Home page logo
/

bugtraq logo Bugtraq mailing list archives

[USN-1031-1] ClamAV vulnerabilities
From: Steve Beattie <sbeattie () ubuntu com>
Date: Thu, 9 Dec 2010 17:43:15 -0800

===========================================================
Ubuntu Security Notice USN-1031-1         December 10, 2010
clamav vulnerabilities
CVE-2010-4260, CVE-2010-4261, CVE-2010-4479
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 10.04 LTS
Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 10.04 LTS:
  libclamav6                      0.96.3+dfsg-2ubuntu1.0.10.04.2

Ubuntu 10.10:
  libclamav6                      0.96.3+dfsg-2ubuntu1.2

In general, a standard system update will make all the necessary changes.

Details follow:

Arkadiusz Miskiewicz and others discovered that the PDF processing
code in libclamav improperly validated input. This could allow a
remote attacker to craft a PDF document that could crash clamav or
possibly execute arbitrary code. (CVE-2010-4260, CVE-2010-4479)

It was discovered that an off-by-one error in the icon_cb function
in pe_icons.c in libclamav could allow an attacker to corrupt
memory, causing clamav to crash or possibly execute arbitrary code.
(CVE-2010-4261)

In the default installation, attackers would be isolated by the
clamav AppArmor profile.


Updated packages for Ubuntu 10.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.96.3+dfsg-2ubuntu1.0.10.04.2.diff.gz
      Size/MD5:   284066 72a7c4ff80f395c5dc8e4e7acd6fcd39
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.96.3+dfsg-2ubuntu1.0.10.04.2.dsc
      Size/MD5:     2323 d1d47147356bfaf610c993b8a9ed0530
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.96.3+dfsg.orig.tar.gz
      Size/MD5: 40572329 730c1af9badcee2bce4bbaf1cf8ea20a

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-base_0.96.3+dfsg-2ubuntu1.0.10.04.2_all.deb
      Size/MD5:   297088 745b7132479daa4dbdc5ca6cc023e0b2
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-docs_0.96.3+dfsg-2ubuntu1.0.10.04.2_all.deb
      Size/MD5:  1295426 b03dae836f5cdf461c3a5f6a98a7363f
    http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-testfiles_0.96.3+dfsg-2ubuntu1.0.10.04.2_all.deb
      Size/MD5:  5257088 aa5604ebd0f1e4646ce5d9e056513d11

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-daemon_0.96.3+dfsg-2ubuntu1.0.10.04.2_amd64.deb
      Size/MD5:   424096 28c2f45042aafbf487e59ce679327bb3
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-dbg_0.96.3+dfsg-2ubuntu1.0.10.04.2_amd64.deb
      Size/MD5: 22343058 abe9dff9f24f9f9b6b9f9faf5be2936b
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-freshclam_0.96.3+dfsg-2ubuntu1.0.10.04.2_amd64.deb
      Size/MD5:   313300 e88ecbee6c0f900b5854b2c1ca9b0771
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.96.3+dfsg-2ubuntu1.0.10.04.2_amd64.deb
      Size/MD5:   335490 6d0081c84e0f46ee73bbf452309c03a3
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav-dev_0.96.3+dfsg-2ubuntu1.0.10.04.2_amd64.deb
      Size/MD5:   217914 11b54c1f926069a93149ce28b7cf5325
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav6_0.96.3+dfsg-2ubuntu1.0.10.04.2_amd64.deb
      Size/MD5:  3898290 0bd7e669232378b4b83a8bfdd0c8d716
    http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-milter_0.96.3+dfsg-2ubuntu1.0.10.04.2_amd64.deb
      Size/MD5:   345108 843a766d2909777cc88ccbf03468a6fa

