-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1366-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff September 1st, 2007 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : clamav Vulnerability : several Problem-Type : remote Debian-specific: no CVE ID : CVE-2007-4510 CVE-2007-4560 Several remote vulnerabilities have been discovered in the Clam anti-virus toolkit. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-4510 It was discovered that the RTF and RFC2397 parsers can be tricked into dereferencing a NULL pointer, resulting in denial of service. CVE-2007-4560 It was discovered clamav-milter performs insufficicient input sanitising, resulting in the execution of arbitrary shell commands. The oldstable distribution (sarge) is only affected by a subset of the problems. An update will be provided later. For the stable distribution (etch) these problems have been fixed in version 0.90.1-3etch7. For the unstable distribution (sid) these problems have been fixed in version 0.91.2-1. We recommend that you upgrade your clamav packages. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Source archives: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7.dsc Size/MD5 checksum: 886 76508137da0c93a144d130323f7eca87 http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7.diff.gz Size/MD5 checksum: 203232 127d4844eb36f41a52c67d461d554c09 http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1.orig.tar.gz Size/MD5 checksum: 11643310 cd11c05b5476262eaea4fa3bd7dc25bf Architecture independent components: http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.90.1-3etch7_all.deb Size/MD5 checksum: 201648 4f87137fc2d9dc12ae774ed149c11080 http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.90.1-3etch7_all.deb Size/MD5 checksum: 1003456 a2aacc240716f6da56c9cda24e288af1 http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.90.1-3etch7_all.deb Size/MD5 checksum: 157834 820e470f5c428c599fc174e0fcadc7ee Alpha architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_alpha.deb Size/MD5 checksum: 863492 e4bb31adae25ba8270c3a7693a5ac203 http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_alpha.deb Size/MD5 checksum: 184710 65a6b05e5f59a1373b27524267f81f61 http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_alpha.deb Size/MD5 checksum: 644772 fc182ead4b1858dd9e295a1e774f13c7 http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_alpha.deb Size/MD5 checksum: 9303850 fccfb44066fd7028855dd92ac61918ca http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_alpha.deb Size/MD5 checksum: 180304 d34adfc21674bfd5f804f4c721aff9d5 http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_alpha.deb Size/MD5 checksum: 511144 223b48dbd9cb9a4003a67dbba4bf265e http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_alpha.deb Size/MD5 checksum: 406406 6bca766fb1a86d0a58793f7f9603dd85 AMD64 architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_amd64.deb Size/MD5 checksum: 856522 cae033c2c4d2245ed0c3742982f9bb67 http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_amd64.deb Size/MD5 checksum: 178452 cf29bd7447cfc3163974b60cc29955a1 http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_amd64.deb Size/MD5 checksum: 638384 11df3244f048ed156ef97d99ddf13ee2 http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_amd64.deb Size/MD5 checksum: 9301956 ee98e922039c3ae2e58e00fa46f3682f http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_amd64.deb Size/MD5 checksum: 177470 a2fc25aecce75dfd7b506bfd852110cd http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_amd64.deb Size/MD5 checksum: 386568 6a1f79b33c45bbf7f63361c5bc3e5301 http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_amd64.deb Size/MD5 checksum: 367274 a313b9e7a274000923f2a4c508ce630d ARM architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_arm.deb Size/MD5 checksum: 852934 030a5f8950c9917033dd4a73e500d177 http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_arm.deb Size/MD5 checksum: 171200 c37973b52dbee496410dc338826c89c3 http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_arm.deb Size/MD5 checksum: 598014 2e698cb351c2a6821e4cc4a4c4f39d48 http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_arm.deb Size/MD5 checksum: 9299226 06ca0c49348eb0deeddac6e1b4d87378 http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_arm.deb Size/MD5 checksum: 175344 b38253709f390f65a27363f0d41e14c7 http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_arm.deb Size/MD5 checksum: 366618 f555885ad50c5a205bfe52bc5c05bf32 http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_arm.deb Size/MD5 checksum: 363474 47905b28d3fa482eb2ba05c08de1f395 HP Precision architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_hppa.deb Size/MD5 checksum: 857242 7d921dd3dc4d8dc97c8289e6ed2dc56c http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_hppa.deb Size/MD5 checksum: 178162 f0e8edeadf8a35002982a166b84f5bd8 http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_hppa.deb Size/MD5 checksum: 618354 dd56899c90c0826a029ad632fe3d784e http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_hppa.deb Size/MD5 checksum: 9303278 352b5455ef66f4faebf1622bba6d6abb http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_hppa.deb Size/MD5 checksum: 177404 1d571b923902dfeadab4c4d79485ca24 http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_hppa.deb Size/MD5 checksum: 432894 5700bd90730816ae355bb969a3a0d726 http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_hppa.deb Size/MD5 checksum: 405100 8e2345c87a460779a4588a51b5d3d4fa Intel IA-32 architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_i386.deb Size/MD5 checksum: 853954 9cb2105c0b125d06b6cd55c3afc034df http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_i386.deb Size/MD5 checksum: 174810 26e058c602e245cdd93b617a6433f3eb http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_i386.deb Size/MD5 checksum: 604246 9229e00e4fd2f479c4991579527dda05 http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_i386.deb Size/MD5 checksum: 9300180 