Articles / Debian: New clamav packages…

Debian: New clamav packages fix denial of service

Several remote vulnerabilities have been discovered in in the Clam anti-virus toolkit, which may lead to denial of service. It was discovered that malformed CAB archives may exhaust file descriptors, which allows denial of service. It was discovered that a directory traversal vulnerability in the MIME header parser may lead to denial of service. Fixed packages are available from
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1263-1                                   Moritz Muehlenhoff
March 6th, 2006               
- --------------------------------------------------------------------------

Package        : clamav
Vulnerability  : several
Problem-Type   : remote
Debian-specific: no
CVE ID         : CVE-2007-0897 CVE-2007-0898
Debian Bug     : 411118

Several remote vulnerabilities have been discovered in in the Clam
anti-virus toolkit, which may lead to denial of service. The Common
Vulnerabilities and Exposures project identifies the following problems:


    It was discovered that malformed CAB archives may exhaust file
    descriptors, which allows denial of service.


    It was discovered that a directory traversal vulnerability in the MIME
    header parser may lead to denial of service.

For the stable distribution (sarge) these problems have been fixed in
version 0.84-2.sarge.15.

For the upcoming stable distribution (etch) these problems have been fixed
in version 0.88.7-2.

For the unstable distribution (sid) these problems have been fixed in
version 0.90-1.

We recommend that you upgrade your clamav packages.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:
      Size/MD5 checksum:      874 164ac3671dc1ede72f116703ff47f5c7
      Size/MD5 checksum:   181092 4cb9909ef8d4d1da088a44a40a3d0a5d
      Size/MD5 checksum:  4006624 c43213da01d510faf117daa9a4d5326c

  Architecture independent components:
      Size/MD5 checksum:   155290 d03243c2e40548b1ed8a7187dbbe05c0
      Size/MD5 checksum:   690908 6a35ca9ba3a2cccafe60ee6ba15dff30
      Size/MD5 checksum:   124274 50a76314d37beaa54c9939d01268a295

  Alpha architecture:
      Size/MD5 checksum:    74852 2f8ba776b5b8ecabb5ced89124df8711
      Size/MD5 checksum:    48910 3c1e853f2c6cd9e75c1f88f9e607196c
      Size/MD5 checksum:  2176498 f00a4e4a4724e7c278b356f74dcd6e9f
      Size/MD5 checksum:    42160 1632e0df7ee729b9863ddd3deb70f57c
      Size/MD5 checksum:   256108 8cd276b750093c23907973a9d3e80031
      Size/MD5 checksum:   286304 85f2cd7418bb2bae13615499b52211fe

  AMD64 architecture:
      Size/MD5 checksum:    69010 5c1285590a4068fe6253145862a4ade9
      Size/MD5 checksum:    44278 5b7a1bc8cd6034bbc5ea6b4af21c5adc
      Size/MD5 checksum:  2173282 eedaa60dcb78037af56c2868aaa70a8a
      Size/MD5 checksum:    40038 92967a280f254f2254851bed6f1dfd0f
      Size/MD5 checksum:   176818 c76d900e5c2b6add3da38f4ef84adc2b
      Size/MD5 checksum:   260378 b6b0304db0b1ac7306b43d854eb8a4d5

  ARM architecture:
      Size/MD5 checksum:    63970 a8146a69333876298408f196c7b6de18
      Size/MD5 checksum:    39636 f3768da7d1f98159134b0d5375585567
      Size/MD5 checksum:  2171278 b728182250c04bb804c25150a1c008bc
      Size/MD5 checksum:    37320 1dbc35eb0c07bb0b19f83f002346462c
      Size/MD5 checksum:   175142 e1a4473d761f38ea9e22aeede630d8af
      Size/MD5 checksum:   250250 5be64956ab66d665a714dd889616d8a7

  HP Precision architecture:
      Size/MD5 checksum:    68470 75c8d1e6c3f6d20d8955178dc1f9a74d
      Size/MD5 checksum:    43276 23d1c8cacac81c26942fb1fc91a57756
      Size/MD5 checksum:  2173656 13c73779b34757f034a924aa72c589f3
      Size/MD5 checksum:    39534 cc09b2a89978af3c674d3b908bac0ce6
      Size/MD5 checksum:   202948 cd2bd9baaf5784217111a7527c085faa
      Size/MD5 checksum:   283994 91570ebc055a4c6542369090b9c42833

  Intel IA-32 architecture:
      Size/MD5 checksum:    65324 27e131c923911d74c77b081081efd53b
      Size/MD5 checksum:    40372 302701e63dd3ed03f4d6df6be0ea9fda
      Size/MD5 checksum:  2171596 4df76765279396b0c35e5f08c45ed9ba
      Size/MD5 checksum:    38044 56981cfac9af7758ee3c9bfb900312e8
      Size/MD5 checksum:   159896 ae0b9dab053b2a5e14f795298b27a4dd
      Size/MD5 checksum:   255084 dce16317d32ee0c1fa89e7b881627ae3

