-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1050-1 security@debian.org http://www.debian.org/security/ Martin Schulze May 2nd, 2006 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : clamav Vulnerability : buffer overflow Problem type : remote Debian-specific: no CVE ID : CVE-2006-1989 BugTraq ID : 17754 Ulf Härnhammar and an anonymous researcher from Germany discovered a vulnerability in the protocol code of freshclam, a command line utility responsible for downloading and installing virus signature updates for ClamAV, the antivirus scanner for Unix. This could lead to a denial of service or potentially the execution of arbitrary code. The old stable distribution (woody) does not contain clamav packages. For the stable distribution (sarge) this problem has been fixed in version 0.84-2.sarge.9. For the unstable distribution (sid) this problem has been fixed in version 0.88.2-1. We recommend that you upgrade your clamav packages. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9.dsc Size/MD5 checksum: 876 943e000ec0e1286a3dbdf29df42d2079 http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9.diff.gz Size/MD5 checksum: 176085 5e83632aca0a41e5e9e666d7dc9bddb1 http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84.orig.tar.gz Size/MD5 checksum: 4006624 c43213da01d510faf117daa9a4d5326c Architecture independent components: http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.84-2.sarge.9_all.deb Size/MD5 checksum: 154874 583075812746d50b00cf393f91cf6268 http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.84-2.sarge.9_all.deb Size/MD5 checksum: 690472 154f6c262b9525573acbc7d63c0fc58a http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.84-2.sarge.9_all.deb Size/MD5 checksum: 123852 431264c393cbf721d11a4c17b465984c Alpha architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9_alpha.deb Size/MD5 checksum: 74762 c0841b5ad9c30a0e1ab5bc852a5b4df5 http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.9_alpha.deb Size/MD5 checksum: 48832 ca0177b0ad40dab6ebd5e2482dccff0c http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.9_alpha.deb Size/MD5 checksum: 2176472 9c55170dba238d910e2a76a9b9a0f90e http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.9_alpha.deb Size/MD5 checksum: 42110 91038c466a5d7da73ec408edf1d79079 http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.9_alpha.deb Size/MD5 checksum: 255658 4018f5b3119dbe0a046bd3ef0eea7f5d http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.9_alpha.deb Size/MD5 checksum: 285526 dc76ca7e4f9334b55b8552e6de6144a7 AMD64 architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9_amd64.deb Size/MD5 checksum: 68840 f129489350c5dd3b700f10eae2e41e74 http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.9_amd64.deb Size/MD5 checksum: 44172 dfab3e90cb2948c876a66f34688a8e54 http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.9_amd64.deb Size/MD5 checksum: 2173250 bc5b91cd655eea9f62d9c997a4f33d0e http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.9_amd64.deb Size/MD5 checksum: 40002 003163f47600d0992a6c6d445919e2a5 http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.9_amd64.deb Size/MD5 checksum: 176418 530c4ae72744122635ca79305d7624c8 http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.9_amd64.deb Size/MD5 checksum: 259640 252a1582028a3a931d7535bcd6c08a93 ARM architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9_arm.deb Size/MD5 checksum: 63908 daadbd0ec8dd6bbbe0efb7dea8c7c862 http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.9_arm.deb Size/MD5 checksum: 39588 033e2e0cfcc9bff7560beb8a98c6d07b http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.9_arm.deb Size/MD5 checksum: 2171286 19e45af806dc2d39dbf2facc99e71414 http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.9_arm.deb Size/MD5 checksum: 37304 8918504ae9fe175df5e403248df27184 http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.9_arm.deb Size/MD5 checksum: 174796 ecb5d13c843235495b25cfb422dcdd1e http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.9_arm.deb Size/MD5 checksum: 249614 68a25e96c65651a742a3cdea82b6e4dc Intel IA-32 architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9_i386.deb Size/MD5 checksum: 65208 499c59767ffef73b2e466d0ad355acd9 http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.9_i386.deb Size/MD5 checksum: 40312 5c1197cfd1d386259090acd018a09d1d http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.9_i386.deb Size/MD5 checksum: 2171586 18efe0dffbe399b65f6109cf64fb4ebc http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.9_i386.deb Size/MD5 checksum: 38026 e2ea6a0007d4cb3eb89a677ced6237d0 http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.9_i386.deb Size/MD5 checksum: 159514 07dc6d59c3ca44802a884ba57295f25c http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.9_i386.deb Size/MD5 checksum: 254212 8f0ac53bb73ab04cace56dacbd1f7385 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9_ia64.deb Size/MD5 checksum: 81806 2f5e60307573c83948b364aba0b902d7 http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.9_ia64.deb Size/MD5 checksum: 55248 b0836a06803e2817c62a2fb0e44bbdf2 http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.9_ia64.deb Size/MD5 checksum: 2180260 67d516ba4de63b2df9a2f22ea09977cc http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.9_ia64.deb Size/MD5 checksum: 49196 eef0faa8458ad343723b2ad5ab20b85d http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.9_ia64.deb Size/MD5 checksum: 252022 44ae4643b97df4c60fc9344e978ed301 http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.9_ia64.deb Size/MD5 checksum: 317594 792d635c17661ff30a98002bcbf28c20 HP Precision architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9_hppa.deb Size/MD5 checksum: 68278 e6ae93d179cf42dff2e3e21f73b791d8 http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.9_hppa.deb Size/MD5 checksum: 43294 aca3a82514944bd64fe592f4c82fd3ee http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.9_hppa.deb Size/MD5 checksum: 2173750 e75c6299f3bcebf2fde0152a97964fd5 http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.9_hppa.deb Size/MD5 checksum: 39444 1bcd721e1d64f1dd87d210e67dd03c8a http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.9_hppa.deb Size/MD5 checksum: 202610 6de992b66d479fc91ab9c7f2ce241fe8 http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.9_hppa.deb Size/MD5 checksum: 283332 b53830c42ec5c4b4cc2f75804ee33165 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9_m68k.deb Size/MD5 checksum: 62522 b64d3b425ff4a76e45a1ad3fda52ac93 http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.9_m68k.deb Size/MD5 checksum: 38206 14a9a4a27a4b09153cce7adf167e3832 http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.9_m68k.deb Size/MD5 checksum: 2170544 eda974d6e3d676f4eaffb82a73548b89 http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.9_m68k.deb Size/MD5 checksum: 35058 04b9394b533707237f58a402339cd84f http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.9_m68k.deb Size/MD5 checksum: 146258 5ea523a7dbf19ff9d9d01b4ad8f31f39 http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.9_m68k.deb Size/MD5 checksum: 250356 1954573109230d4898760c36a3c87ba4 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9_mips.deb Size/MD5 checksum: 67950 27a6b985d95bb70281ad7cd842770170 http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.9_mips.deb Size/MD5 checksum: 43798 c802171f2f84f4f14ef1a720ecbb8aa7 http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.9_mips.deb Size/MD5 checksum: 2173032 7aa9e633b0962f5ab86ee11fb7c3974a http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.9_mips.deb Size/MD5 checksum: 37668 dec8e08fd9996962a93a1c3d752be4f0 http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.9_mips.deb Size/MD5 checksum: 195430 3e94e63724ef9c2dd11a59648f4b5c97 http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.9_mips.deb Size/MD5 checksum: 257462 ef59f02caa5d95c70b85022ea788bfa3 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9_mipsel.deb Size/MD5 checksum: 67556 a8f18eb0565bba5c75370ff92ac78f38 http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.9_mipsel.deb Size/MD5 checksum: 43580 59d814309d704ff91e9e07d492cc7167 http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.9_mipsel.deb Size/MD5 checksum: 2172984 cb6babbbb93113c91190757557209803 http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.9_mipsel.deb Size/MD5 checksum: 37966 e87c71e23e8ccd7c1250c2338dafc9ea http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.9_mipsel.deb Size/MD5 checksum: 191864 cdaf87930502971bfb89860cdef54ac1 http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.9_mipsel.deb Size/MD5 checksum: 255070 50e2c374bd3bcb15ff980e1fb3251f7b PowerPC architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9_powerpc.deb Size/MD5 checksum: 69284 4257688fc42e09118821e8958f0a6ee7 http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.9_powerpc.deb Size/MD5 checksum: 44694 f3ad6da5431802cc4d397bec741eca81 http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.9_powerpc.deb Size/MD5 checksum: 2173702 9b536d611b6ce4e48da03459c5071e84 http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.9_powerpc.deb Size/MD5 checksum: 38886 ff6033af2c67302deb234a7f120cf779 http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.9_powerpc.deb Size/MD5 checksum: 187680 227518152740d2518c5ec92105d85179 http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.9_powerpc.deb Size/MD5 checksum: 264838 7f4c6eed60bdc21edd28b60fdfe4c710 IBM S/390 architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9_s390.deb Size/MD5 checksum: 67906 8c6217c5131838abbfd7ce298556c8b1 http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.9_s390.deb Size/MD5 checksum: 43564 d6af81d53141d8efddb3878d70a0e624 http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.9_s390.deb Size/MD5 checksum: 2172976 993af7eba4a41c2510f5280f37d7e048 http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.9_s390.deb Size/MD5 checksum: 38942 50b2b6c19597e479e1f398439018ce9c http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.9_s390.deb Size/MD5 checksum: 182606 3821257f0925fe2be95a355d3d018d88 http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.9_s390.deb Size/MD5 checksum: 269406 9fe3e9dd8e7564db863a452b2ff9ffae Sun Sparc architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9_sparc.deb Size/MD5 checksum: 64424 df6e026c7266999f8747bc82706deb8f http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.9_sparc.deb Size/MD5 checksum: 39456 a426823f333ab28e49b16934f19dc346 http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.9_sparc.deb Size/MD5 checksum: 2171178 ea328218eaa01a6ed32c2dcaff418844 http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.9_sparc.deb Size/MD5 checksum: 36844 c92fc7b0b4249d6dcd3058482a0936c3 http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.9_sparc.deb Size/MD5 checksum: 175782 45be5bb635f8fe1244045c429dae943f http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.9_sparc.deb Size/MD5 checksum: 264704 dfcbfa29904f0db5848da5de1885d1ea These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFEWMtBW5ql+IAeqTIRAsK8AJ9TwxG2cEM9POfvEJNyl7545tXSqwCeNCuR 7HWEXyuEziuV+V8SPW7Hgek= =zVme -----END PGP SIGNATURE-----