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-daemon_0.96.3+dfsg-2ubuntu1.0.10.04.2_i386.deb
      Size/MD5:   410854 416f5d73612e5d37fbb904bb80dffb49
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-dbg_0.96.3+dfsg-2ubuntu1.0.10.04.2_i386.deb
      Size/MD5: 22043342 aa53f5f25b3a28b22315e17544bd7a6d
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-freshclam_0.96.3+dfsg-2ubuntu1.0.10.04.2_i386.deb
      Size/MD5:   308344 d090653db3483820420e465513b7d858
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.96.3+dfsg-2ubuntu1.0.10.04.2_i386.deb
      Size/MD5:   327348 4cdcc06e3cfb9c241c7d6f560963116b
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav-dev_0.96.3+dfsg-2ubuntu1.0.10.04.2_i386.deb
      Size/MD5:   218084 752cc79037d5f08df096c528bc7eb8b6
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav6_0.96.3+dfsg-2ubuntu1.0.10.04.2_i386.deb
      Size/MD5:  3751526 c6dc2280d050c37f1f82ce62ba612cac
    http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-milter_0.96.3+dfsg-2ubuntu1.0.10.04.2_i386.deb
      Size/MD5:   338432 7156843fc6e5b7087d1fba58177ee81f

  armel architecture (ARM Architecture):

    http://ports.ubuntu.com/pool/main/c/clamav/clamav-daemon_0.96.3+dfsg-2ubuntu1.0.10.04.2_armel.deb
      Size/MD5:   406882 b19ca9fc2963a4fe76940587ca7f8442
    http://ports.ubuntu.com/pool/main/c/clamav/clamav-dbg_0.96.3+dfsg-2ubuntu1.0.10.04.2_armel.deb
      Size/MD5:  1495938 235245876f8a1fd659ad3696e0b8cff0
    http://ports.ubuntu.com/pool/main/c/clamav/clamav-freshclam_0.96.3+dfsg-2ubuntu1.0.10.04.2_armel.deb
      Size/MD5:   309068 4901391a555ca3b99facd67598e3ef63
    http://ports.ubuntu.com/pool/main/c/clamav/clamav_0.96.3+dfsg-2ubuntu1.0.10.04.2_armel.deb
      Size/MD5:   325884 8a8c68c7bef2a417c05140649aabb9e7
    http://ports.ubuntu.com/pool/main/c/clamav/libclamav-dev_0.96.3+dfsg-2ubuntu1.0.10.04.2_armel.deb
      Size/MD5:   217988 af08d9ccb28d785bd3067cee79f2d342
    http://ports.ubuntu.com/pool/main/c/clamav/libclamav6_0.96.3+dfsg-2ubuntu1.0.10.04.2_armel.deb
      Size/MD5:   692904 0a11d55c4b11b7c4b6fde5b7ae283f96
    http://ports.ubuntu.com/pool/universe/c/clamav/clamav-milter_0.96.3+dfsg-2ubuntu1.0.10.04.2_armel.deb
      Size/MD5:   338696 3956ef9d6b6a60777ac474f39594f5b7

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/c/clamav/clamav-daemon_0.96.3+dfsg-2ubuntu1.0.10.04.2_powerpc.deb
      Size/MD5:   424978 52b56412f9313f830a49e6730f7bb4f1
    http://ports.ubuntu.com/pool/main/c/clamav/clamav-dbg_0.96.3+dfsg-2ubuntu1.0.10.04.2_powerpc.deb
      Size/MD5: 21946304 dadb3d6e3edd3d878c23043e0b3584d8
    http://ports.ubuntu.com/pool/main/c/clamav/clamav-freshclam_0.96.3+dfsg-2ubuntu1.0.10.04.2_powerpc.deb
      Size/MD5:   312588 525bf79e6f80fa681de6e53a177fe4c8
    http://ports.ubuntu.com/pool/main/c/clamav/clamav_0.96.3+dfsg-2ubuntu1.0.10.04.2_powerpc.deb
      Size/MD5:   332978 b5e3e48ab070066931c15f0f9843b71c
    http://ports.ubuntu.com/pool/main/c/clamav/libclamav-dev_0.96.3+dfsg-2ubuntu1.0.10.04.2_powerpc.deb
      Size/MD5:   217914 7dd955a186cb8879aa479dd624b9f83a
    http://ports.ubuntu.com/pool/main/c/clamav/libclamav6_0.96.3+dfsg-2ubuntu1.0.10.04.2_powerpc.deb
      Size/MD5:  3694500 19f57c2f9c3330de8403f95ed26bd89a
    http://ports.ubuntu.com/pool/universe/c/clamav/clamav-milter_0.96.3+dfsg-2ubuntu1.0.10.04.2_powerpc.deb
      Size/MD5:   346032 4dcf3621752746f0683e88cfae681f98

