H&D HACKING & DEFENSE: DSA-1238-1 clamav -- several vulnerabilities

Date Reported:
17 Dec 2006
Affected Packages:
clamav
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2006-6406, CVE-2006-6481.

More information:
Several remote vulnerabilities have been discovered in the Clam anti-virus toolkit. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2006-6406
Hendrik Weimer discovered that invalid characters in base64 encoded data may lead to bypass of scanning mechanisms.

CVE-2006-6481
Hendrik Weimer discovered that deeply nested multipart/mime MIME data may lead to denial of service.

For the stable distribution (sarge) these problems have been fixed in version 0.84-2.sarge.13.

For the upcoming stable distribution (etch) these problems have been fixed in version 0.88.7-1.

For the unstable distribution (sid) these problems have been fixed in version 0.88.7-1.

We recommend that you upgrade your clamav packages.

Fixed in:
Debian GNU/Linux 3.1 (sarge)
Source:
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.13.dsc

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.13.diff.gz

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84.orig.tar.gz

Architecture-independent component:
http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.84-2.sarge.13_all.deb

http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.84-2.sarge.13_all.deb

http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.84-2.sarge.13_all.deb

Alpha:
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.13_alpha.deb

http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.13_alpha.deb

http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.13_alpha.deb

http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.13_alpha.deb

http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.13_alpha.deb

http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.13_alpha.deb

AMD64:
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.13_amd64.deb

http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.13_amd64.deb

http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.13_amd64.deb

http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.13_amd64.deb

http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.13_amd64.deb

http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.13_amd64.deb

ARM:
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.13_arm.deb

http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.13_arm.deb

http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.13_arm.deb

http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.13_arm.deb

http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.13_arm.deb

http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.13_arm.deb

HPPA:
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.13_hppa.deb

http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.13_hppa.deb

http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.13_hppa.deb

http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.13_hppa.deb

http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.13_hppa.deb

http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.13_hppa.deb

Intel IA-32:
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.13_i386.deb

http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.13_i386.deb

http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.13_i386.deb

http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.13_i386.deb

http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.13_i386.deb

http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.13_i386.deb

Intel IA-64:
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.13_ia64.deb

http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.13_ia64.deb

http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.13_ia64.deb

http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.13_ia64.deb

http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.13_ia64.deb

http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.13_ia64.deb

Motorola 680x0:
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.13_m68k.deb

http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.13_m68k.deb

http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.13_m68k.deb

http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.13_m68k.deb

http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.13_m68k.deb

http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.13_m68k.deb

Big endian MIPS:
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.13_mips.deb

http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.13_mips.deb

http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.13_mips.deb

http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.13_mips.deb

http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.13_mips.deb

http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.13_mips.deb

Little endian MIPS:
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.13_mipsel.deb

http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.13_mipsel.deb

http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.13_mipsel.deb

http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.13_mipsel.deb

http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.13_mipsel.deb

http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.13_mipsel.deb

PowerPC:
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.13_powerpc.deb

http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.13_powerpc.deb

http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.13_powerpc.deb

http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.13_powerpc.deb

http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.13_powerpc.deb

http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.13_powerpc.deb

IBM S/390:
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.13_s390.deb

http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.13_s390.deb

http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.13_s390.deb

http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.13_s390.deb

http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.13_s390.deb

http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.13_s390.deb

Sun Sparc:
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.13_sparc.deb

http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.13_sparc.deb

http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.13_sparc.deb

http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.13_sparc.deb

http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.13_sparc.deb

http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.13_sparc.deb

MD5 checksums of the listed files are available in the original advisory.

Search for in Google by Dino

jueves, 21 de diciembre de 2006

DSA-1238-1 clamav -- several vulnerabilities

No hay comentarios.:

a.k.a Dino / Mundo de Dino

MI PERFIL EN LINKEDIN

Translate

DIPLOMADO SEGURIDAD INFORMATICA UNIVALLE VERSION 2015

LEE LO QUE QUIERAS! :P

La Bitacora de Dino

Los Articulos q mas gustan

Mi Twitter

Vistas a la página totales

estadisticas

Quienes siguen mi Blog:

UNIVALLE

Universidad Libre

Universidad Autonoma de Occidente

TECHNOLOGYINT

Cultura Hack un estilo de vida

Blog H&D "Hacking & Defense SAS"

"MI MANIFIESTO"