Debian-Sicherheitsankündigung

DSA-1497-1 clamav -- Mehrere Verwundbarkeiten

Datum des Berichts:

16. Feb 2008

Betroffene Pakete:

clamav

Verwundbar:

Sicherheitsdatenbanken-Referenzen:

In Mitres CVE-Verzeichnis: CVE-2007-6595, CVE-2008-0318.

Weitere Informationen:

Im Clam-Antiviren-Werkzeugkasten wurden mehrere Verwundbarkeiten gefunden, die zur Ausführung beliebigen Codes oder lokalen Diensteverweigerungen (denial of service) führen können. Das Common Vulnerabilities and Exposures project identifiziert die folgenden Probleme:

CVE-2007-6595
Es wurde entdeckt, dass temporäre Dateien unsicher erstellt werden. Dies kann zu lokalen Diensteverweigerungen durch Überschreiben von Dateien führen.
CVE-2008-0318
Silvio Cesare entdeckte einen Integer-Überlauf im Parser für PE-Kopfdaten.

Die Version von Clamav in der alten stabilen Distribution (Sarge) wird nicht mehr mit Sicherheitsaktualisierungen versorgt.

Für die stabile Distribution (Etch) wurden diese Probleme in Version 0.90.1dfsg-3etch10 behoben. Zusätzlich zu diesen Korrekturen sind auch Änderungen von der kommenden Zwischenveröffentlichung der stabilen Distribution (Entfernung der nicht-freien RAR-Behandlung) in diese Aktualisierung eingearbeitet.

Wir empfehlen, dass Sie Ihre clamav-Pakete aktualisieren.

Behoben in:

Debian GNU/Linux 4.0 (stable)

Quellcode:: http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg.orig.tar.gz; http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch10.dsc; http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch10.diff.gz
Architektur-unabhängige Dateien:: http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.90.1dfsg-3etch10_all.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.90.1dfsg-3etch10_all.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.90.1dfsg-3etch10_all.deb
Alpha:: http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3etch10_alpha.deb; http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3etch10_alpha.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch10_alpha.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3etch10_alpha.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3etch10_alpha.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3etch10_alpha.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3etch10_alpha.deb
AMD64:: http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3etch10_amd64.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3etch10_amd64.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3etch10_amd64.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3etch10_amd64.deb; http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3etch10_amd64.deb; http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3etch10_amd64.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch10_amd64.deb
ARM:: http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3etch10_arm.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3etch10_arm.deb; http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3etch10_arm.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3etch10_arm.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch10_arm.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3etch10_arm.deb; http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3etch10_arm.deb
HP Precision:: http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3etch10_hppa.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3etch10_hppa.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3etch10_hppa.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3etch10_hppa.deb; http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3etch10_hppa.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3etch10_hppa.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch10_hppa.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3etch10_i386.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch10_i386.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3etch10_i386.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3etch10_i386.deb; http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3etch10_i386.deb; http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3etch10_i386.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3etch10_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3etch10_ia64.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3etch10_ia64.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3etch10_ia64.deb; http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3etch10_ia64.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3etch10_ia64.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch10_ia64.deb; http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3etch10_ia64.deb
Big-endian MIPS:: http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3etch10_mips.deb; http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3etch10_mips.deb; http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3etch10_mips.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3etch10_mips.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3etch10_mips.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch10_mips.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3etch10_mips.deb
Little-endian MIPS:: http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3etch10_mipsel.deb; http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3etch10_mipsel.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3etch10_mipsel.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch10_mipsel.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3etch10_mipsel.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3etch10_mipsel.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3etch10_mipsel.deb
IBM S/390:: http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3etch10_s390.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch10_s390.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3etch10_s390.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3etch10_s390.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3etch10_s390.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3etch10_s390.deb; http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3etch10_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3etch10_sparc.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3etch10_sparc.deb; http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3etch10_sparc.deb; http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3etch10_sparc.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3etch10_sparc.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch10_sparc.deb; http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3etch10_sparc.deb

MD5-Prüfsummen der aufgeführten Dateien stehen in der ursprünglichen Sicherheitsankündigung zur Verfügung.

Diese Seite gibt es auch in den folgenden Sprachen:

dansk English français 日本語 (Nihongo) svenska

Wie stellt man die Standardsprache ein

Um Probleme mit der Website zu melden, schreiben Sie bitte eine E-Mail auf Englisch an debian-www@lists.debian.org. Rechtschreibfehler in der deutschen Übersetzung senden Sie bitte an debian-l10n-german@lists.debian.org. Weitere Kontaktinformationen finden Sie auf Debians Kontaktseite.