2ea193af166b258bafc507ee39fe5ed5 http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_i386.deb Size/MD5 checksum: 175306 a9249b84ddf8381fddaefdad2d838a7e http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_i386.deb Size/MD5 checksum: 367860 d88bcc54abe004b0cac9dace8b1a97cb http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_i386.deb Size/MD5 checksum: 365930 25dfe3b0f5db7fd318f508f981447c5b Intel IA-64 architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_ia64.deb Size/MD5 checksum: 878502 6819ecbe6de1e78d7a794bd57be5242c http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_ia64.deb Size/MD5 checksum: 201696 b6aad73bb42bc06ebe2c7e7cf6638e8e http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_ia64.deb Size/MD5 checksum: 657016 a8700ddde5a27b6e5543c26b94ebaccb http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_ia64.deb Size/MD5 checksum: 9315332 5e70f38d3e2c545c2a3a0e886a9d31bf http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_ia64.deb Size/MD5 checksum: 191962 096679339d39f00c721efb8b443a4eaa http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_ia64.deb Size/MD5 checksum: 521666 d782256097bd91daac7c281bc5b9c04a http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_ia64.deb Size/MD5 checksum: 475118 9672c4a0370689ab46e98bbe4b5abdae Big endian MIPS architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_mips.deb Size/MD5 checksum: 854704 4c88a5d9a1dba0a9b1bff65a873b3088 http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_mips.deb Size/MD5 checksum: 179932 6eddaad912a230c6b5e8d7b66503a99d http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_mips.deb Size/MD5 checksum: 647356 783a1e4fed71df9f0556616b54cb3a93 http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_mips.deb Size/MD5 checksum: 9301594 fc06728c15469aace7857a24f5fc53ee http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_mips.deb Size/MD5 checksum: 175694 1389bf57964bee7e61a49fe148dfd06c http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_mips.deb Size/MD5 checksum: 435530 6ff83829f607222759f9bc74add7b77e http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_mips.deb Size/MD5 checksum: 372356 569d451c407c05823032836b2b44d89c Little endian MIPS architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_mipsel.deb Size/MD5 checksum: 854664 4d78fb80f34622cfabd610d707b74ed3 http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_mipsel.deb Size/MD5 checksum: 180046 e2a0871e9171da32be01adf62ad1d128 http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_mipsel.deb Size/MD5 checksum: 636224 2476d9168a9dc29ec7c466f87a234dbc http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_mipsel.deb Size/MD5 checksum: 9301726 91fbb41f97a05431b3a192b7fb1be1ab http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_mipsel.deb Size/MD5 checksum: 175936 bca774cbae1f58760b3e865189615238 http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_mipsel.deb Size/MD5 checksum: 426980 282f62187b9cd468416f8fd614d4067c http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_mipsel.deb Size/MD5 checksum: 365596 6a7c6a9c3f466ec1af406bc5c58d8322 PowerPC architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_powerpc.deb Size/MD5 checksum: 857324 71e8777c0bd9373b31bafc1aa00c8be0 http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_powerpc.deb Size/MD5 checksum: 181870 76e72290201ed98010991f3639c6a87e http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_powerpc.deb Size/MD5 checksum: 637432 d3d0cf8a8288a340ade551737721ddcf http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_powerpc.deb Size/MD5 checksum: 9302318 7574fcc75525c788c93ff3b28b214458 http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_powerpc.deb Size/MD5 checksum: 176394 9f861a15da4a7d3d460948dce1e97037 http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_powerpc.deb Size/MD5 checksum: 405822 f84a324e6d6101046dce37495a5fc1db http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_powerpc.deb Size/MD5 checksum: 378474 ec5ab7ea0b45d507ad5ffd0bdd91921b IBM S/390 architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_s390.deb Size/MD5 checksum: 855284 451dd987867f18df691343826ae2f11f http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_s390.deb Size/MD5 checksum: 176424 46cc5eddcc876479e988b9e10e879f8c http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_s390.deb Size/MD5 checksum: 628526 2c75c9e4150a0b8eb0c6446e5d112735 http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_s390.deb Size/MD5 checksum: 9300942 04eb856a3a44098ea1e483921e272c46 http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_s390.deb Size/MD5 checksum: 177166 52c5cba6197a33b62c912bfddde59782 http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_s390.deb Size/MD5 checksum: 401818 b8f39319d247f3aa8077c5cfd308185c http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_s390.deb Size/MD5 checksum: 391486 24119acc8394847bbde1a957449b0f15 Sun Sparc architecture: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_sparc.deb Size/MD5 checksum: 851414 6da36840b5725d962426971f01e2419c http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_sparc.deb Size/MD5 checksum: 172124 0ad57992d8e2538850137a3b9580dfc0 http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_sparc.deb Size/MD5 checksum: 584052 69fd3f5d67b2a54b1735414184f6a92c http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_sparc.deb Size/MD5 checksum: 9298816 2c3e7b1aa338c7fb3d04ce3807ec28bd http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_sparc.deb Size/MD5 checksum: 174044 16c23d0e5057d3d852e21ad226601ec2 http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_sparc.deb Size/MD5 checksum: 389466 45e786e946ddde5fc22c9532a7169f5e http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_sparc.deb Size/MD5 checksum: 377484 58b6b3b0d422300d241f406f9985cfa9 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFG2VKTXm3vHE4uyloRApU/AJ4iMAAtQkYLb1b6Yt/v0PhLvl8YsgCg1U+S 4x6lAqoCqVoHDBPuNQLeG9U= =N77M -----END PGP SIGNATURE-----