Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > September 2005 > Debian - Four Security Advisories

September 2005

Debian - Four Security Advisories

ID: 00850
Ref: 793/05
Date: 29 September 2005:15:19:37
Version: 1
Title: Debian - Four Security Advisories
Abstract:
Vendors affected: Debian
Operating systems affected: Debian
Applications affected: Debian

Title
=====

Debian - Four Security Advisories:
1. Updated zsync i386 packages fix build error [DSA 797-2]
2. New gtkdiskfree packages fix insecure temporary file [DSA 822-1]
3. New util-linux packages fix privilege escalation [DSA 823-1]
4. New ClamAV packages fix denial of service [DSA 824-1]


Detail
======

Security advisory summaries:

1. There was a build error for the sarge i386 proftpd packages released in
DSA 797-1. A new build, zsync_0.3.3-1.sarge.1.2, has been prepared to
correct this error. The packages for other architectures are unaffected.

2. It has been discovered that gtkdiskfree, a GNOME program that shows
free and used space on file systems, creates a temporary file in an
insecure fashion.

3. A bug has been discovered in mount as provided by util-linux and
other packages such as loop-aes-utils that allows local users to
bypass filesystem access restrictions by re-mounting it read-only.

4. Two vulnerabilities have been discovered in Clam AntiVirus, the
antivirus scanner for Unix, designed for integration with mail servers
to perform attachment scanning.

Security advisory content follows:


1.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 797-2 security@debian.org
http://www.debian.org/security/ Michael Stone
September 28th, 2005 http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package : zsync
Vulnerability : DOS
Problem-Type : buffer overflow
Debian-specific: no
CVE ID : CAN-2005-1849, CAN-2005-2096

zsync, a file transfer program, includes a modified local copy of
the zlib library, and is vulnerable to certain bugs fixed previously
in the zlib package.

There was a build error for the sarge i386 proftpd packages released in
DSA 797-1. A new build, zsync_0.3.3-1.sarge.1.2, has been prepared to
correct this error. The packages for other architectures are unaffected.

Upgrade Instructions
- - --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- - --------------------------------

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/z/zsync/zsync_0.3.3-1.sarge.1.2_i386.deb
Size/MD5 checksum: 94516 bb4ff605c6e3b94f23dd0986ca55e450

These files will probably be moved into the stable distribution on
its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iQCVAwUBQzs06g0hVr09l8FJAQKrLwQAmPfeT1IBuytJJQr6k8nAVvJMAy1YbOua
vkcng39SHCiTP2HPYRxJCGMRvp3EqTx3QFsuhCBCl+cxDIPk63CNIuUBb+WinYN5
h543O3nmIukK4RSESN51E7WULQ6OTINzBM9xLQrFSI0glyRIefEHw/bsSOvz8Bs0
T5EPNapUs9s=
=dC8D
- -----END PGP SIGNATURE-----




2.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 822-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
September 29th, 2005 http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package : gtkdiskfree
Vulnerability : insecure temporary file creation
Problem type : local
Debian-specific: no
CVE ID : CAN-2005-2918

Eric Romang discovered that gtkdiskfree, a GNOME program that shows
free and used space on filesystems, creates a temporary file in an
insecure fashion.

The old stable distribution (woody) does not contain the gtkdiskfree
package.

For the stable distribution (sarge) this problem has been fixed in
version 1.9.3-4sarge1.

For the unstable distribution (sid) this problem will be fixed soon.

We recommend that you upgrade your gtkdiskfree package.


Upgrade Instructions
- - --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/g/gtkdiskfree/gtkdiskfree_1.9.3-4sarge1.dsc
Size/MD5 checksum: 621 0bd28c26695d9fccf914ab1e377909b2
http://security.debian.org/pool/updates/main/g/gtkdiskfree/gtkdiskfree_1.9.3-4sarge1.diff.gz
Size/MD5 checksum: 16542 ae45c717d4ae1b818444129e16c233cb
http://security.debian.org/pool/updates/main/g/gtkdiskfree/gtkdiskfree_1.9.3.orig.tar.gz
Size/MD5 checksum: 255601 66218fc425da0a2c42adfcb9914dd641

