Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[USN-770-1] ClamAV vulnerability
From: Jamie Strandboge <jamie () canonical com>
Date: Mon, 4 May 2009 18:06:29 -0500

===========================================================
Ubuntu Security Notice USN-770-1               May 04, 2009
clamav vulnerability
https://launchpad.net/bugs/365823
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 9.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 9.04:
  clamav-milter                   0.95.1+dfsg-1ubuntu1.2

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

A flaw was discovered in the clamav-milter initscript which caused the
ownership of the current working directory to be changed to the 'clamav'
user. This update attempts to repair the incorrect ownership for standard
system directories, but it is recommended that the following command be
performed to report any other directories that may be affected:

  $ sudo find -H / -type d -user clamav \! -group clamav 2>/dev/null

Systems configured to run clamav as a user other than the default 'clamav'
user will need to adjust the above command accordingly.


Updated packages for Ubuntu 9.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.95.1+dfsg-1ubuntu1.2.diff.gz
      Size/MD5:   240956 16d828dea428d031cc59d41b24b592d1
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.95.1+dfsg-1ubuntu1.2.dsc
      Size/MD5:     1540 575dace049ba5216b8ccbd3333b6c2c3
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.95.1+dfsg.orig.tar.gz
      Size/MD5: 24233062 1e9618ac1b9b58e5c1c1b665adf26749

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-base_0.95.1+dfsg-1ubuntu1.2_all.deb
      Size/MD5: 21399900 52b7926a51ada72067819f1c646db8b3
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-docs_0.95.1+dfsg-1ubuntu1.2_all.deb
      Size/MD5:  1110124 f7759ab6a73007be3605276cb0e7f28d
    http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-testfiles_0.95.1+dfsg-1ubuntu1.2_all.deb
      Size/MD5:   225956 d4cc917a76574e27fe7b51643628bb4d

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-daemon_0.95.1+dfsg-1ubuntu1.2_amd64.deb
      Size/MD5:   393938 b905639abb64cbb62f6b088abf5a0231
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-dbg_0.95.1+dfsg-1ubuntu1.2_amd64.deb
      Size/MD5:  1184152 675a9cea68762ac8e0dca483292e15cf
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-freshclam_0.95.1+dfsg-1ubuntu1.2_amd64.deb
      Size/MD5:   281792 d0cbd33bd85b022ee85bbdac7511213f
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.95.1+dfsg-1ubuntu1.2_amd64.deb
      Size/MD5:   273934 86fa7c88dd44a77cf563b401d22a1139
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav-dev_0.95.1+dfsg-1ubuntu1.2_amd64.deb
      Size/MD5:   605768 951853d338127eb686432233bfb5a341
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav6_0.95.1+dfsg-1ubuntu1.2_amd64.deb
      Size/MD5:   569884 20ce2a8275351db1eee604558d79d4f7
    http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-milter_0.95.1+dfsg-1ubuntu1.2_amd64.deb
      Size/MD5:   266000 33d736985619ca166f8f917fb7271d87

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-daemon_0.95.1+dfsg-1ubuntu1.2_i386.deb
      Size/MD5:   382140 4440322bc961f0a410ebc92bb95f17aa
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-dbg_0.95.1+dfsg-1ubuntu1.2_i386.deb
      Size/MD5:  1095416 9e2b92403f60728922113a3a27982533
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-freshclam_0.95.1+dfsg-1ubuntu1.2_i386.deb
      Size/MD5:   279266 5f2fe7d3e0d045fe4f68e356fd977a04
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.95.1+dfsg-1ubuntu1.2_i386.deb
      Size/MD5:   268354 db1afab9a4b57a37bdcc3ccf471c5cc2
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav-dev_0.95.1+dfsg-1ubuntu1.2_i386.deb
      Size/MD5:   574290 c33b885b054cd55655292c55bed96295
    http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav6_0.95.1+dfsg-1ubuntu1.2_i386.deb
      Size/MD5:   557328 643fd52c2f12ac522a87121e93978e79
    http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-milter_0.95.1+dfsg-1ubuntu1.2_i386.deb
      Size/MD5:   263040 0ab591f0b668adb5587edd485e987c13

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/c/clamav/clamav-daemon_0.95.1+dfsg-1ubuntu1.2_lpia.deb
      Size/MD5:   382392 0ea691eea8bd953bc273da4c9b9debc4
    http://ports.ubuntu.com/pool/main/c/clamav/clamav-dbg_0.95.1+dfsg-1ubuntu1.2_lpia.deb
      Size/MD5:  1116512 52c01ee04b0107669c566b44cfac727e
    http://ports.ubuntu.com/pool/main/c/clamav/clamav-freshclam_0.95.1+dfsg-1ubuntu1.2_lpia.deb
      Size/MD5:   279020 aa4872b8c2d9f299d532888d3675ea51
    http://ports.ubuntu.com/pool/main/c/clamav/clamav_0.95.1+dfsg-1ubuntu1.2_lpia.deb
      Size/MD5:   268124 3a3175eb60cea6248bdd6767e5833de2
    http://ports.ubuntu.com/pool/main/c/clamav/libclamav-dev_0.95.1+dfsg-1ubuntu1.2_lpia.deb
      Size/MD5:   575506 96c1ca9f26aba0862f42b189fcae7354
    http://ports.ubuntu.com/pool/main/c/clamav/libclamav6_0.95.1+dfsg-1ubuntu1.2_lpia.deb
      Size/MD5:   559374 04a449e526bbb7d8be9b95c365b3b7f6
    http://ports.ubuntu.com/pool/universe/c/clamav/clamav-milter_0.95.1+dfsg-1ubuntu1.2_lpia.deb
      Size/MD5:   263008 ef2bcc6eb89e665ab5fba4cf10d2d2d8

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/c/clamav/clamav-daemon_0.95.1+dfsg-1ubuntu1.2_powerpc.deb
      Size/MD5:   400204 94578b9dca844d1434025a51c0109c83
    http://ports.ubuntu.com/pool/main/c/clamav/clamav-dbg_0.95.1+dfsg-1ubuntu1.2_powerpc.deb
      Size/MD5:  1158670 5a7be46133af1bc18e47adfca1cf6587
    http://ports.ubuntu.com/pool/main/c/clamav/clamav-freshclam_0.95.1+dfsg-1ubuntu1.2_powerpc.deb
      Size/MD5:   283848 2ab5a37504e844051c48c6419e55f336
    http://ports.ubuntu.com/pool/main/c/clamav/clamav_0.95.1+dfsg-1ubuntu1.2_powerpc.deb
      Size/MD5:   276786 1003a47361604f8d3b54771e9bb0fa34
    http://ports.ubuntu.com/pool/main/c/clamav/libclamav-dev_0.95.1+dfsg-1ubuntu1.2_powerpc.deb
      Size/MD5:   645340 365e906bfacae713aa391e827933e9ad
    http://ports.ubuntu.com/pool/main/c/clamav/libclamav6_0.95.1+dfsg-1ubuntu1.2_powerpc.deb
      Size/MD5:   587074 d83bab7ca42ef3a0b37e704aa624558c
    http://ports.ubuntu.com/pool/universe/c/clamav/clamav-milter_0.95.1+dfsg-1ubuntu1.2_powerpc.deb
      Size/MD5:   269430 29c2c9c54774130407c28ed4422da83b

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/c/clamav/clamav-daemon_0.95.1+dfsg-1ubuntu1.2_sparc.deb
      Size/MD5:   383556 1cea55a1fce839b2ca1e5b03ca632c32
    http://ports.ubuntu.com/pool/main/c/clamav/clamav-dbg_0.95.1+dfsg-1ubuntu1.2_sparc.deb
      Size/MD5:  1064340 a6c0dc3a0e3d40a4f89dff2290a6769a
    http://ports.ubuntu.com/pool/main/c/clamav/clamav-freshclam_0.95.1+dfsg-1ubuntu1.2_sparc.deb
      Size/MD5:   277894 fc8f08a7d044cc9246a8233d1a9cfd2a
    http://ports.ubuntu.com/pool/main/c/clamav/clamav_0.95.1+dfsg-1ubuntu1.2_sparc.deb
      Size/MD5:   268476 c4a9a06151ad123de3cb484f06fc8870
    http://ports.ubuntu.com/pool/main/c/clamav/libclamav-dev_0.95.1+dfsg-1ubuntu1.2_sparc.deb
      Size/MD5:   607604 f11ab004f8c8c5c6845bc90c38cf2f4a
    http://ports.ubuntu.com/pool/main/c/clamav/libclamav6_0.95.1+dfsg-1ubuntu1.2_sparc.deb
      Size/MD5:   574486 e1c8f67fa7300c4759d9c01b9bc4e3c2
    http://ports.ubuntu.com/pool/universe/c/clamav/clamav-milter_0.95.1+dfsg-1ubuntu1.2_sparc.deb
      Size/MD5:   262718 ff8884c64206061ec9830b029c06aa8e


Attachment: signature.asc
Description: Digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • [USN-770-1] ClamAV vulnerability Jamie Strandboge (May 04)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault