ESB-2006.0257

Operating System:
[UNIX/Linux][Debian]
Published:
06 April 2006
Protect yourself against future threats.
//Service

Early Warning SMS

Receive SMS notifications for the most critical security threats and vulnerabilities.
Resources > Security Bulletins > ESB-2006.0257
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                   ESB-2006.0257 -- [UNIX/Linux][Debian]
              New clamav packages fix several vulnerabilities
                               6 April 2006

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           ClamAV
Publisher:         Debian
Operating System:  Debian GNU/Linux 3.1
                   UNIX variants (UNIX, Linux, OSX)
Impact:            Execute Arbitrary Code/Commands
                   Denial of Service
Access:            Remote/Unauthenticated
CVE Names:         CVE-2006-1630 CVE-2006-1615 CVE-2006-1614

Original Bulletin: http://www.debian.org/security/2006/dsa-1024

Comment: This advisory references vulnerabilities in products which run on
         platforms other than Debian It is recommended that administrators
         running ClamAV check for an updated version of the software
         for their operating system at http://www.clamav.net/

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 1024-1                    security@debian.org
http://www.debian.org/security/                         Moritz Muehlenhoff
April 5th, 2006                         http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package        : clamav 
Vulnerability  : several
Problem-Type   : remote
Debian-specific: no
CVE ID         : CVE-2006-1614 CVE-2006-1615 CVE-2006-1630

Several remote vulnerabilities have been discovered in the ClamAV
anti-virus toolkit, which may lead to denial of service and potentially
to the execution of arbitrary code. The Common Vulnerabilities and
Exposures project identifies the following problems:

CVE-2006-1614

    Damian Put discovered an integer overflow in the PE header parser.
    This is only exploitable if the ArchiveMaxFileSize option is disabled.

CVE-2006-1615

    Format string vulnerabilities in the logging code have been discovered,
    which might lead to the execution of arbitrary code.

CVE-2006-1630
    
    David Luyer discovered, that ClamAV can be tricked into an invalid
    memory access in the cli_bitset_set() function, which may lead to
    a denial of service.

The old stable distribution (woody) doesn't contain clamav packages.

For the stable distribution (sarge) these problems have been fixed in
version 0.84-2.sarge.8.

For the unstable distribution (sid) these problems have been fixed in
version 0.88.1-1.

We recommend that you upgrade your clamav package.


Upgrade Instructions
- - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge
- - --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8.dsc
      Size/MD5 checksum:      872 ab3b8945329f3ead12e0bc4665a7b1c8
    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8.diff.gz
      Size/MD5 checksum:   175767 1c70e8d67a61d49a51ffd11e2574323b
    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84.orig.tar.gz
      Size/MD5 checksum:  4006624 c43213da01d510faf117daa9a4d5326c

  Architecture independent components:

    http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.84-2.sarge.8_all.deb
      Size/MD5 checksum:   154760 d5856a0d9cc9d79842e840417e6eddea
    http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.84-2.sarge.8_all.deb
      Size/MD5 checksum:   694302 0c2adbade7ac8834f17cd93b2bb2d04a
    http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.84-2.sarge.8_all.deb
      Size/MD5 checksum:   123772 bb7b5e11599fbc3626561334a4cc3b41

  Alpha architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8_alpha.deb
      Size/MD5 checksum:    74762 8f4e4c084200e30791eb02cc82b94a7d
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.8_alpha.deb
      Size/MD5 checksum:    48838 87a9f130d2f8b196d2705d3f5f9652c9
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.8_alpha.deb
      Size/MD5 checksum:  2176362 a5d414c3933204fca40fdc65a631bf85
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.8_alpha.deb
      Size/MD5 checksum:    42116 0dd5f21866df4fb3103eef16f699b63b
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.8_alpha.deb
      Size/MD5 checksum:   255666 ee3063a5b42e80426680a4d3a6548742
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.8_alpha.deb
      Size/MD5 checksum:   285526 8b60096789652370a9c1eb23426de0fb

