USN-756-1: ClamAV vulnerability  

Posted by Daniela Mehler

"Ubuntu Security Notice USN-756-1 April 13, 2009
clamav vulnerability
https://launchpad.net/bugs/360502
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.10:
libclamav5 0.94.dfsg.2-1ubuntu0.3

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that ClamAV did not properly verify buffers when
processing Upack files. A remote attacker could send a crafted file and
cause a denial of service via application crash.


Updated packages for Ubuntu 8.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.3.diff.gz
Size/MD5: 160035 9ec8019deb73a5a954c97fcb0bf26309
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.3.dsc
Size/MD5: 1507 33a07aa02735d0740a991fd53d1690c7
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.94.dfsg.2.orig.tar.gz
Size/MD5: 22073819 7b45b0c54b887b23cb49e4bff807cf58

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-base_0.94.dfsg.2-1ubuntu0.3_all.deb
Size/MD5: 19497612 4f42a7f2efa8bab6df3f316dc58644f3
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-docs_0.94.dfsg.2-1ubuntu0.3_all.deb
Size/MD5: 1077770 0eb5f3a51d3d05ab98e9cab30fa689ec
http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-testfiles_0.94.dfsg.2-1ubuntu0.3_all.deb
Size/MD5: 208466 f1161a232ed581d23e34465e4e9b69bf

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-daemon_0.94.dfsg.2-1ubuntu0.3_amd64.deb
Size/MD5: 240062 e37dbed6b3807db87a0a564839960c9e
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-dbg_0.94.dfsg.2-1ubuntu0.3_amd64.deb
Size/MD5: 915356 b2d6c5bbe0928fbff8d3f8646e2916bb
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1ubuntu0.3_amd64.deb
Size/MD5: 255912 8e697047c72b3d631e3215394ed346ef
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.3_amd64.deb
Size/MD5: 236034 1c01619d9fc562477c61f7dba6b7e990
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav-dev_0.94.dfsg.2-1ubuntu0.3_amd64.deb
Size/MD5: 575624 14154e0bd4975215d2edce6159e73bba
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav5_0.94.dfsg.2-1ubuntu0.3_amd64.deb
Size/MD5: 539994 664164b600a3225e1dd4297394cd5705
http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-milter_0.94.dfsg.2-1ubuntu0.3_amd64.deb
Size/MD5: 233094 c44ed50398c9108188682ea6593f4c12

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-daemon_0.94.dfsg.2-1ubuntu0.3_i386.deb
Size/MD5: 233596 526cdf381eea1dfb2b8a25c9ab47af55
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-dbg_0.94.dfsg.2-1ubuntu0.3_i386.deb
Size/MD5: 849528 3d7efe88f9bc29680559141b9add7cfc
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1ubuntu0.3_i386.deb
Size/MD5: 254090 2858c4a22109947e27a274eab66d2b2d
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.3_i386.deb
Size/MD5: 233118 8275f107c892dade9c8e269294776ddc
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav-dev_0.94.dfsg.2-1ubuntu0.3_i386.deb
Size/MD5: 543786 89aab0500eb0b1dc290a6ead5e172749
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav5_0.94.dfsg.2-1ubuntu0.3_i386.deb
Size/MD5: 525928 bb809d8829610db1ddbbeb98a17e2777
http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-milter_0.94.dfsg.2-1ubuntu0.3_i386.deb
Size/MD5: 229716 41f3df00a9eaefa7bbdc44bf90076271

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/c/clamav/clamav-daemon_0.94.dfsg.2-1ubuntu0.3_lpia.deb
Size/MD5: 233144 bb617f3ed2b61f494702e3c1c67d8e1f
http://ports.ubuntu.com/pool/main/c/clamav/clamav-dbg_0.94.dfsg.2-1ubuntu0.3_lpia.deb
Size/MD5: 867034 4fad6f85315f71e40f2942d54e74ae5f
http://ports.ubuntu.com/pool/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1ubuntu0.3_lpia.deb
Size/MD5: 254190 96f301fe4b606d3ed7dda39c3d7d5100
http://ports.ubuntu.com/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.3_lpia.deb
Size/MD5: 232658 99c61d4acf7b1025670189b589e4f4ce
http://ports.ubuntu.com/pool/main/c/clamav/libclamav-dev_0.94.dfsg.2-1ubuntu0.3_lpia.deb
Size/MD5: 545288 ee5a94b51bad427aeac20db209fe2388
http://ports.ubuntu.com/pool/main/c/clamav/libclamav5_0.94.dfsg.2-1ubuntu0.3_lpia.deb
Size/MD5: 528622 952540615e83e89aa3fcf032a1f67c46
http://ports.ubuntu.com/pool/universe/c/clamav/clamav-milter_0.94.dfsg.2-1ubuntu0.3_lpia.deb
Size/MD5: 229656 4889c53c828b7e66d54748d954c6f3c7

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/c/clamav/clamav-daemon_0.94.dfsg.2-1ubuntu0.3_powerpc.deb
Size/MD5: 243322 7bc824817425ef6faf4d83c1950d7a7f
http://ports.ubuntu.com/pool/main/c/clamav/clamav-dbg_0.94.dfsg.2-1ubuntu0.3_powerpc.deb
Size/MD5: 904222 4133d09baa03806b109a6a0ba45e15eb
http://ports.ubuntu.com/pool/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1ubuntu0.3_powerpc.deb
Size/MD5: 258658 96993b01982151656d85c6978d323f24
http://ports.ubuntu.com/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.3_powerpc.deb
Size/MD5: 240674 e10e69574fce756e0774e936a62e3a8c
http://ports.ubuntu.com/pool/main/c/clamav/libclamav-dev_0.94.dfsg.2-1ubuntu0.3_powerpc.deb
Size/MD5: 615272 8dadb6a8a6da0470745de9d8c558fd7c
http://ports.ubuntu.com/pool/main/c/clamav/libclamav5_0.94.dfsg.2-1ubuntu0.3_powerpc.deb
Size/MD5: 556208 dc082d12f3c15a98650253f56f635bc7
http://ports.ubuntu.com/pool/universe/c/clamav/clamav-milter_0.94.dfsg.2-1ubuntu0.3_powerpc.deb
Size/MD5: 233188 dbf6c9f45ab5114e105ebe443562697a

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/c/clamav/clamav-daemon_0.94.dfsg.2-1ubuntu0.3_sparc.deb
Size/MD5: 233162 6b035e2961759537051f30803e6e4e96
http://ports.ubuntu.com/pool/main/c/clamav/clamav-dbg_0.94.dfsg.2-1ubuntu0.3_sparc.deb
Size/MD5: 836902 850d4356b9a87db92d5efc2db81d8936
http://ports.ubuntu.com/pool/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1ubuntu0.3_sparc.deb
Size/MD5: 253444 6c0517570fc4ac05b94080f60adcc571
http://ports.ubuntu.com/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.3_sparc.deb
Size/MD5: 233530 8cc09abef6a0baf488ba3f8c0cadecee
http://ports.ubuntu.com/pool/main/c/clamav/libclamav-dev_0.94.dfsg.2-1ubuntu0.3_sparc.deb
Size/MD5: 579172 61ee5fb721cd8543113931525737db7a
http://ports.ubuntu.com/pool/main/c/clamav/libclamav5_0.94.dfsg.2-1ubuntu0.3_sparc.deb
Size/MD5: 544798 1f62918b0a49e4e13f6a760642d04c20
http://ports.ubuntu.com/pool/universe/c/clamav/clamav-milter_0.94.dfsg.2-1ubuntu0.3_sparc.deb
Size/MD5: 230582 9429f9caa92a0cd8feda0d70f9967e6d



--m51xatjYGsM+13rf
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAknji2oACgkQW0JvuRdL8Br3agCfTo44XFSBbPYTdW5RtZOUV6rN
hhUAn3XoZf2VoaLn24x6y5Gu/3Lbcw5G
=js+V
-----END PGP SIGNATURE-----
"


DSA 1754-1: New roundup packages fix privilege escalation
DSA 1767-1: New multipath-tools packages fix denial of service
Kanye says ‘South Park’ put him in check
(AP)
Kanye says ‘South Park’ put him in check
(AP)

This entry was posted on 10:31 PM .
Newer Post Older Post