Alpha architecture:

http://security.debian.org/pool/updates/main/g/gtkdiskfree/gtkdiskfree_1.9.3-4sarge1_alpha.deb
Size/MD5 checksum: 98940 1b26a54bae0be826495264be3b7b82e6

AMD64 architecture:

http://security.debian.org/pool/updates/main/g/gtkdiskfree/gtkdiskfree_1.9.3-4sarge1_amd64.deb
Size/MD5 checksum: 94194 bfb1876fa331f1ae9cb0298c28ffe4c5

ARM architecture:

http://security.debian.org/pool/updates/main/g/gtkdiskfree/gtkdiskfree_1.9.3-4sarge1_arm.deb
Size/MD5 checksum: 89044 1e857eadbbe706b8e225b2cb01d45490

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/g/gtkdiskfree/gtkdiskfree_1.9.3-4sarge1_i386.deb
Size/MD5 checksum: 90816 d4acc02866f01c1a8b730f415bdb0336

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/g/gtkdiskfree/gtkdiskfree_1.9.3-4sarge1_ia64.deb
Size/MD5 checksum: 104408 459cf724e9f5577d4fda6a789c9a90bb

HP Precision architecture:

http://security.debian.org/pool/updates/main/g/gtkdiskfree/gtkdiskfree_1.9.3-4sarge1_hppa.deb
Size/MD5 checksum: 94946 7e14aaa69a7e846d77c96b84f9c5c025

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/g/gtkdiskfree/gtkdiskfree_1.9.3-4sarge1_m68k.deb
Size/MD5 checksum: 88688 a9a9de28ad819007aa994944c20e523c

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/g/gtkdiskfree/gtkdiskfree_1.9.3-4sarge1_mips.deb
Size/MD5 checksum: 90530 7e553dc962f250a16cfe10512c9b458c

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/g/gtkdiskfree/gtkdiskfree_1.9.3-4sarge1_mipsel.deb
Size/MD5 checksum: 88680 2069bcc94c615cc7b7862469ad7f25eb

PowerPC architecture:

http://security.debian.org/pool/updates/main/g/gtkdiskfree/gtkdiskfree_1.9.3-4sarge1_powerpc.deb
Size/MD5 checksum: 93076 8b4dc0bedd12247019212ece8466154d

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/g/gtkdiskfree/gtkdiskfree_1.9.3-4sarge1_s390.deb
Size/MD5 checksum: 94662 ec49c801f4c1637e43324ff161ac58ea

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/g/gtkdiskfree/gtkdiskfree_1.9.3-4sarge1_sparc.deb
Size/MD5 checksum: 90310 d1bc24a8debc839678181bc842a5b047


These files will probably be moved into the stable distribution on
its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDO5abW5ql+IAeqTIRAvvVAJ9DmUeiigWzSDY1vt8RHKkmDU8qVQCeI1Ii
z0PnEalA+Pw8PySQBvBuN8g=
=Uxx8
- -----END PGP SIGNATURE-----




3.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 823-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
September 29th, 2005 http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package : util-linux
Vulnerability : privilege escalation
Problem type : local
Debian-specific: no
CVE ID : CAN-2005-2876
Debian Bug : 328141 329063

David Watson discoverd a bug in mount as provided by util-linux and
other packages such as loop-aes-utils that allows local users to
bypass filesystem access restrictions by re-mounting it read-only.

For the old stable distribution (woody) this problem has been fixed in
version 2.11n-7woody1.

For the stable distribution (sarge) this problem has been fixed in
version 2.12p-4sarge1.

For the unstable distribution (sid) this problem has been fixed in
version 2.12p-8.

We recommend that you upgrade your loop-aes-utils package.