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/c/clamav/clamav-daemon_0.96.3+dfsg-2ubuntu1.0.10.04.2_sparc.deb
      Size/MD5:   417504 47562db771ffce66d1e33b023815529b
    http://ports.ubuntu.com/pool/main/c/clamav/clamav-dbg_0.96.3+dfsg-2ubuntu1.0.10.04.2_sparc.deb
      Size/MD5:  1521812 7e2834b60264a9944b54182dd66d2644
    http://ports.ubuntu.com/pool/main/c/clamav/clamav-freshclam_0.96.3+dfsg-2ubuntu1.0.10.04.2_sparc.deb
      Size/MD5:   310268 09362fd78f8dd8aa40bf8d638f7e953c
    http://ports.ubuntu.com/pool/main/c/clamav/clamav_0.96.3+dfsg-2ubuntu1.0.10.04.2_sparc.deb
      Size/MD5:   330544 243c260c46b4786b22a831feca6c22a6
    http://ports.ubuntu.com/pool/main/c/clamav/libclamav-dev_0.96.3+dfsg-2ubuntu1.0.10.04.2_sparc.deb
      Size/MD5:   217912 140f98988be6715168cf7f5422ab6f76
    http://ports.ubuntu.com/pool/main/c/clamav/libclamav6_0.96.3+dfsg-2ubuntu1.0.10.04.2_sparc.deb
      Size/MD5:   772802 dd43c6b2029227a726eb3f5ab90e944a
    http://ports.ubuntu.com/pool/universe/c/clamav/clamav-milter_0.96.3+dfsg-2ubuntu1.0.10.04.2_sparc.deb
      Size/MD5:   343194 6e4b332cb4162cd29895a4b5171d2abd

Updated packages for Ubuntu 10.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.96.3+dfsg-2ubuntu1.2.diff.gz
      Size/MD5:   291139 9ce8ad8427f113d6e329a3c3812d68c0
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.96.3+dfsg-2ubuntu1.2.dsc
      Size/MD5:     2291 337c8ca91f8956bb01144d4bf3f13609
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.96.3+dfsg.orig.tar.gz
      Size/MD5: 40572329 730c1af9badcee2bce4bbaf1cf8ea20a

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-base_0.96.3+dfsg-2ubuntu1.2_all.deb
      Size/MD5:   299354 0702fd8ea1c31955e8fc797ae87c46b2
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-docs_0.96.3+dfsg-2ubuntu1.2_all.deb
      Size/MD5:  1288682 882a0315fe510542baab00e77d557a78
    http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-testfiles_0.96.3+dfsg-2ubuntu1.2_all.deb
      Size/MD5:  5257128 6e78e746dcee221c2e95bc4dfa05f362

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-daemon_0.96.3+dfsg-2ubuntu1.2_amd64.deb
      Size/MD5:   423112 f64bda3984cd1f8b760f5da57d3bca92
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-dbg_0.96.3+dfsg-2ubuntu1.2_amd64.deb
      Size/MD5: 22417984 963e7c2edb60496ca072725e539e5b41
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-freshclam_0.96.3+dfsg-2ubuntu1.2_amd64.deb
      Size/MD5:   311226 0a361a85a35b6650d00fbe84c5a7580a
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.96.3+dfsg-2ubuntu1.2_amd64.deb
      Size/MD5:   334098 32f9b98511150530ad007a7c93c40386
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav-dev_0.96.3+dfsg-2ubuntu1.2_amd64.deb
      Size/MD5:   217926 e1c3ab677049300717250e3908666cd1
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav6_0.96.3+dfsg-2ubuntu1.2_amd64.deb
      Size/MD5:  3922972 35138e4e10a58348be364e5b19ea5df9
    http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-milter_0.96.3+dfsg-2ubuntu1.2_amd64.deb
      Size/MD5:   342886 de12b75256683c846f2919c696c71887

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-daemon_0.96.3+dfsg-2ubuntu1.2_i386.deb
      Size/MD5:   410320 a7060679083c339a102a767ed2a3d9f7
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-dbg_0.96.3+dfsg-2ubuntu1.2_i386.deb
      Size/MD5: 21960252 d96e86f0a3d8cddd55cfc3bea3ef3daf
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-freshclam_0.96.3+dfsg-2ubuntu1.2_i386.deb
      Size/MD5:   310040 a482134aedc49b9a7eff0186fb6035cd
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.96.3+dfsg-2ubuntu1.2_i386.deb
      Size/MD5:   327554 f969082370c05ca79fcaf44062adebee
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav-dev_0.96.3+dfsg-2ubuntu1.2_i386.deb
      Size/MD5:   217872 8f719985193939a25b03473bfbbcb952
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav6_0.96.3+dfsg-2ubuntu1.2_i386.deb
      Size/MD5:  3725056 58b1925563125ea7eddb29731d27374a
    http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-milter_0.96.3+dfsg-2ubuntu1.2_i386.deb
      Size/MD5:   340596 10c0a5c04be3d339c5301df687cb7487

  armel architecture (ARM Architecture):

    http://ports.ubuntu.com/pool/main/c/clamav/clamav-daemon_0.96.3+dfsg-2ubuntu1.2_armel.deb
      Size/MD5:   416402 e22a834a33f2d363598865896256c192
    http://ports.ubuntu.com/pool/main/c/clamav/clamav-dbg_0.96.3+dfsg-2ubuntu1.2_armel.deb
      Size/MD5:  1530710 01fd1a616c74c7612913b3cc8a875395
    http://ports.ubuntu.com/pool/main/c/clamav/clamav-freshclam_0.96.3+dfsg-2ubuntu1.2_armel.deb
      Size/MD5:   308092 4a743b08c9a1c8ad4ec79a6455334486
    http://ports.ubuntu.com/pool/main/c/clamav/clamav_0.96.3+dfsg-2ubuntu1.2_armel.deb
      Size/MD5:   328372 0ca2551f95b67a8af4c285e36b1efc50
    http://ports.ubuntu.com/pool/main/c/clamav/libclamav-dev_0.96.3+dfsg-2ubuntu1.2_armel.deb
      Size/MD5:   217954 db4b7c26334bc6f9a48af201f3c8ce53
    http://ports.ubuntu.com/pool/main/c/clamav/libclamav6_0.96.3+dfsg-2ubuntu1.2_armel.deb
      Size/MD5:   762684 87f79650eea51f5bca7953b4108f44c7
    http://ports.ubuntu.com/pool/universe/c/clamav/clamav-milter_0.96.3+dfsg-2ubuntu1.2_armel.deb
      Size/MD5:   341370 f941f44011e8220f1a1369e575ca8511

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/c/clamav/clamav-daemon_0.96.3+dfsg-2ubuntu1.2_powerpc.deb
      Size/MD5:   423734 a3cba413ddba7c8c869ef1052695d72f
    http://ports.ubuntu.com/pool/main/c/clamav/clamav-dbg_0.96.3+dfsg-2ubuntu1.2_powerpc.deb
      Size/MD5: 21943056 c945d37dfdc2f90cfdd3afa9e13770ff
    http://ports.ubuntu.com/pool/main/c/clamav/clamav-freshclam_0.96.3+dfsg-2ubuntu1.2_powerpc.deb
      Size/MD5:   312116 f75d13c70a666b6c50c94f11d8fc5fc7
    http://ports.ubuntu.com/pool/main/c/clamav/clamav_0.96.3+dfsg-2ubuntu1.2_powerpc.deb
      Size/MD5:   332152 9875d25fd10e30aa1caa97274fc6490c
    http://ports.ubuntu.com/pool/main/c/clamav/libclamav-dev_0.96.3+dfsg-2ubuntu1.2_powerpc.deb
      Size/MD5:   217878 dd01a33de40da567649a02f9bee20135
    http://ports.ubuntu.com/pool/main/c/clamav/libclamav6_0.96.3+dfsg-2ubuntu1.2_powerpc.deb
      Size/MD5:  3689510 ff8cd6d3eb28b66036db5ada5629cd7e
    http://ports.ubuntu.com/pool/universe/c/clamav/clamav-milter_0.96.3+dfsg-2ubuntu1.2_powerpc.deb
      Size/MD5:   345698 af4e9a8d36665dce94083e6c499ffdb3


Attachment: signature.asc
Description: Digital signature


  By Date           By Thread  

Current thread:
  • [USN-1031-1] ClamAV vulnerabilities Steve Beattie (Dec 10)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]