Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Full Disclosure: [SECURITY] [DSA 1238-1] New clamav packages fix several vulnerabilities

[SECURITY] [DSA 1238-1] New clamav packages fix several vulnerabilities

From: Moritz Muehlenhoff <jmm_at_debian.org>
Date: Sun, 17 Dec 2006 16:05:33 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1238-1 security_at_debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
December 17th, 2006 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : clamav
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2006-6406 CVE-2006-6481

Several remote vulnerabilities have been discovered in the Clam anti-virus
toolkit. The Common Vulnerabilities and Exposures project identifies the
following problems:

CVE-2006-6406

    Hendrik Weimer discovered that invalid characters in base64 encoded
    data may lead to bypass of scanning mechanisms.

CVE-2006-6481

    Hendrik Weimer discovered that deeply nested multipart/mime MIME
    data may lead to denial of service.

For the stable distribution (sarge) these problems have been fixed in
version 0.84-2.sarge.13.

For the upcoming stable distribution (etch) these problems have been
fixed in version 0.88.7-1.

For the unstable distribution (sid) these problems have been fixed in
version 0.88.7-1.

We recommend that you upgrade your clamav packages.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.13.dsc
      Size/MD5 checksum: 874 a99fd16ec6cd3597495d66c43d86b085
    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.13.diff.gz
      Size/MD5 checksum: 180118 96f6c6b906aeeb954ab2c87551d2c603
    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84.orig.tar.gz
      Size/MD5 checksum: 4006624 c43213da01d510faf117daa9a4d5326c

  Architecture independent components:

    http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.84-2.sarge.13_all.deb
      Size/MD5 checksum: 155278 724ad22ce36c7ead6c7f4712bb5f0ff3
    http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.84-2.sarge.13_all.deb
      Size/MD5 checksum: 694788 e78c2d70bd21ab4825f7bd094b7cf28f
    http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.84-2.sarge.13_all.deb
      Size/MD5 checksum: 124236 83e7462649f84e9de615de7fb6eb2b54

  Alpha architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.13_alpha.deb
      Size/MD5 checksum: 74850 2adf16cf2156a1e61727e44e7edb90a6
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.13_alpha.deb
      Size/MD5 checksum: 48904 780b33e72cc97613d1918ac5fc87469f
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.13_alpha.deb
      Size/MD5 checksum: 2176490 0cbec86ecd122fcb6546cae48b1a5c61
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.13_alpha.deb
      Size/MD5 checksum: 42158 36ab068c44e0ac1f287e48241607edc0
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.13_alpha.deb
      Size/MD5 checksum: 256080 60bde0f909bf70949b7f0be8226e8f4b
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.13_alpha.deb
      Size/MD5 checksum: 286276 fbbfd2962447273cb529dc2688e25777

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.13_amd64.deb
      Size/MD5 checksum: 69004 66dac7905120712f0477ec01f2f13139
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.13_amd64.deb
      Size/MD5 checksum: 44270 2b6022acfbaa3f4b361d45a655ee1cf7
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.13_amd64.deb
      Size/MD5 checksum: 2173284 a1580fd5035949d97b7ea5a27665d55e
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.13_amd64.deb
      Size/MD5 checksum: 40044 7b9102d5923f62a9ab12dc42a3efbd45
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.13_amd64.deb
      Size/MD5 checksum: 176794 cea39de4522486ee111e8a2b0bc28ce6
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.13_amd64.deb
      Size/MD5 checksum: 260382 9cb209b8272e4d47ff6ea75a531005ed

  ARM architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.13_arm.deb
      Size/MD5 checksum: 63972 f3f8425d3e3a8a827f93ef6d03f336bd
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.13_arm.deb
      Size/MD5 checksum: 39632 ea7b6f705443aad934203b51e56cb755
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.13_arm.deb
      Size/MD5 checksum: 2171284 30d825ee4d9d89116ec548b7051373bf
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.13_arm.deb
      Size/MD5 checksum: 37310 379d788641b4310f7a8739f80ab938dd
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.13_arm.deb
      Size/MD5 checksum: 175126 67474b7ba1f31f3b4e9d9f9a522ae285
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.13_arm.deb
      Size/MD5 checksum: 250262 d5e8dc0f1ea852bbf77e2d1d6b8bed15

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.13_hppa.deb
      Size/MD5 checksum: 68464 add625fd31acfb07e8e34cc618e7a954
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.13_hppa.deb
      Size/MD5 checksum: 43276 7a2b981580012ab2afe3b7b6292b2138
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.13_hppa.deb
      Size/MD5 checksum: 2173680 45427c3f7cc4d7595ae5ef6b238e8baf
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.13_hppa.deb
      Size/MD5 checksum: 39532 6517f856a1df38af75dc57e54d5d7a2b
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.13_hppa.deb
      Size/MD5 checksum: 202876 dc3643365832834b72cfa24fb7c08a32
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.13_hppa.deb
      Size/MD5 checksum: 283936 4c159ec7e0603185a97b0f5d62099722

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.13_i386.deb
      Size/MD5 checksum: 65324 c460a3ba33fcee90c9f3c91685938b32
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.13_i386.deb
      Size/MD5 checksum: 40370 ce8929f2ddc2228cec2a2fea5550d38a
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.13_i386.deb
      Size/MD5 checksum: 2171606 e2fa7b2fe19f04a66770bc606c39e919
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.13_i386.deb
      Size/MD5 checksum: 38078 81b6c522ebc4461b4b3dd5da0401fe68
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.13_i386.deb
      Size/MD5 checksum: 159904 2a6ee4c7a6e0b3532160d02e10643d57
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.13_i386.deb
      Size/MD5 checksum: 255048 4f53bc2e71a80762da1e82bff4117126

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.13_ia64.deb
      Size/MD5 checksum: 81950 ad4f8ccb2156b94629e82b943ed4a64b
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.13_ia64.deb
      Size/MD5 checksum: 55328 364279da2de3f7e0b8ad038a4733a60f
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.13_ia64.deb
      Size/MD5 checksum: 2180240 d80fc692c03cd3625b5523d98d883cd9
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.13_ia64.deb
      Size/MD5 checksum: 49236 a19e0a591503b344c54d810240dcb7de
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.13_ia64.deb
      Size/MD5 checksum: 252416 c3356dbe5e216f0871e24b42d787b604
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.13_ia64.deb
      Size/MD5 checksum: 318464 70a50bf5275e4ab303221d5ab707ed3d

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.13_m68k.deb
      Size/MD5 checksum: 62644 eb91d128b88ee9f952ec65ae1dee94e7
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.13_m68k.deb
      Size/MD5 checksum: 38238 4095d78fa120345f8d9cd04cd22e91c7
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.13_m68k.deb
      Size/MD5 checksum: 2170518 6e596aac7e604c88158e35e4a155a1e9
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.13_m68k.deb
      Size/MD5 checksum: 35126 e1dda3f1c1fe43cd06a4affb298bc16f
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.13_m68k.deb
      Size/MD5 checksum: 146488 4b14d5f0afbc4f780c2cead6adc4a3cc
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.13_m68k.deb
      Size/MD5 checksum: 251092 25300915476312b18df3ede8f79eaf30

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.13_mips.deb
      Size/MD5 checksum: 68070 cc8aab5ab0b1f459199c00a31fc56ad9
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.13_mips.deb
      Size/MD5 checksum: 43870 119cd5b965a6805fdce5cd90be28de22
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.13_mips.deb
      Size/MD5 checksum: 2173046 cf4b60a4d4570633519c079801a20b78
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.13_mips.deb
      Size/MD5 checksum: 37692 d492230af98b42b38ac566c640389862
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.13_mips.deb
      Size/MD5 checksum: 195822 fccf06425fae800f841a90d78d8e5120
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.13_mips.deb
      Size/MD5 checksum: 258168 c7051b8409be63e68bddf81d9a28f0bb

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.13_mipsel.deb
      Size/MD5 checksum: 67636 0f5c8fae1b340cde8a45b4c4067d508d
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.13_mipsel.deb
      Size/MD5 checksum: 43690 c6645db26897d97cb36923fe189d5313
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.13_mipsel.deb
      Size/MD5 checksum: 2173010 c18740033f8fb8c47febb70dffddf954
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.13_mipsel.deb
      Size/MD5 checksum: 37998 d9108727e4db76d14bed80edbf1a3c97
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.13_mipsel.deb
      Size/MD5 checksum: 192216 e2783d04fd553879590271135fa6734d
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.13_mipsel.deb
      Size/MD5 checksum: 255744 b833681a0f74d286497f7b5368994514

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.13_powerpc.deb
      Size/MD5 checksum: 69382 e48f231bee41d3065ac1622eccdba9e0
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.13_powerpc.deb
      Size/MD5 checksum: 44720 0f3a2c415fb4e7a658d3a58bfac9e890
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.13_powerpc.deb
      Size/MD5 checksum: 2173682 4ea34d9279e37e70a4201e05371fca95
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.13_powerpc.deb
      Size/MD5 checksum: 38894 d249f17fb9c157ad16f9a426ffcc8bfa
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.13_powerpc.deb
      Size/MD5 checksum: 187854 cb0f4a9b4545e3f220389a12513b15db
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.13_powerpc.deb
      Size/MD5 checksum: 265516 853da016b2f5b75fcd06a5fed93de5d6

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.13_s390.deb
      Size/MD5 checksum: 67960 9cfa237a0ddf2f2b84a838873fa3a9dd
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.13_s390.deb
      Size/MD5 checksum: 43632 7cd6aa86a4ab193dc66ee60a973ccf15
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.13_s390.deb
      Size/MD5 checksum: 2172960 5e7305b7adfeeac716498952221d146f
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.13_s390.deb
      Size/MD5 checksum: 38958 68bfab24f52fcbaa1d72538b17b80f12
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.13_s390.deb
      Size/MD5 checksum: 182860 8d0a959fb80bd90333dbbd92f3f8ac76
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.13_s390.deb
      Size/MD5 checksum: 270098 be6fc3cf76e1c0a9dad4eebb5ad64fee

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.13_sparc.deb
      Size/MD5 checksum: 64750 bbd81902e382538eef10d7f817d511af
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.13_sparc.deb
      Size/MD5 checksum: 39532 6ac663f32d7d66bf600d4f0c5df11d03
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.13_sparc.deb
      Size/MD5 checksum: 2171186 fd6946cfe666a43c81f4f2b27aab0f98
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.13_sparc.deb
      Size/MD5 checksum: 36890 b5b69baf1990e8b6cdf215910fbbd363
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.13_sparc.deb
      Size/MD5 checksum: 176104 b852e63365117f5252bd75b7a1ab3be6
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.13_sparc.deb
      Size/MD5 checksum: 265496 92b0efec94e02481cc9b1eb23a074a6a

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce_at_lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFhVyQXm3vHE4uyloRAuPRAKCZWfnhSXclLRFMn7C8WrKnFwqmsgCgxRQ/
Y/B3l3uywbra52tc/hO91B0=
=Vs3L
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Received on Dec 17 2006

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]