Upgrade Instructions
- - --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.11n-7woody1.dsc
Size/MD5 checksum: 641 fce635015061f5d46813f8592a40d4c6
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.11n-7woody1.diff.gz
Size/MD5 checksum: 50075 cf65f5247eb2804b2a50f9194e68cb90
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.11n.orig.tar.gz
Size/MD5 checksum: 1442534 8abef2ae7e95177f5253ed4535e074c1

Architecture independent components:

http://security.debian.org/pool/updates/main/u/util-linux/util-linux-locales_2.11n-7woody1_all.deb
Size/MD5 checksum: 650386 a4be44b838e54364ddf1f173221744f5

Alpha architecture:

http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.11n-7woody1_alpha.deb
Size/MD5 checksum: 42090 47783226e3c34c116eb07b37d1210d1c
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.11n-7woody1_alpha.deb
Size/MD5 checksum: 125614 5ded5ce9534da343bc1f2d1932b1dad2
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.11n-7woody1_alpha.deb
Size/MD5 checksum: 389870 25f9bbe360817774d353ff4b0867c1d3

ARM architecture:

http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.11n-7woody1_arm.deb
Size/MD5 checksum: 38952 d27109fd1a530f9645abc7a49782d2a3
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.11n-7woody1_arm.deb
Size/MD5 checksum: 99214 9c97a96648eb0e2de9807ed6ebf28273
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.11n-7woody1_arm.deb
Size/MD5 checksum: 336014 b0a323657cbac6753dbfb2f8702f97e3

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.11n-7woody1_i386.deb
Size/MD5 checksum: 39666 6ad1c919266183bc2d9b72900dcacd32
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.11n-7woody1_i386.deb
Size/MD5 checksum: 99486 7c46ddd1c0344fef3b1bdb73b49479d6
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.11n-7woody1_i386.deb
Size/MD5 checksum: 330128 d6e5c87bb8e250d6fb25c42ea4bcabd4

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.11n-7woody1_ia64.deb
Size/MD5 checksum: 44814 ccd30f34220f611839f6af3804994f35
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.11n-7woody1_ia64.deb
Size/MD5 checksum: 141200 2665d0a3d0c4e4c44379cf72f6da820e
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.11n-7woody1_ia64.deb
Size/MD5 checksum: 450054 fd182f5abb1f7e5e8e0e7b2c9b7063b8

HP Precision architecture:

http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.11n-7woody1_hppa.deb
Size/MD5 checksum: 40848 6ac5aeb7c1f65b14668cf2f25b33dea2
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.11n-7woody1_hppa.deb
Size/MD5 checksum: 114886 74597c0f5942039cf0adbc3c6b5fa34d
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.11n-7woody1_hppa.deb
Size/MD5 checksum: 367094 4933cae4c4cb1e01ced24d52f3e9b2b0

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.11n-7woody1_m68k.deb
Size/MD5 checksum: 39170 62f8cac276d09b134c0a62c42563ab51
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.11n-7woody1_m68k.deb
Size/MD5 checksum: 96928 51eb3ba6a32e35ee5e7db83eec7436bf
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.11n-7woody1_m68k.deb
Size/MD5 checksum: 203656 937a79d72ea795195c6b761a5aea7bb6

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.11n-7woody1_mips.deb
Size/MD5 checksum: 39846 94fa3b3bf56f6d63066603acbbcc3d43
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.11n-7woody1_mips.deb
Size/MD5 checksum: 112544 8493e3d4ee5ac8037a51f30baf2e197b
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.11n-7woody1_mips.deb
Size/MD5 checksum: 348288 d1f62cda038b511e5df00f7850fecd94

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.11n-7woody1_mipsel.deb
Size/MD5 checksum: 39706 508586755e53ed64c3aa32455b0f0b6c
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.11n-7woody1_mipsel.deb
Size/MD5 checksum: 112684 2e7fd13c29633ce39676f63932b0fc8d
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.11n-7woody1_mipsel.deb
Size/MD5 checksum: 347824 c6244afdec75eb663065aa13fa7bdeda

PowerPC architecture:

http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.11n-7woody1_powerpc.deb
Size/MD5 checksum: 39288 96bec0efd657e08892a27c10e2aeb33f
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.11n-7woody1_powerpc.deb
Size/MD5 checksum: 102562 2a5d7040ab0372bdfbeeacabcd3f6b8b
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.11n-7woody1_powerpc.deb
Size/MD5 checksum: 339450 0046286fb461e613f10e51f29980abb3