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8_amd64.deb
      Size/MD5 checksum:    68836 759081eefaefe1fbbe20b54b32c731f9
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.8_amd64.deb
      Size/MD5 checksum:    44190 750a423f1cebbb0e307fcbbd20fa2a52
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.8_amd64.deb
      Size/MD5 checksum:  2173214 2ba25c51303c97a105f8d38953bf3387
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.8_amd64.deb
      Size/MD5 checksum:    40006 0456d63d7fb286a73036df807e0e1b9c
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.8_amd64.deb
      Size/MD5 checksum:   176430 3b2092a8a89d581692bd26ba4e249524
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.8_amd64.deb
      Size/MD5 checksum:   259636 de8ff1433bfd159c83eaf40fcbb5a9c3

  ARM architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8_arm.deb
      Size/MD5 checksum:    63914 950154f957a11c66fc2c7528abe1f80c
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.8_arm.deb
      Size/MD5 checksum:    39592 bc92d523a15df87c66df15165815f684
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.8_arm.deb
      Size/MD5 checksum:  2171222 91e209cec252cd6e3303dbb15e61f38c
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.8_arm.deb
      Size/MD5 checksum:    37310 8de5836510b35692e52ad04ff7e99909
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.8_arm.deb
      Size/MD5 checksum:   174784 916270130f4ae7f8d19476e8ed2696bb
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.8_arm.deb
      Size/MD5 checksum:   249626 6239b4680637783bc25da305a5840c97

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8_i386.deb
      Size/MD5 checksum:    65186 075b0a1e041ef16465f747e8615478eb
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.8_i386.deb
      Size/MD5 checksum:    40306 186f3f67d4e01eefa9bd4de61cbc7597
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.8_i386.deb
      Size/MD5 checksum:  2171576 447093a4486b108a86daa3b1fb05df01
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.8_i386.deb
      Size/MD5 checksum:    38028 a3b09e4e355290b59442c4f55a221fc6
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.8_i386.deb
      Size/MD5 checksum:   159538 61d3a1e151a892a93ff59b5e32406e44
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.8_i386.deb
      Size/MD5 checksum:   254266 00e35cca8aa52ca3025881de3ee6b843

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8_ia64.deb
      Size/MD5 checksum:    81818 84308736db6948a227fee4d603d5e9c3
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.8_ia64.deb
      Size/MD5 checksum:    55238 5b0c1145c0c7df81cef8ef147d6a67fb
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.8_ia64.deb
      Size/MD5 checksum:  2180132 15de24581d6bd4237cc6e629b8fe2129
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.8_ia64.deb
      Size/MD5 checksum:    49192 6423e0364941f3fd5a0a94db3a41cbc0
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.8_ia64.deb
      Size/MD5 checksum:   252030 2b27bb90564d6d11a1ab7433878cfe2a
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.8_ia64.deb
      Size/MD5 checksum:   317596 7194c5171e051cec740d3e26b8ac1921

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8_hppa.deb
      Size/MD5 checksum:    68280 fab75c3065bc0daef29c03de7eb95616
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.8_hppa.deb
      Size/MD5 checksum:    43290 8fb3f438a608a015394dc63c2e2262b7
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.8_hppa.deb
      Size/MD5 checksum:  2173664 6ac357059b165b64597b4298f2eb7c53
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.8_hppa.deb
      Size/MD5 checksum:    39452 22c7fc2ead648754db1280ed45382f0c
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.8_hppa.deb
      Size/MD5 checksum:   202622 60c9ecb6f7de4f23d81f3a60a6f86af8
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.8_hppa.deb
      Size/MD5 checksum:   283312 92eec506c9c9c6c3e75f0180c83d9700

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8_m68k.deb
      Size/MD5 checksum:    62522 caaba4e546fa8c4bed7c6f43004cb5ab
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.8_m68k.deb
      Size/MD5 checksum:    38208 176ca281e6004227c266b31dc8ba8b47
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.8_m68k.deb
      Size/MD5 checksum:  2170472 090cb28e973bde8ab2d44fdf348ea3ad
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.8_m68k.deb
      Size/MD5 checksum:    35068 80e3b711fa0b3c7b6eb481b76bbc0c96
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.8_m68k.deb
      Size/MD5 checksum:   146248 8f95efb7f3ac12667fedf66014107fcd
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.8_m68k.deb
      Size/MD5 checksum:   250348 2cf8b9fdfcdaaf51e9ea2e3695e6d0e4

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8_mips.deb
      Size/MD5 checksum:    67952 5576ba2f730b4a4e73c08d85956a0fe1
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.8_mips.deb
      Size/MD5 checksum:    43782 b93619f9da106b1ecbfb405ee022c1ee
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.8_mips.deb
      Size/MD5 checksum:  2172990 85507c94a036d0c39fb1c645bb050512
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.8_mips.deb
      Size/MD5 checksum:    37678 5a8947a6f3c6ba9c7c307c0fd48050dc
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.8_mips.deb
      Size/MD5 checksum:   195428 c8b23ed440bccb7d24fd809f96daad87
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.8_mips.deb
      Size/MD5 checksum:   257460 3538a15689317678f878c28b1ab89d38

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8_mipsel.deb
      Size/MD5 checksum:    67556 0547466b220feec6a84bb78803604cde
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.8_mipsel.deb
      Size/MD5 checksum:    43580 524a0264d0a5fbb55ee3f97bec588a27
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.8_mipsel.deb
      Size/MD5 checksum:  2172940 8823057cd5d1aa1a0c2b1bbab22f0e37
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.8_mipsel.deb
      Size/MD5 checksum:    37962 cae611d3f09c245cb58e4605d9d59702
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.8_mipsel.deb
      Size/MD5 checksum:   191858 a0760438641ec43b77b19e2884c94e96
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.8_mipsel.deb
      Size/MD5 checksum:   255080 0e54a23a6c5ecf5c7a5a47772cda3c78

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8_powerpc.deb
      Size/MD5 checksum:    69288 f057daede2d7b7123681918d177ce539
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.8_powerpc.deb
      Size/MD5 checksum:    44674 59aefa09eaf2445d8359f0e420602be6
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.8_powerpc.deb
      Size/MD5 checksum:  2173578 af9dec3e7e471453ec51bcf48ce266d8
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.8_powerpc.deb
      Size/MD5 checksum:    38870 bf9fe9d09d8da16d71d29257b25c3831
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.8_powerpc.deb
      Size/MD5 checksum:   187656 71a796fc913828ce8533e26133dc5905
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.8_powerpc.deb
      Size/MD5 checksum:   264812 d1c3dd57001bda9bcd7e069d2d5fe4fb

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8_s390.deb
      Size/MD5 checksum:    67904 9b1b8122712a2dd196766ebf29b5489a
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.8_s390.deb
      Size/MD5 checksum:    43576 0794d581c44455ab27f08d81e55603c4
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.8_s390.deb
      Size/MD5 checksum:  2172900 d2ac57b7351650121ed6d3eb956e5ca4
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.8_s390.deb
      Size/MD5 checksum:    38936 83eeff4b13a29ff65228c1b6a1ceb630
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.8_s390.deb
      Size/MD5 checksum:   182596 38d749ca8410825c236a506d5948a823
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.8_s390.deb
      Size/MD5 checksum:   269402 b23c60b45653f744ef38e397c1fd9dbc

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8_sparc.deb
      Size/MD5 checksum:    64416 70a8646252c0d3e0b78c8a37b7e25ab5
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.8_sparc.deb
      Size/MD5 checksum:    39466 b68bca7161019ac2e2405973028ea710
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.8_sparc.deb
      Size/MD5 checksum:  2171110 49331350eee02929c0616fb459ff6c2e
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.8_sparc.deb
      Size/MD5 checksum:    36844 11eb76ec82a9faf969d3de83cdc341c8
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.8_sparc.deb
      Size/MD5 checksum:   175778 a57ba409c803d60813cf2202a6ed46e1
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.8_sparc.deb
      Size/MD5 checksum:   264714 eb2ab58670f241fc3d712a2ad56d9f70

  These files will probably be moved into the stable distribution on
  its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFENCN3Xm3vHE4uyloRAuEiAKDc1onOL69izdvTQFSfeBYlq9I8RwCdGWvF
oAnQjx2aTKwOqZgWZJ344nY=
=Bb/9
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBRDRn6yh9+71yA2DNAQIKjAP9EiPrs17z8h/9tTEKFjU3nbMZitHgYZLw
3+AAtz/1Cr0Oa+7026l46nkOpUIwVJjWZ4EgIxNkKpdqV+uO+9JN40rR1aY2hj71
NYQ+GXz2uT4glzpUtNdXcXZ03yiJfdLuIMVgL46aarGSo70GCg8DWMEEIzTCcO8/
V0UTVEIVh6g=
=c04G
-----END PGP SIGNATURE-----