[USN-754-1] ClamAV vulnerabilities
Date: Tue, 7 Apr 2009 14:32:12 -0500
From: Jamie Strandboge <jamie@canonical.com.>
To: [email protected]
Subject: [USN-754-1] ClamAV vulnerabilities
Message-ID: <20090407193212.GB10312@severus.strandboge.com.>
Reply-To: Jamie Strandboge <jamie@canonical.com.>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="QTprm0S8XgL7H0Dt"
Content-Disposition: inline
User-Agent: Mutt/1.5.18 (2008-05-17)
X-Virus-Scanned: antivirus-gw at tyumen.ru
--QTprm0S8XgL7H0Dt
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Ubuntu Security Notice USN-754-1 April 07, 2009
clamav vulnerabilities
https://launchpad.net/bugs/354190
A security issue affects the following Ubuntu releases:
Ubuntu 8.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 8.10:
libclamav5 0.94.dfsg.2-1ubuntu0.2
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
It was discovered that ClamAV did not properly verify its input when
processing TAR archives. A remote attacker could send a specially crafted
TAR file and cause a denial of service via infinite loop.
It was discovered that ClamAV did not properly validate Portable Executable
(PE) files. A remote attacker could send a crafted PE file and cause a
denial of service (divide by zero).
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.2.diff.gz
Size/MD5: 159494 569d83469ec4c0c095e086b96ff93a3e
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.2.dsc
Size/MD5: 1507 50f4ad487c539c33097493adde678bbc
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.94.dfsg.2.orig.tar.gz
Size/MD5: 22073819 7b45b0c54b887b23cb49e4bff807cf58
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-base_0.94.dfsg.2-1ubuntu0.2_all.deb
Size/MD5: 19497370 29b64e7342a2da826028fcd2d211c180
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-docs_0.94.dfsg.2-1ubuntu0.2_all.deb
Size/MD5: 1077536 9dade9b20e2af72ab729f822a45ae620
http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-testfiles_0.94.dfsg.2-1ubuntu0.2_all.deb
Size/MD5: 208252 185ffe0740b4452c30ff71f15f3acecd
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-daemon_0.94.dfsg.2-1ubuntu0.2_amd64.deb
Size/MD5: 239812 d419a6a86bfed53b8c65de72018cf2be
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-dbg_0.94.dfsg.2-1ubuntu0.2_amd64.deb
Size/MD5: 915298 f142f24d6536475da4f2e4c61c29668f
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1ubuntu0.2_amd64.deb
Size/MD5: 255646 d059cb2af281f852f6d4631dbf23d956
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.2_amd64.deb
Size/MD5: 235798 b42f6048c8c8c0a325ffafb6adc743a8
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav-dev_0.94.dfsg.2-1ubuntu0.2_amd64.deb
Size/MD5: 574076 58ed72c648459676b3ca0b80bf292c72
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav5_0.94.dfsg.2-1ubuntu0.2_amd64.deb
Size/MD5: 538786 baf0e94e72890b13a55e5a85240adcdd
http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-milter_0.94.dfsg.2-1ubuntu0.2_amd64.deb
Size/MD5: 232880 aae5790414af14016065fc641c5d0103
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-daemon_0.94.dfsg.2-1ubuntu0.2_i386.deb
Size/MD5: 233350 8dab9e16b38722e0915b2c0bff509d57
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-dbg_0.94.dfsg.2-1ubuntu0.2_i386.deb
Size/MD5: 849252 20380bf3aa97e511e8d5846b48cce4e3
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1ubuntu0.2_i386.deb
Size/MD5: 253896 168c66b29f99e32e310c95232a335caf
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.2_i386.deb
Size/MD5: 232884 ff274f6cfb81c7317e8dc6185e3b99e2
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav-dev_0.94.dfsg.2-1ubuntu0.2_i386.deb