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.11n-7woody1_s390.deb
Size/MD5 checksum: 40426 b8bbe428e0dcab555753d427112afab6
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.11n-7woody1_s390.deb
Size/MD5 checksum: 106674 62cf3121f0096637cfad9f0b6f42c750
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.11n-7woody1_s390.deb
Size/MD5 checksum: 190018 9130482d45c4d70d75729c75fce92daa

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.11n-7woody1_sparc.deb
Size/MD5 checksum: 46030 8ff343a6e95a5b3f1894b849c328da2e
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.11n-7woody1_sparc.deb
Size/MD5 checksum: 113674 744e3c6ebe8ce757f9f8fe6947a9db4a
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.11n-7woody1_sparc.deb
Size/MD5 checksum: 273234 bb59545a02d0b7570fb34a4fd12b2c68


Debian GNU/Linux 3.1 alias sarge
- - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge1.dsc
Size/MD5 checksum: 712 9341316ba59e695a6bc89cd9ecda5f65
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge1.diff.gz
Size/MD5 checksum: 73184 777c64bed4a63496ec05456ccf234bcd
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p.orig.tar.gz
Size/MD5 checksum: 2001658 d47e820f6880c21c8b4c0c7e8a7376cc

Architecture independent components:

http://security.debian.org/pool/updates/main/u/util-linux/util-linux-locales_2.12p-4sarge1_all.deb
Size/MD5 checksum: 1078722 5f5e4513c74e6cb5262b4ac976881eb0

Alpha architecture:

http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge1_alpha.deb
Size/MD5 checksum: 68950 bb19eb9abe0bc1277e3dd2313b8f4153
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge1_alpha.deb
Size/MD5 checksum: 159648 f1636230b6f4523f80edc78aa57ba2aa
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge1_alpha.deb
Size/MD5 checksum: 439592 cdaad3d4d275315f03bd304c9d414faf

AMD64 architecture:

http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge1_amd64.deb
Size/MD5 checksum: 67222 26b68625dda4c3736124a14543347ebd
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge1_amd64.deb
Size/MD5 checksum: 146038 b8f5b355beb87bc3637861fc526c6d85
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge1_amd64.deb
Size/MD5 checksum: 400974 361df6632f69bac77bf290f5ab9a0f71

ARM architecture:

http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge1_arm.deb
Size/MD5 checksum: 65290 4efd973f621a30865f70cfcbb70473df
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge1_arm.deb
Size/MD5 checksum: 136262 018f40934ba15fb5e20a0c625f8eb9b9
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge1_arm.deb
Size/MD5 checksum: 386952 cdb739cf88a719d3f74b2519f7ed8abc

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge1_i386.deb
Size/MD5 checksum: 65606 8339484e18bf9d4e491c73bc2a9b6a76
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge1_i386.deb
Size/MD5 checksum: 139460 544996c905c84f9cdaef5bc4d0eefb10
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge1_i386.deb
Size/MD5 checksum: 378306 93e989d714a489a8d5ddee64b33c6e90

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge1_ia64.deb
Size/MD5 checksum: 71536 a088766c3e795b062a612dc6d72a5c70
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge1_ia64.deb
Size/MD5 checksum: 173796 5b3790cc40b6e8d1663d6deef0ccab1c
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge1_ia64.deb
Size/MD5 checksum: 507240 c5145ec21236d9070a7a6336a980a89e

HP Precision architecture:

http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge1_hppa.deb
Size/MD5 checksum: 67900 20a19565eb92558559c0adf23c4c2d0f
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge1_hppa.deb
Size/MD5 checksum: 149158 29252ec2808c4d83e2479a33f11ae1a8
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge1_hppa.deb
Size/MD5 checksum: 423080 322a7f09ca9f9a237413dc773569c012

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge1_m68k.deb
Size/MD5 checksum: 65550 7596fb004730584bffca201e249ab649
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge1_m68k.deb
Size/MD5 checksum: 129726 6feecfc0d82581bc412ee9a438e1a29e
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge1_m68k.deb
Size/MD5 checksum: 242620 60cccf944698d0a8745374e235289604