  Intel IA-64 architecture:
      Size/MD5 checksum:    81954 38e69159641cd1a96823bca6bd9dbe65
      Size/MD5 checksum:    55336 5c9ed951a1c11eb69c99c4b896b79b8d
      Size/MD5 checksum:  2180266 7d15c59e8b1c8514c654deab1902aed2
      Size/MD5 checksum:    49252 9184c9e05f4bb5d42e8d837016065946
      Size/MD5 checksum:   252442 936bbea0fb4950db7be9bb8a01164fc3
      Size/MD5 checksum:   318470 07a022c3616a0a1b5ddc5f6acb132b50

  Motorola 680x0 architecture:
      Size/MD5 checksum:    62640 6315cbb887a6e57471451c8a4d930b51
      Size/MD5 checksum:    38258 76d989cd3d071c5600d9239ec44d5e10
      Size/MD5 checksum:  2170534 f35dcc6912fb0acd0b259acae8a9b9a2
      Size/MD5 checksum:    35122 40b89cf394c25f79e17acc8dfb329b0d
      Size/MD5 checksum:   146484 0098c6f52a629d5e1997ada7e752170e
      Size/MD5 checksum:   251086 888c34801a5588dbc49f66e2acf1216a

  Big endian MIPS architecture:
      Size/MD5 checksum:    68062 9d6a26efae1f42e04162a5423ac317fb
      Size/MD5 checksum:    43874 f1cd8daafda6e91f288a8206d168f301
      Size/MD5 checksum:  2173058 6f5c70b355790ce6d4ff9c082e8506a3
      Size/MD5 checksum:    37682 a6706508bb4aaf8098968d60f8397be6
      Size/MD5 checksum:   195860 ea70cd36f235d4f2326307df22e06f69
      Size/MD5 checksum:   258188 9d874d790e66793797211be2a5a8ce86

  Little endian MIPS architecture:
      Size/MD5 checksum:    67650 9a9146d5667ccf4b111dd30d752f0a91
      Size/MD5 checksum:    43684 21fb06cf16611c12fdacdb8937ae92b1
      Size/MD5 checksum:  2173010 cc75d6c3f0f2fe5e597e79d547199a0f
      Size/MD5 checksum:    37996 3aeecfbf91fa68a8a2175ab5a1caa013
      Size/MD5 checksum:   192220 c612ee4b274d41ee7c7a2f7c06665958
      Size/MD5 checksum:   255722 66f071a933589d62c11c161a49015702

  PowerPC architecture:
      Size/MD5 checksum:    69390 57c24e63fb8b9eee0ba65f82ebce29c5
      Size/MD5 checksum:    44732 b79f087c2d6b9a6a0443257dd664cd28
      Size/MD5 checksum:  2173690 c13fd5c3eb38db179db4db8a25017bd1
      Size/MD5 checksum:    38886 902c240c9ba87fb45d2018d6e7071b9e
      Size/MD5 checksum:   187852 cbfcd17a7acf154d92f2324aa6cc9bc3
      Size/MD5 checksum:   265522 5803d3f1b222cfd28229a2e47076bcae

  IBM S/390 architecture:
      Size/MD5 checksum:    67960 8abf60927cc67e39c30af5147038457f
      Size/MD5 checksum:    43632 2087d0ad268f72be98b9c711543b4e15
      Size/MD5 checksum:  2172968 1e93b48d8eabf027a2885c44eeb2f694
      Size/MD5 checksum:    38974 15884fe049d94ea78d1392025734f719
      Size/MD5 checksum:   182844 894b86b7256a132a8c4d7ddf9adc3a0e
      Size/MD5 checksum:   270124 b804fa150e7e2c85e09ebb4fa5c15d8a

  Sun Sparc architecture:
      Size/MD5 checksum:    64742 57b8bb2c49e2eb5360b8f105ed4b9f91
      Size/MD5 checksum:    39522 59eb16c39f5c0dd52919b5fa3b2096fb
      Size/MD5 checksum:  2171204 d66238ca67d4f22ff1145cf9ca393d9c
      Size/MD5 checksum:    36890 5ffe48cc0fdea294f6382f73a668fe30
      Size/MD5 checksum:   176144 1110fde33987418132d3ee6df0990ac8
      Size/MD5 checksum:   265558 a2096ed70b830e852a72099dc9962641

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list:
Package info: `apt-cache show ' and
Version: GnuPG v1.4.6 (GNU/Linux)


Project Spotlight

Kigo Video Converter Ultimate for Mac

A tool for converting and editing videos.


Project Spotlight


An efficient tagger for MP3, Ogg/Vorbis, and FLAC files.