[USN-684-1] ClamAV vulnerability
Date: Tue, 2 Dec 2008 14:20:25 -0800
From: Kees Cook <kees@ubuntu.com.>
To: [email protected]
Subject: [USN-684-1] ClamAV vulnerability
Message-ID: <20081202222025.GH25309@outflux.net.>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="zx4FCpZtqtKETZ7O"
Content-Disposition: inline
Organization: Ubuntu
X-MIMEDefang-Filter: outflux$Revision: 1.316 $
X-HELO: www.outflux.net
X-Scanned-By: MIMEDefang 2.63 on 10.2.0.1
X-Virus-Scanned: antivirus-gw at tyumen.ru
--zx4FCpZtqtKETZ7O
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Ubuntu Security Notice USN-684-1 December 02, 2008
clamav vulnerability
https://bugs.launchpad.net/bugs/304017
A security issue affects the following Ubuntu releases:
Ubuntu 8.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 8.10:
libclamav5 0.94.dfsg.2-1ubuntu0.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
Ilja van Sprundel discovered that ClamAV did not handle recursive JPEG
information. If a remote attacker sent a specially crafted JPEG file,
ClamAV would crash, leading to a denial of service.
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.1.diff.gz
Size/MD5: 159258 35b619fff489b7fdbfacd86170572cfa
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.1.dsc
Size/MD5: 1545 d35181ceb4a8b93aa8ef3d80f424a52e
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.94.dfsg.2.orig.tar.gz
Size/MD5: 22073819 7b45b0c54b887b23cb49e4bff807cf58
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-base_0.94.dfsg.2-1ubuntu0.1_all.deb
Size/MD5: 19497162 d2d7052e4859a66f9556a33839be072b
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-docs_0.94.dfsg.2-1ubuntu0.1_all.deb
Size/MD5: 1077346 0c0e57cf0a6d5004611621c81d158b3e
http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-testfiles_0.94.dfsg.2-1ubuntu0.1_all.deb
Size/MD5: 208058 8dd86c35b97cfa0c111ec6a99f90d7b4
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-daemon_0.94.dfsg.2-1ubuntu0.1_amd64.deb
Size/MD5: 239628 465bacd5ebfec386196f83b90c59b1d5
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-dbg_0.94.dfsg.2-1ubuntu0.1_amd64.deb
Size/MD5: 914866 309f142bd797da5b06bae9f3273c729a
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1ubuntu0.1_amd64.deb
Size/MD5: 255448 b28942a9a6ecd5b09eea78f22f56658c
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.1_amd64.deb
Size/MD5: 235612 d7fc1fbc5112f2b8b4bb81f26f8495bd
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav-dev_0.94.dfsg.2-1ubuntu0.1_amd64.deb
Size/MD5: 573860 1a499485cdee3a5ed728fdb115d4708e
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav5_0.94.dfsg.2-1ubuntu0.1_amd64.deb
Size/MD5: 538626 f1ec69b8d9bc15cf1b6ab9b483b37568
http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-milter_0.94.dfsg.2-1ubuntu0.1_amd64.deb
Size/MD5: 232722 4abb421ae13f2c04ccf7e975d68344f1
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-daemon_0.94.dfsg.2-1ubuntu0.1_i386.deb
Size/MD5: 233172 1e14e971a76712c4a38d3250e3f84a4f
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-dbg_0.94.dfsg.2-1ubuntu0.1_i386.deb
Size/MD5: 849368 dc7e8747a2f1b40db10fd3dfa80d6d8f
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1ubuntu0.1_i386.deb
Size/MD5: 253682 2dfbb18dbe45b97fe537e440c86079f0
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.1_i386.deb
Size/MD5: 232686 f5fc69f35bb5206e6f3f1802eab27b87
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav-dev_0.94.dfsg.2-1ubuntu0.1_i386.deb
Size/MD5: 541856 cc9e3b0f262968372c5cdf8b62606280
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav5_0.94.dfsg.2-1ubuntu0.1_i386.deb
Size/MD5: 524410 2d1f9e712a3ef57c99434469a584f38d
http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-milter_0.94.dfsg.2-1ubuntu0.1_i386.deb
Size/MD5: 229260 280079fa42c8ff6a18a8fd1406956f3c
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/c/clamav/clamav-daemon_0.94.dfsg.2-1ubuntu0.1_lpia.deb
Size/MD5: 232694 509ca94dd8ba239e70df349015eab8b6
http://ports.ubuntu.com/pool/main/c/clamav/clamav-dbg_0.94.dfsg.2-1ubuntu0.1_lpia.deb
Size/MD5: 866262 636afb92077246666719c22544dda5bd
http://ports.ubuntu.com/pool/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1ubuntu0.1_lpia.deb
Size/MD5: 253738 0581fb06ce78fd9a2d1e2d81cfa95e87
http://ports.ubuntu.com/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.1_lpia.deb
Size/MD5: 232232 7e301b68901a3435da4768b2845bf61d
http://ports.ubuntu.com/pool/main/c/clamav/libclamav-dev_0.94.dfsg.2-1ubuntu0.1_lpia.deb
Size/MD5: 543754 bd8453f227ae9bebcec4fb41b9e9d427
http://ports.ubuntu.com/pool/main/c/clamav/libclamav5_0.94.dfsg.2-1ubuntu0.1_lpia.deb
Size/MD5: 527060 b903aa2ec89a2b3c327e170f3b23e021
http://ports.ubuntu.com/pool/universe/c/clamav/clamav-milter_0.94.dfsg.2-1ubuntu0.1_lpia.deb
Size/MD5: 229286 d2af0a51fa4beb6eb3045f2dfa3abe9e
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/c/clamav/clamav-daemon_0.94.dfsg.2-1ubuntu0.1_powerpc.deb
Size/MD5: 242896 a8a6f8ef5d43b0856cb250879b6d741d
http://ports.ubuntu.com/pool/main/c/clamav/clamav-dbg_0.94.dfsg.2-1ubuntu0.1_powerpc.deb
Size/MD5: 903632 275eb13f4b9caa6ab4089aa0d8e97b24
http://ports.ubuntu.com/pool/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1ubuntu0.1_powerpc.deb
Size/MD5: 258198 2109d15b9bcb4cedeb380ac295c26364
http://ports.ubuntu.com/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.1_powerpc.deb
Size/MD5: 240246 c373dfb0ec6bd9539575aad28310a5ae
http://ports.ubuntu.com/pool/main/c/clamav/libclamav-dev_0.94.dfsg.2-1ubuntu0.1_powerpc.deb
Size/MD5: 613886 8a59e0abf3597d1c13ffa47ee0700b48
http://ports.ubuntu.com/pool/main/c/clamav/libclamav5_0.94.dfsg.2-1ubuntu0.1_powerpc.deb
Size/MD5: 554872 992aa23fb6ed82684c8325743e366947
http://ports.ubuntu.com/pool/universe/c/clamav/clamav-milter_0.94.dfsg.2-1ubuntu0.1_powerpc.deb
Size/MD5: 232832 36d93e39e3f1f74dde643bc78e38c4a7
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/c/clamav/clamav-daemon_0.94.dfsg.2-1ubuntu0.1_sparc.deb
Size/MD5: 232694 22f99a7b96cf3ab8749316cb3256b168
http://ports.ubuntu.com/pool/main/c/clamav/clamav-dbg_0.94.dfsg.2-1ubuntu0.1_sparc.deb
Size/MD5: 836388 a2eb3d95d9a6254db4d7375844f18f57
http://ports.ubuntu.com/pool/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1ubuntu0.1_sparc.deb
Size/MD5: 252954 b21baca5066e5e27a8b8154cc17b9d2c
http://ports.ubuntu.com/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.1_sparc.deb
Size/MD5: 233100 3c0b967b8a11e701698a1099a171ee82
http://ports.ubuntu.com/pool/main/c/clamav/libclamav-dev_0.94.dfsg.2-1ubuntu0.1_sparc.deb
Size/MD5: 577734 05eb85bfb1a2ac3b223eba160167c7e2
http://ports.ubuntu.com/pool/main/c/clamav/libclamav5_0.94.dfsg.2-1ubuntu0.1_sparc.deb
Size/MD5: 543454 09533df800dafec77af220c81897cb0e
http://ports.ubuntu.com/pool/universe/c/clamav/clamav-milter_0.94.dfsg.2-1ubuntu0.1_sparc.deb
Size/MD5: 230206 5abbd9810492e866183bb1033a284b18
--zx4FCpZtqtKETZ7O
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Kees Cook <kees@outflux.net.>
iEYEARECAAYFAkk1tKkACgkQH/9LqRcGPm22ZACgnhO3wB4ZTW/AgqT8yElelAEQ
Xo8AoI64nEkkXbL3REwNr6j8+LjSjZjx
=NfCK
-----END PGP SIGNATURE-----
--zx4FCpZtqtKETZ7O--