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge1_mips.deb
Size/MD5 checksum: 71096 027aa05d9700dd5af662b781dcd9775b
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge1_mips.deb
Size/MD5 checksum: 149458 eeaf4aa326ae1b7564b2dda793734068
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge1_mips.deb
Size/MD5 checksum: 453900 69552406024cc032c557c524e783582f

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge1_mipsel.deb
Size/MD5 checksum: 71010 2326040662acc0699d767bae3bebd39f
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge1_mipsel.deb
Size/MD5 checksum: 150020 1e48ae6712dce580678651ec91663e8b
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge1_mipsel.deb
Size/MD5 checksum: 453972 e533c8ac5d80dbe2b7c70daf18085af7

PowerPC architecture:

http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge1_powerpc.deb
Size/MD5 checksum: 65978 05e9556e5750e669bec851420ab8f33f
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge1_powerpc.deb
Size/MD5 checksum: 147196 41bf9664a9d41b42feb3ecad65d301ed
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge1_powerpc.deb
Size/MD5 checksum: 406370 1c2d8185c20990c83c17167520a069a5

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge1_s390.deb
Size/MD5 checksum: 67110 6e0c2effc303c52f8ee6af6c2000d474
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge1_s390.deb
Size/MD5 checksum: 145748 11b35f1e0d8195a764ce017c2b1dc219
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge1_s390.deb
Size/MD5 checksum: 379132 b389239d7f14c30cd020254975ae9b7e

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge1_sparc.deb
Size/MD5 checksum: 65416 57c00592da329cec3c1ebdc1630a671f
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge1_sparc.deb
Size/MD5 checksum: 138136 12581a557519b123e3177e37877e2b0f
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge1_sparc.deb
Size/MD5 checksum: 274442 5f93b33ea1f6372e244c3c8dcc95a062


These files will probably be moved into the stable distribution on
its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDO5m0W5ql+IAeqTIRAkQJAJ9997RfpHBmsBwC/ywZTXTWE90PegCghMJH
Ky+REN/gU3d8WH435DPPhLk=
=eDV/
- -----END PGP SIGNATURE-----




4.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 824-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
September 29th, 2005 http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package : clamav
Vulnerability : infinite loop, buffer overflow
Problem type : remote
Debian-specific: no
CVE ID : CAN-2005-2919 CAN-2005-2920
Debian Bug : 328660

Two vulnerabilities have been discovered in Clam AntiVirus, the
antivirus scanner for Unix, designed for integration with mail servers
to perform attachment scanning. The following problems were
identified:

CAN-2005-2919

A potentially infinite loop could lead to a denial of service.

CAN-2005-2920

A buffer overflow could lead to a denial of service.

The old stable distribution (woody) does not contain ClamAV packages.

For the stable distribution (sarge) these problems have been fixed in
version 0.84-2.sarge.4.

For the unstable distribution (sid) these problems have been fixed in
version 0.87-1.

We recommend that you upgrade your clamav package.


Upgrade Instructions
- - --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4.dsc
Size/MD5 checksum: 872 1a1aaa3318ae10c6806f582588e307bb
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4.diff.gz
Size/MD5 checksum: 175215 e44e7c828b916a87c94985cf8eae3d13
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84.orig.tar.gz
Size/MD5 checksum: 4006624 c43213da01d510faf117daa9a4d5326c

Architecture independent components:

http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.84-2.sarge.4_all.deb
Size/MD5 checksum: 154302 764277db36650876f13658e2e5f0751b
http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.84-2.sarge.4_all.deb
Size/MD5 checksum: 689924 e5aba73a0a6f949f7ddf2e6efa6b0aeb
http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.84-2.sarge.4_all.deb
Size/MD5 checksum: 123298 5792bbcedba7c7b19b118976c23d7dff

Alpha architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_alpha.deb
Size/MD5 checksum: 74672 e6725d68591dd710cce840b8020647c9
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_alpha.deb
Size/MD5 checksum: 48792 ab341735b610360d211d93aae21f8c04
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_alpha.deb
Size/MD5 checksum: 2176364 57135c04ea09bb8571e1fcb31db492e0
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_alpha.deb
Size/MD5 checksum: 42112 d9881a7457c16df6c279e3de6715a8c1
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_alpha.deb
Size/MD5 checksum: 254516 d8dff4ba494bb9dcfa1a2be51c0b3a8c
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_alpha.deb
Size/MD5 checksum: 283868 4cf4e2c9a673c679af6d53cd19fd86e2