Size/MD5: 542018 90aa265556942f7e385ff8efd1d90378
http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav5_0.94.dfsg.2-1ubuntu0.2_i386.deb
Size/MD5: 524704 5a5769d3dcafc905cf2566b455a66055
http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-milter_0.94.dfsg.2-1ubuntu0.2_i386.deb
Size/MD5: 229422 24ca2a59a498fcd1f0facd82a230382e
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/c/clamav/clamav-daemon_0.94.dfsg.2-1ubuntu0.2_lpia.deb
Size/MD5: 232896 a7c1b915398100aae59e78196d88993d
http://ports.ubuntu.com/pool/main/c/clamav/clamav-dbg_0.94.dfsg.2-1ubuntu0.2_lpia.deb
Size/MD5: 866776 a0028dcb322e704271d64887c27298c3
http://ports.ubuntu.com/pool/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1ubuntu0.2_lpia.deb
Size/MD5: 253922 e3eb70eb180f016131aa58b42c07d30f
http://ports.ubuntu.com/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.2_lpia.deb
Size/MD5: 232420 9684e4007d9b666997f952c412bc6bad
http://ports.ubuntu.com/pool/main/c/clamav/libclamav-dev_0.94.dfsg.2-1ubuntu0.2_lpia.deb
Size/MD5: 544010 15cebc737098bee5f8f29cea2f2ce926
http://ports.ubuntu.com/pool/main/c/clamav/libclamav5_0.94.dfsg.2-1ubuntu0.2_lpia.deb
Size/MD5: 527298 94c4332c8aafbd271ccf852e6e39f81f
http://ports.ubuntu.com/pool/universe/c/clamav/clamav-milter_0.94.dfsg.2-1ubuntu0.2_lpia.deb
Size/MD5: 229436 82e0002dafa432c7ba9cf3599f06c8a6
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/c/clamav/clamav-daemon_0.94.dfsg.2-1ubuntu0.2_powerpc.deb
Size/MD5: 243080 12f136c1c63f192fcd10ba1be9ee9388
http://ports.ubuntu.com/pool/main/c/clamav/clamav-dbg_0.94.dfsg.2-1ubuntu0.2_powerpc.deb
Size/MD5: 903752 c1b8337a7907aff23b2d906a96d7ed2e
http://ports.ubuntu.com/pool/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1ubuntu0.2_powerpc.deb
Size/MD5: 258406 b0b4ccab674564620c7d5cfb3ff1bf4b
http://ports.ubuntu.com/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.2_powerpc.deb
Size/MD5: 240432 d701e42128b81fc59d097bd0bd630d5d
http://ports.ubuntu.com/pool/main/c/clamav/libclamav-dev_0.94.dfsg.2-1ubuntu0.2_powerpc.deb
Size/MD5: 614092 53784edb59531d11ad1061fed69f1416
http://ports.ubuntu.com/pool/main/c/clamav/libclamav5_0.94.dfsg.2-1ubuntu0.2_powerpc.deb
Size/MD5: 555154 1367903a35abb12629e888a349e09c1f
http://ports.ubuntu.com/pool/universe/c/clamav/clamav-milter_0.94.dfsg.2-1ubuntu0.2_powerpc.deb
Size/MD5: 232982 78c674f2eb6be9553d6095c51a9b94fb
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/c/clamav/clamav-daemon_0.94.dfsg.2-1ubuntu0.2_sparc.deb
Size/MD5: 232896 c7efef059d819f94201ce83033ac18b1
http://ports.ubuntu.com/pool/main/c/clamav/clamav-dbg_0.94.dfsg.2-1ubuntu0.2_sparc.deb
Size/MD5: 836434 fbe2ff2c6d676fc07b7c2ed6622dd111
http://ports.ubuntu.com/pool/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1ubuntu0.2_sparc.deb
Size/MD5: 253176 9fa78256318e53cb80ae25083d9542e6
http://ports.ubuntu.com/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.2_sparc.deb
Size/MD5: 233292 7e71e6dae6924f5ec8ee5073307c6157
http://ports.ubuntu.com/pool/main/c/clamav/libclamav-dev_0.94.dfsg.2-1ubuntu0.2_sparc.deb
Size/MD5: 577972 c314d733cc7d2e1e7126306621051a32
http://ports.ubuntu.com/pool/main/c/clamav/libclamav5_0.94.dfsg.2-1ubuntu0.2_sparc.deb
Size/MD5: 543722 47a3c931269cec8100eb3996dfa3c2fd
http://ports.ubuntu.com/pool/universe/c/clamav/clamav-milter_0.94.dfsg.2-1ubuntu0.2_sparc.deb
Size/MD5: 230372 53641460c0f848902ed9d300443fbadd
--QTprm0S8XgL7H0Dt
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAknbqjwACgkQW0JvuRdL8BoC8ACfeOQIuk+7cfEQBeGqGdTPWH0W
9koAoIxNN8SUtJLR1AH0HVgIjgd8aPDB
=gsdZ
-----END PGP SIGNATURE-----
--QTprm0S8XgL7H0Dt--