 5c1285590a4068fe6253145862a4ade9 http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_amd64.deb Size/MD5 checksum: 44278 5b7a1bc8cd6034bbc5ea6b4af21c5adc http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_amd64.deb Size/MD5 checksum: 2173282 eedaa60dcb78037af56c2868aaa70a8a http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_amd64.deb Size/MD5 checksum: 40038 92967a280f254f2254851bed6f1dfd0f http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_amd64.deb Size/MD5 checksum: 176818 c76d900e5c2b6add3da38f4ef84adc2b http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_amd64.deb Size/MD5 checksum: 260378 b6b0304db0b1ac7306b43d854eb8a4d5 ARM architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_arm.deb Size/MD5 checksum: 63970 a8146a69333876298408f196c7b6de18 http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_arm.deb Size/MD5 checksum: 39636 f3768da7d1f98159134b0d5375585567 http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_arm.deb Size/MD5 checksum: 2171278 b728182250c04bb804c25150a1c008bc http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_arm.deb Size/MD5 checksum: 37320 1dbc35eb0c07bb0b19f83f002346462c http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_arm.deb Size/MD5 checksum: 175142 e1a4473d761f38ea9e22aeede630d8af http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_arm.deb Size/MD5 checksum: 250250 5be64956ab66d665a714dd889616d8a7 HP Precision architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_hppa.deb Size/MD5 checksum: 68470 75c8d1e6c3f6d20d8955178dc1f9a74d http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_hppa.deb Size/MD5 checksum: 43276 23d1c8cacac81c26942fb1fc91a57756 http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_hppa.deb Size/MD5 checksum: 2173656 13c73779b34757f034a924aa72c589f3 http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_hppa.deb Size/MD5 checksum: 39534 cc09b2a89978af3c674d3b908bac0ce6 http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_hppa.deb Size/MD5 checksum: 202948 cd2bd9baaf5784217111a7527c085faa http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_hppa.deb Size/MD5 checksum: 283994 91570ebc055a4c6542369090b9c42833 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_i386.deb Size/MD5 checksum: 65324 27e131c923911d74c77b081081efd53b http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_i386.deb Size/MD5 checksum: 40372 302701e63dd3ed03f4d6df6be0ea9fda http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_i386.deb Size/MD5 checksum: 2171596 4df76765279396b0c35e5f08c45ed9ba http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_i386.deb Size/MD5 checksum: 38044 56981cfac9af7758ee3c9bfb900312e8 http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_i386.deb Size/MD5 checksum: 159896 ae0b9dab053b2a5e14f795298b27a4dd http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_i386.deb Size/MD5 checksum: 255084 dce16317d32ee0c1fa89e7b881627ae3 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_ia64.deb Size/MD5 checksum: 81954 38e69159641cd1a96823bca6bd9dbe65 http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_ia64.deb Size/MD5 checksum: 55336 5c9ed951a1c11eb69c99c4b896b79b8d http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_ia64.deb Size/MD5 checksum: 2180266 7d15c59e8b1c8514c654deab1902aed2 http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_ia64.deb Size/MD5 checksum: 49252 9184c9e05f4bb5d42e8d837016065946 http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_ia64.deb Size/MD5 checksum: 252442 936bbea0fb4950db7be9bb8a01164fc3 http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_ia64.deb Size/MD5 checksum: 318470 07a022c3616a0a1b5ddc5f6acb132b50 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_m68k.deb Size/MD5 checksum: 62640 6315cbb887a6e57471451c8a4d930b51 http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_m68k.deb Size/MD5 checksum: 38258 76d989cd3d071c5600d9239ec44d5e10 http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_m68k.deb Size/MD5 checksum: 2170534 f35dcc6912fb0acd0b259acae8a9b9a2 http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_m68k.deb Size/MD5 checksum: 35122 40b89cf394c25f79e17acc8dfb329b0d http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_m68k.deb Size/MD5 checksum: 146484 0098c6f52a629d5e1997ada7e752170e http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_m68k.deb Size/MD5 checksum: 251086 888c34801a5588dbc49f66e2acf1216a Big endian MIPS architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_mips.deb Size/MD5 checksum: 68062 9d6a26efae1f42e04162a5423ac317fb http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_mips.deb Size/MD5 checksum: 43874 f1cd8daafda6e91f288a8206d168f301 http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_mips.deb Size/MD5 checksum: 2173058 6f5c70b355790ce6d4ff9c082e8506a3 http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_mips.deb Size/MD5 checksum: 37682 a6706508bb4aaf8098968d60f8397be6 http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_mips.deb Size/MD5 checksum: 195860 ea70cd36f235d4f2326307df22e06f69 http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_mips.deb Size/MD5 checksum: 258188 9d874d790e66793797211be2a5a8ce86 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_mipsel.deb Size/MD5 checksum: 67650 9a9146d5667ccf4b111dd30d752f0a91 http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_mipsel.deb Size/MD5 checksum: 43684 21fb06cf16611c12fdacdb8937ae92b1 http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_mipsel.deb Size/MD5 checksum: 2173010 cc75d6c3f0f2fe5e597e79d547199a0f http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_mipsel.deb Size/MD5 checksum: 37996 3aeecfbf91fa68a8a2175ab5a1caa013 http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_mipsel.deb Size/MD5 checksum: 192220 c612ee4b274d41ee7c7a2f7c06665958 http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_mipsel.deb Size/MD5 checksum: 255722 66f071a933589d62c11c161a49015702 PowerPC architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_powerpc.deb Size/MD5 checksum: 69390 57c24e63fb8b9eee0ba65f82ebce29c5 http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_powerpc.deb Size/MD5 checksum: 44732 b79f087c2d6b9a6a0443257dd664cd28 http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_powerpc.deb Size/MD5 checksum: 2173690 c13fd5c3eb38db179db4db8a25017bd1 http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_powerpc.deb Size/MD5 checksum: 38886 902c240c9ba87fb45d2018d6e7071b9e http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_powerpc.deb Size/MD5 checksum: 187852 cbfcd17a7acf154d92f2324aa6cc9bc3 http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_powerpc.deb Size/MD5 checksum: 265522 5803d3f1b222cfd28229a2e47076bcae IBM S/390 architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_s390.deb Size/MD5 checksum: 67960 8abf60927cc67e39c30af5147038457f http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_s390.deb Size/MD5 checksum: 43632 2087d0ad268f72be98b9c711543b4e15 http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_s390.deb Size/MD5 checksum: 2172968 1e93b48d8eabf027a2885c44eeb2f694 http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_s390.deb Size/MD5 checksum: 38974 15884fe049d94ea78d1392025734f719 http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_s390.deb Size/MD5 checksum: 182844 894b86b7256a132a8c4d7ddf9adc3a0e http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_s390.deb Size/MD5 checksum: 270124 b804fa150e7e2c85e09ebb4fa5c15d8a Sun Sparc architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_sparc.deb Size/MD5 checksum: 64742 57b8bb2c49e2eb5360b8f105ed4b9f91 http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_sparc.deb Size/MD5 checksum: 39522 59eb16c39f5c0dd52919b5fa3b2096fb http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_sparc.deb Size/MD5 checksum: 2171204 d66238ca67d4f22ff1145cf9ca393d9c http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_sparc.deb Size/MD5 checksum: 36890 5ffe48cc0fdea294f6382f73a668fe30 http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_sparc.deb Size/MD5 checksum: 176144 1110fde33987418132d3ee6df0990ac8 http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_sparc.deb Size/MD5 checksum: 265558 a2096ed70b830e852a72099dc9962641 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFF7ewBXm3vHE4uyloRAp+FAKDK2+l25JCKPiiY/BJc6LCarkFLbgCfck0k Wr6nOPT+eQ6P3Z+mSFoLA/o= =7tJE -----END PGP SIGNATURE-----