AMD64 architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_amd64.deb
Size/MD5 checksum: 68858 e1cf55557564afe9eb85b8028ed95576
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_amd64.deb
Size/MD5 checksum: 44188 f043d16b9b1fa8755fb27b97b24bfa6c
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_amd64.deb
Size/MD5 checksum: 2173194 9c1766d7351dea3e1c6529b77c03e3e4
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_amd64.deb
Size/MD5 checksum: 40006 2407a0b2ca24d6bf745c2bd9c509a7e8
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_amd64.deb
Size/MD5 checksum: 175354 2fb4df2228763488f9fbb5b6ae52d38e
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_amd64.deb
Size/MD5 checksum: 257910 ce9eef9c38187a70582528ef6a99f9e6

ARM architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_arm.deb
Size/MD5 checksum: 63824 d6cb239e323084cfc6b5a30f36a52c01
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_arm.deb
Size/MD5 checksum: 39520 76997f2c09141dfc517570f0c0f77598
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_arm.deb
Size/MD5 checksum: 2171212 6b64588c64a58e275b226a8289cbffd3
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_arm.deb
Size/MD5 checksum: 37304 8f29746edb67c02477b662b473ac4234
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_arm.deb
Size/MD5 checksum: 173526 02a315f3ad72931252a2fcfaf7682561
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_arm.deb
Size/MD5 checksum: 248328 7de5f21da6ebd76b9e6bce64b1935df9

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_i386.deb
Size/MD5 checksum: 65124 f53eadb97b80d0b2f7c8a8f6d15c7fcc
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_i386.deb
Size/MD5 checksum: 40194 11affc953259da108bb6ac9015703c9a
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_i386.deb
Size/MD5 checksum: 2171518 136c46a06385fbb5e8d896d642bc0f05
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_i386.deb
Size/MD5 checksum: 38030 ef402381cb175820ea4b0c01d2974b54
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_i386.deb
Size/MD5 checksum: 158546 89741c1bf059281f1ca2aa0dd7f40861
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_i386.deb
Size/MD5 checksum: 252594 60e13cb2197362fbda1d8d122b841cfe

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_ia64.deb
Size/MD5 checksum: 81706 8267ad55e4b5b58bf80911973a635e02
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_ia64.deb
Size/MD5 checksum: 55102 f90bc4bac2fed23429feecdbe92fb850
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_ia64.deb
Size/MD5 checksum: 2180084 0200268cac161cc694f2eb87e050521a
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_ia64.deb
Size/MD5 checksum: 49208 f143c1c98036aa4d404c8c9c9b533e33
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_ia64.deb
Size/MD5 checksum: 250412 12a7b80cc296d1825ff40c297f7b2592
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_ia64.deb
Size/MD5 checksum: 315812 a8e46a8c22ab740d51b80da4edcbde8d

HP Precision architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_hppa.deb
Size/MD5 checksum: 68182 9b08058ca6bdfc769a091c7c89a7ce64
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_hppa.deb
Size/MD5 checksum: 43234 4ebf553bf0a02e8179260d04c7dd7238
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_hppa.deb
Size/MD5 checksum: 2173616 d8d57d8b12fddd5c9ea61b5affdfb34e
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_hppa.deb
Size/MD5 checksum: 39450 adffa3c170aea391e410e997f57cf535
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_hppa.deb
Size/MD5 checksum: 201266 29b0927ba2b89df397423e6e520cfa1f
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_hppa.deb
Size/MD5 checksum: 281814 4916e2bb671314195cf51e50c375101d

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_m68k.deb
Size/MD5 checksum: 62456 f83ffc5a1b29336b95d29480976f3229
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_m68k.deb
Size/MD5 checksum: 38072 237a81f8ae94f568a7ab288b01d7294b
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_m68k.deb
Size/MD5 checksum: 2170454 38f3c19b1d3600361a3eff93b2c08924
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_m68k.deb
Size/MD5 checksum: 35068 d54fa55db1fe03921ce0e080946a3006
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_m68k.deb
Size/MD5 checksum: 145372 27ff086da84d8b2b7e1a7b5e0ec6faad
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_m68k.deb
Size/MD5 checksum: 249018 8ec76ffcdd22dc2216b29c0a5b0967b2

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_mips.deb
Size/MD5 checksum: 67858 ff8ac22975ec3987744b41635334032a
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_mips.deb
Size/MD5 checksum: 43674 3672906fe3fde3bc7a94ad54c47d07d4
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_mips.deb
Size/MD5 checksum: 2172970 a8580f8e196acba4d9d625c4cc423338
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_mips.deb
Size/MD5 checksum: 37670 ccdc395e404f330c20598d5b02ddaf49
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_mips.deb
Size/MD5 checksum: 194320 bb910353a34fea0942afab88a31d7dea
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_mips.deb
Size/MD5 checksum: 256088 7ec97820fa2470e7b58bf2d3b7d5c696

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_mipsel.deb
Size/MD5 checksum: 67478 b78451c1753da62285c74c07e0fe263f
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_mipsel.deb
Size/MD5 checksum: 43488 06e92d862ef6cd8a6ecd20f3537c4d7b
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_mipsel.deb
Size/MD5 checksum: 2172916 f5a1eee003eb3995b97fe10b4ea09809
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_mipsel.deb
Size/MD5 checksum: 37958 6cdc8361e786e419383ca407b287c65b
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_mipsel.deb
Size/MD5 checksum: 190670 c464b1c69c97529361b0317d5db6fdc5
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_mipsel.deb
Size/MD5 checksum: 253560 b892c53f46239ed94dc23d74c7958b06

PowerPC architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_powerpc.deb
Size/MD5 checksum: 69226 dd9cc43999a009d6df890de345a692cd
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_powerpc.deb
Size/MD5 checksum: 44584 58799c4b2e083df36b7a70d6b084d026
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_powerpc.deb
Size/MD5 checksum: 2173556 bb02308f91a0b63bb560db20973d28f7
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_powerpc.deb
Size/MD5 checksum: 38876 09a8c78537033a725fba8214735b5882
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_powerpc.deb
Size/MD5 checksum: 186618 459c027d740cf25932665586f55a68ff
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_powerpc.deb
Size/MD5 checksum: 263206 5a0fa00dd636ae40a62f0e02d63bc19b

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_s390.deb
Size/MD5 checksum: 67772 1ec4fd75cf9b37c1b124e14cad82d75e
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_s390.deb
Size/MD5 checksum: 43434 1e0ce0535300f7176e550df27af61097
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_s390.deb
Size/MD5 checksum: 2172868 3884882c922c7a32b4d486545400b384
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_s390.deb
Size/MD5 checksum: 38934 a85a83dfd24e7fd3ebb8236782273c36
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_s390.deb
Size/MD5 checksum: 181596 c419b59dc3bad8208f6d0c4ff9248e13
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_s390.deb
Size/MD5 checksum: 267778 00ea85457a4457d7539f9e939fa38524

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_sparc.deb
Size/MD5 checksum: 64334 9e1a24f503ce5d8ef70798f0dad6714a
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_sparc.deb
Size/MD5 checksum: 39392 7eaf2f1afd3bd2ab143f5b5f78cdd51b
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_sparc.deb
Size/MD5 checksum: 2171076 e9e6a7aa3e48315dd9905e407ed6b969
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_sparc.deb
Size/MD5 checksum: 36854 1d81507b5ee8ae42506dad08b6a9a452
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_sparc.deb
Size/MD5 checksum: 174900 a6a7fcfed104d7351832f7eba3b5e6b1
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_sparc.deb
Size/MD5 checksum: 263458 4f26cd6ff0466652766d7ce5ae183a63


These files will probably be moved into the stable distribution on
its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDO9c1W5ql+IAeqTIRAngGAJ0e0cAiQPXIm9Vi0Rp0cSYc8kRQEgCdG8vt
1IRu7XWrqRONnuYZ/JQkEIU=
=zeaO
- -----END PGP SIGNATURE-----



  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |