Forum: >>> Magnum BBS <<<

[SECURITY] [DSA 1616-1] new clamav packages fix denial of service (1/3)

From Devin Carraway@1:229/2 to All on Thu Jul 24 09:40:13 2008

From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------ Debian Security Advisory DSA-1616-1 [email protected] http://www.debian.org/security/ Devin Carraway
July 24, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : clamav
Vulnerability : denial of service
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-2713
Debian Bug : 490925

Damian Put discovered a vulnerability in the ClamAV anti-virus
toolkit's parsing of Petite-packed Win32 executables. The weakness
leads to an invalid memory access, and could enable an attacker to
crash clamav by supplying a maliciously crafted Petite-compressed
binary for scanning. In some configurations, such as when clamav
is used in combination with mail servers, this could cause a system
to "fail open," facilitating a follow-on viral attack.

The Common Vulnerabilities and Exposures project identifies this
weakness as CVE-2008-2713.

For the stable distribution (etch), this problem has been fixed in
version 0.90.1dfsg-3etch13. For the unstable distribution (sid), the
problem has been fixed in version 0.93.1.dfsg-1.1.

We recommend that you upgrade your clamav packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch13.diff.gz
Size/MD5 checksum: 213572 2dbfd4ac08c7af42d86f14e36d51a1ba
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch13.dsc
Size/MD5 checksum: 900 1956339e5b45defa704f7428d2ca2b8a
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg.orig.tar.gz
Size/MD5 checksum: 11610428 6dc18602b0aa653924d47316f9411e49

Architecture independent packages:

http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.90.1dfsg-3etch13_all.deb
Size/MD5 checksum: 158352 06513119080bfa3ce5ef244fcfc692f4
http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.90.1dfsg-3etch13_all.deb
Size/MD5 checksum: 1003920 067c6757b73dfe5a89ac3ad78d6bb467
http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.90.1dfsg-3etch13_all.deb
Size/MD5 checksum: 202110 4b03c3a6084dff2fa2915f651b05f5f3

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3etch13_alpha.deb
Size/MD5 checksum: 372734 b02f13a6b046e16b450c5aa28603270a
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3etch13_alpha.deb
Size/MD5 checksum: 180766 908d8ba5f5b151eb8ea71616b19fd807
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3etch13_alpha.deb
Size/MD5 checksum: 182574 23c6d7821e5fc5132211a17a23e65976
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3etch13_alpha.deb
Size/MD5 checksum: 465116 d414094ddcaccdc223b3e887207cd64c
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch13_alpha.deb
Size/MD5 checksum: 862164 6c6a9ab56700cc5f031194a0116119a4
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3etch13_alpha.deb
Size/MD5 checksum: 9305100 8fa282fe181b8c7c2a818926638d86e1
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3etch13_alpha.deb
Size/MD5 checksum: 597442 d437e275a635d03438943bcd754091b7

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3etch13_amd64.deb
Size/MD5 checksum: 9302456 749d09d15673706504be022e5ab19cc1
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3etch13_amd64.deb
Size/MD5 checksum: 593794 acd734b6ddebd1c6648c5ee4a809f911
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3etch13_amd64.deb
Size/MD5 checksum: 341474 f497da61df358ff5a2c7127b1c0d2ea3
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3etch13_amd64.deb
Size/MD5 checksum: 355644 cfe37443151e33521ab518f949008fc0
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3etch13_amd64.deb
Size/MD5 checksum: 178880 81f2aebdcc0e10343c811488691c9b2e
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3etch13_amd64.deb
Size/MD5 checksum: 177968 6ffbaf669737868284cda847b7b4de8f
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch13_amd64.deb
Size/MD5 checksum: 856974 30a64aadcef84a5241d18cb669d55431

arm architecture (ARM)

http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3etch13_arm.deb
Size/MD5 checksum: 336226 46964d05954b2ff7d5d0791614c0194e
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3etch13_arm.deb
Size/MD5 checksum: 9299564 fe0f3ad0b1be34898583b66c5ebbf542
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3etch13_arm.deb
Size/MD5 checksum: 175804 456f92e49076d4ddd31e5862c81564d2
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch13_arm.deb
Size/MD5 checksum: 853740 3cd48a7cdfdd820d2aaecc1357a05491
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3etch13_arm.deb
Size/MD5 checksum: 554038 16515a5a4948051bdb0881a25743cacd
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3etch13_arm.deb
Size/MD5 checksum: 335532 cd84e09870119cd4ee240cc398aeb7d3
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3etch13_arm.deb
Size/MD5 checksum: 171686 2377a06f744bc30efef5016a9a775913

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

Who's Online
Recent Visitors
- Ab Cadd
  Sat Jun 6 15:42:53 2026
  from Sheboygan, Wi via Telnet
- Centurion
  Sat Jun 6 15:32:28 2026
  from Berea, Ohio via Telnet
- Krenn
  Sat Jun 6 11:38:56 2026
  from Sydney, Nsw via Telnet
- Furryboy
  Sat Jun 6 10:56:29 2026
  from Romania, Galati via SSH
- Centurion
  Fri Jun 5 22:28:01 2026
  from Berea, Ohio via Telnet
- Ab Cadd
  Fri Jun 5 17:52:51 2026
  from Sheboygan, Wi via Telnet
- Gwylbert
  Fri Jun 5 06:28:52 2026
  from Sydney, Nsw via Telnet
- Centurion
  Thu Jun 4 23:42:23 2026
  from Berea, Ohio via Telnet

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	715
Nodes:	16 (2 / 14)
Uptime:	151:30:30
Calls:	12,091
Calls today:	4
Files:	15,000
Messages:	6,517,607

[SECURITY] [DSA 1616-1] new clamav packages fix denial of service (1/3)

Who's Online

Recent Visitors

System Info