dcsimg
Linux Today: Linux News On Internet Time.





More on LinuxToday


Advisories, April 10, 2006

Apr 11, 2006, 03:45 (0 Talkback[s])

Debian GNU/Linux


Debian Security Advisory DSA 946-2 security@debian.org
http://www.debian.org/security/ Martin Schulze
April 8th, 2006 http://www.debian.org/security/faq


Package : sudo
Vulnerability : missing input sanitising Problem type : local
Debian-specific: no
CVE IDs : CVE-2005-4158 CVE-2006-0151
Debian Bug : 342948

The former correction to vulnerabilities in the sudo package worked fine but were too strict for some environments. Therefore we have reviewed the changes again and allowed some environment variables to go back into the privileged execution environment. Hence, this update.

The configuration option "env_reset" is now activated by default. It will preserve only the environment variables HOME, LOGNAME, PATH, SHELL, TERM, DISPLAY, XAUTHORITY, XAUTHORIZATION, LANG, LANGUAGE, LC_*, and USER in addition to the separate SUDO_* variables.

For completeness please find below the original advisory text:

It has been discovered that sudo, a privileged program, that provides limited super user privileges to specific users, passes several environment variables to the program that runs with elevated privileges. In the case of include paths (e.g. for Perl, Python, Ruby or other scripting languages) this can cause arbitrary code to be executed as privileged user if the attacker points to a manipulated version of a system library.

This update alters the former behaviour of sudo and limits the number of supported environment variables to LC_*, LANG, LANGUAGE and TERM. Additional variables are only passed through when set as env_check in /etc/sudoers, which might be required for some scripts to continue to work.

For the old stable distribution (woody) this problem has been fixed in version 1.6.6-1.6.

For the stable distribution (sarge) this problem has been fixed in version 1.6.8p7-1.4.

For the unstable distribution (sid) the same behaviour will be implemented soon.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.6.dsc
      Size/MD5 checksum: 589 fda4d1382149f25cfebf1699db73c2aa
    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.6.diff.gz
      Size/MD5 checksum: 14121 396faaedb67ff76a247a6946cae23d51
    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6.orig.tar.gz
      Size/MD5 checksum: 333074 4da4bf6cf31634cc7a17ec3b69fdc333

Alpha architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.6_alpha.deb
      Size/MD5 checksum: 152548 bbf4346a6956e646b5dd0c73059bb97c

ARM architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.6_arm.deb
      Size/MD5 checksum: 142328 3f58b32ce7cb6334c391e53da32e6fcd

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.6_i386.deb
      Size/MD5 checksum: 135988 90c493e545de6fb4e69041ff3adb5e64

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.6_ia64.deb
      Size/MD5 checksum: 173384 8db6ba716e87235971e32e87d03f2c40

HP Precision architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.6_hppa.deb
      Size/MD5 checksum: 148504 87976f60402cac2cee6e7d58f7dd63c8

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.6_m68k.deb
      Size/MD5 checksum: 133596 fe52aae580b7b0bc3ff9ac36012cede0

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.6_mips.deb
      Size/MD5 checksum: 145228 933f52b4795e5acd1d69a10d569165b5

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.6_mipsel.deb
      Size/MD5 checksum: 145094 a4d7a6bdb7f26c1f29494a11ccf97a74

PowerPC architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.6_powerpc.deb
      Size/MD5 checksum: 141508 fd135af083103859e484e52119464662

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.6_s390.deb
      Size/MD5 checksum: 141078 2b5d766cce3ca1b94539d4965e97c01b

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.6_sparc.deb
      Size/MD5 checksum: 143808 39b46d2ca3289c4f2bd7d0228fc4eef7

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.4.dsc
      Size/MD5 checksum: 573 40676c986431100eef088b1f3b3c1e03
    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.4.diff.gz
      Size/MD5 checksum: 21602 6cf5325a202a70e62c2a662e9de3d6c5
    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7.orig.tar.gz
      Size/MD5 checksum: 585302 ad65d24f20c736597360d242515e412c

Alpha architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.4_alpha.deb
      Size/MD5 checksum: 177688 64d7d8eb1188d58f197e121c55ce9ca0

AMD64 architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.4_amd64.deb
      Size/MD5 checksum: 171058 6870002928d01d45e0a5287cc2017a70

ARM architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.4_arm.deb
      Size/MD5 checksum: 164372 31031e0fc73dd4a1a6cc57a44b514f88

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.4_i386.deb
      Size/MD5 checksum: 160676 9eda34ab034ad6ab65e4f3ea1876015e

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.4_ia64.deb
      Size/MD5 checksum: 195934 1df26a3372ea03ac840a40266fbf48d6

HP Precision architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.4_hppa.deb
      Size/MD5 checksum: 171542 8e0ad3c6f597e27169864daf90eccb16

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.4_m68k.deb
      Size/MD5 checksum: 155874 900bed288f532882a0cccb798f871d77

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.4_mips.deb
      Size/MD5 checksum: 169346 0f2094e3a4c51c83e9975b57a48b15a2

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.4_mipsel.deb
      Size/MD5 checksum: 169392 6be4e3681b8dc4ddc9777ed1f186285f

PowerPC architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.4_powerpc.deb
      Size/MD5 checksum: 166290 76386481e58f6cfcd53c394877792950

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.4_s390.deb
      Size/MD5 checksum: 169100 bab22d31f43acc189ec97458f5047133

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.4_sparc.deb
      Size/MD5 checksum: 163168 e0cdf1a6ed38504a0b31904aa7c654cc

These files will probably be moved into the stable distribution on its next update.



Debian Security Advisory DSA 1028-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
March 7th, 2006 http://www.debian.org/security/faq


Package : libimager-perl
Vulnerability : programing error
Problem type : local (remote)
Debian-specific: no
CVE ID : CVE-2006-0053
Debian Bug : 359661

Kjetil Kjernsmo discovered a bug in libimager-perl, a Perl extension for generating 24 bit images, which can lead to a segmentation fault if it operates on 4-channel JPEG images.

The old stable distribution (woody) does not contain this package.

For the stable distribution (sarge) this problem has been fixed in version perl_0.44-1sarge1.

For the unstable distribution (sid) this problem has been fixed in version 5.0-1.

We recommend that you upgrade your libimager-perl package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.44-1sarge1.dsc
      Size/MD5 checksum: 761 c95db45742a6373bdb2807bf33073141
    http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.44-1sarge1.diff.gz
      Size/MD5 checksum: 2786 7ae8aa675c1b894683bc15ac971c7db8
    http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.44.orig.tar.gz
      Size/MD5 checksum: 586239 0e4f53fb78473f5f8b554b112b92002d

Alpha architecture:

    http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.44-1sarge1_alpha.deb
      Size/MD5 checksum: 488534 b03dd9d48a959751e6bef2be85d8106e

AMD64 architecture:

    http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.44-1sarge1_amd64.deb
      Size/MD5 checksum: 453446 bb3d5d11df1d19b60c4fe0eb6f9f0d36

ARM architecture:

    http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.44-1sarge1_arm.deb
      Size/MD5 checksum: 433266 c5cac7115dcd93dae4a1d89aa0e9e12f

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.44-1sarge1_i386.deb
      Size/MD5 checksum: 452614 26b7ae6ddb8723d1888c8bfafff578ba

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.44-1sarge1_ia64.deb
      Size/MD5 checksum: 543750 b20b3a53fbfa8e32777be00d1c8b47f5

HP Precision architecture:

    http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.44-1sarge1_hppa.deb
      Size/MD5 checksum: 469220 1bd6e89a2688a354593558f50e23f70b

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.44-1sarge1_m68k.deb
      Size/MD5 checksum: 432016 5eb3bcd77dcf6362ae8eb5e6c34b2c2e

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.44-1sarge1_mips.deb
      Size/MD5 checksum: 411872 eaf737ff5311c8116c029e1f1dc8028c

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.44-1sarge1_mipsel.deb
      Size/MD5 checksum: 412756 54a745933c063daf82903acdfd4c46c1

PowerPC architecture:

    http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.44-1sarge1_powerpc.deb
      Size/MD5 checksum: 462190 1e5d3f5da630a2d89ae3b5cf6181da70

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.44-1sarge1_s390.deb
      Size/MD5 checksum: 413442 619a0da3c90ab1b989a50b0ebe0cf83c

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.44-1sarge1_sparc.deb
      Size/MD5 checksum: 449508 d716b3120c2747e3f81a41e88afe1ef4

These files will probably be moved into the stable distribution on its next update.



Debian Security Advisory DSA 1029-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
April 8th, 2006 http://www.debian.org/security/faq


Package : libphp-adodb
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2006-0146 CVE-2006-0147 CVE-2006-0410 CVE-2006-0806 BugTraq IDs : 16187 16364 16720
Debian Bugs : 349985 358872

Several vulnerabilities have been discovered in libphp-adodb, the 'adodb' database abstraction layer for PHP. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2006-0146

Andreas Sandblad discovered that improper user input sanitisation results in a potential remote SQL injection vulnerability enabling an attacker to compromise applications, access or modify data, or exploit vulnerabilities in the underlying database implementation. This requires the MySQL root password to be empty. It is fixed by limiting access to the script in question.

CVE-2006-0147

A dynamic code evaluation vulnerability allows remote attackers to execute arbitrary PHP functions via the 'do' parameter.

CVE-2006-0410

Andy Staudacher discovered an SQL injection vulnerability due to insufficient input sanitising that allows remote attackers to execute arbitrary SQL commands.

CVE-2006-0806

GulfTech Security Research discovered multiple cross-site scripting vulnerabilities due to improper user-supplied input sanitisation. Attackers can exploit these vulnerabilities to cause arbitrary scripts to be executed in the browser of an unsuspecting user's machine, or result in the theft of cookie-based authentication credentials.

For the old stable distribution (woody) these problems have been fixed in version 1.51-1.2.

For the stable distribution (sarge) these problems have been fixed in version 4.52-1sarge1.

For the unstable distribution (sid) these problems have been fixed in version 4.72-0.1.

We recommend that you upgrade your libphp-adodb package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

    http://security.debian.org/pool/updates/main/libp/libphp-adodb/libphp-adodb_1.51-1.2.dsc
      Size/MD5 checksum: 548 3d374bc44425b7ba258eb8129d02349c
    http://security.debian.org/pool/updates/main/libp/libphp-adodb/libphp-adodb_1.51-1.2.diff.gz
      Size/MD5 checksum: 2404 9e579561939b10fda54f313294407007
    http://security.debian.org/pool/updates/main/libp/libphp-adodb/libphp-adodb_1.51.orig.tar.gz
      Size/MD5 checksum: 104759 37c041d0c73b3aa4aa7e1800f9fcd4ff

Architecture independent components:

    http://security.debian.org/pool/updates/main/libp/libphp-adodb/libphp-adodb_1.51-1.2_all.deb
      Size/MD5 checksum: 104364 e241aeaab484de2b786ac639252f71ca

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/libp/libphp-adodb/libphp-adodb_4.52-1sarge1.dsc
      Size/MD5 checksum: 608 d4cc684374fcd789138f695142ef6042
    http://security.debian.org/pool/updates/main/libp/libphp-adodb/libphp-adodb_4.52-1sarge1.diff.gz
      Size/MD5 checksum: 7746 a8e033f1770717a8990ed498f477dc21
    http://security.debian.org/pool/updates/main/libp/libphp-adodb/libphp-adodb_4.52.orig.tar.gz
      Size/MD5 checksum: 375443 427ff438939924b32d538eeca4b73743

Architecture independent components:

    http://security.debian.org/pool/updates/main/libp/libphp-adodb/libphp-adodb_4.52-1sarge1_all.deb
      Size/MD5 checksum: 349856 0ad35b7081f80aa31e44ff6f1473d960

These files will probably be moved into the stable distribution on its next update.



Debian Security Advisory DSA 1030-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
April 8th, 2006 http://www.debian.org/security/faq


Package : moodle
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2006-0146 CVE-2006-0147 CVE-2006-0410 CVE-2006-0806
BugTraq IDs : 16187 16364 16720
Debian Bugs : 349985 358872

Several vulnerabilities have been discovered in libphp-adodb, the 'adodb' database abstraction layer for PHP, which is embedded in moodle, a course management system for online learning. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2006-0146

Andreas Sandblad discovered that improper user input sanitisation results in a potential remote SQL injection vulnerability enabling an attacker to compromise applications, access or modify data, or exploit vulnerabilities in the underlying database implementation. This requires the MySQL root password to be empty. It is fixed by limiting access to the script in question.

CVE-2006-0147

A dynamic code evaluation vulnerability allows remote attackers to execute arbitrary PHP functions via the 'do' parameter.

CVE-2006-0410

Andy Staudacher discovered an SQL injection vulnerability due to insufficient input sanitising that allows remote attackers to execute arbitrary SQL commands.

CVE-2006-0806

GulfTech Security Research discovered multiple cross-site scripting vulnerabilities due to improper user-supplied input sanitisation. Attackers can exploit these vulnerabilities to cause arbitrary scripts to be executed in the browser of an unsuspecting user's machine, or result in the theft of cookie-based authentication credentials.

The old stable distribution (woody) does not contain moodle packages.

For the stable distribution (sarge) these problems have been fixed in version 1.4.4.dfsg.1-3sarge1.

For the unstable distribution these problems will be fixed soon.

We recommend that you upgrade your moodle package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/m/moodle/moodle_1.4.4.dfsg.1-3sarge1.dsc
      Size/MD5 checksum: 616 5d572ce0e8c11034e62fd3a20b0f9d67
    http://security.debian.org/pool/updates/main/m/moodle/moodle_1.4.4.dfsg.1-3sarge1.diff.gz
      Size/MD5 checksum: 12159 2868972a9a5b94eb9d8a2575e7fc4937
    http://security.debian.org/pool/updates/main/m/moodle/moodle_1.4.4.dfsg.1.orig.tar.gz
      Size/MD5 checksum: 9717561 50f0618c0711a7eed3725fea0dd45109

Architecture independent components:

    http://security.debian.org/pool/updates/main/m/moodle/moodle_1.4.4.dfsg.1-3sarge1_all.deb
      Size/MD5 checksum: 9161960 caabcd722dd1a202e95d1bae8c751bf4

These files will probably be moved into the stable distribution on its next update.



Debian Security Advisory DSA 1031-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
April 8th, 2006 http://www.debian.org/security/faq


Package : cacti
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2006-0146 CVE-2006-0147 CVE-2006-0410 CVE-2006-0806
BugTraq IDs : 16187 16364 16720
Debian Bugs : 349985 358872

Several vulnerabilities have been discovered in libphp-adodb, the 'adodb' database abstraction layer for PHP, which is embedded in cacti, a frontend to rrdtool for monitoring systems and services. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2006-0146

Andreas Sandblad discovered that improper user input sanitisation results in a potential remote SQL injection vulnerability enabling an attacker to compromise applications, access or modify data, or exploit vulnerabilities in the underlying database implementation. This requires the MySQL root password to be empty. It is fixed by limiting access to the script in question.

CVE-2006-0147

A dynamic code evaluation vulnerability allows remote attackers to execute arbitrary PHP functions via the 'do' parameter.

CVE-2006-0410

Andy Staudacher discovered an SQL injection vulnerability due to insufficient input sanitising that allows remote attackers to execute arbitrary SQL commands.

CVE-2006-0806

GulfTech Security Research discovered multiple cross-site scripting vulnerabilities due to improper user-supplied input sanitisation. Attackers can exploit these vulnerabilities to cause arbitrary scripts to be executed in the browser of an unsuspecting user's machine, or result in the theft of cookie-based authentication credentials.

The old stable distribution (woody) is not affected by these problems.

For the stable distribution (sarge) these problems have been fixed in version 0.8.6c-7sarge3.

For the unstable distribution these problems will be fixed soon.

We recommend that you upgrade your cacti package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6c-7sarge3.dsc
      Size/MD5 checksum: 597 9ad5bc63bba985893a14044dd5b37592
    http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6c-7sarge3.diff.gz
      Size/MD5 checksum: 43881 b9c59a54f46b820480f4ee4fb7402074
    http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6c.orig.tar.gz
      Size/MD5 checksum: 1046586 b4130300f671e773ebea3b8f715912c1

Architecture independent components:

    http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6c-7sarge3_all.deb
      Size/MD5 checksum: 1058818 afe7c7131aacf8eaaaee0a3c39933834

These files will probably be moved into the stable distribution on its next update.


For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

Gentoo Linux


Gentoo Linux Security Advisory GLSA 200604-06

http://security.gentoo.org/


Severity: High
Title: ClamAV: Multiple vulnerabilities
Date: April 07, 2006
Bugs: #128963
ID: 200604-06


Synopsis

ClamAV contains multiple vulnerabilities that could lead to remote execution of arbitrary code or cause an application crash.

Background

ClamAV is a GPL virus scanner.

Affected packages


     Package               /  Vulnerable  /                 Unaffected

  1  app-antivirus/clamav      < 0.88.1                      >= 0.88.1

Description

ClamAV contains format string vulnerabilities in the logging code (CVE-2006-1615). Furthermore Damian Put discovered an integer overflow in ClamAV's PE header parser (CVE-2006-1614) and David Luyer discovered that ClamAV can be tricked into performing an invalid memory access (CVE-2006-1630).

Impact

By sending a malicious attachment to a mail server running ClamAV, a remote attacker could cause a Denial of Service or the execution of arbitrary code. Note that the overflow in the PE header parser is only exploitable when the ArchiveMaxFileSize option is disabled.

Workaround

There is no known workaround at this time.

Resolution

All ClamAV users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.88.1"

References

[ 1 ] CVE-2006-1614

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1614

[ 2 ] CVE-2006-1615

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1615

[ 3 ] CVE-2006-1630

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1630

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200604-06.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Mandriva Linux


Mandriva Linux Security Advisory MDKSA-2006:067
http://www.mandriva.com/security/


Package : clamav
Date : April 7, 2006
Affected: 10.2, 2006.0, Corporate 3.0


Problem Description:

Damian Put discovered an integer overflow in the PE header parser in ClamAV that could be exploited if the ArchiveMaxFileSize option was disabled (CVE-2006-1614).

Format strings in the logging code could possibly lead to the execution of arbitrary code (CVE-2006-1615).

David Luyer found that ClamAV could be tricked into an invalid memory access in the cli_bitset_set() function, which could lead to a Denial of Service (CVE-2006-1630).

This update provides ClamAV 0.88.1 which corrects this issue and also fixes some other bugs.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1614
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1615
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1630


Updated Packages:

Mandriva Linux 10.2:
78af90cdd26037ecc4753cc223ef1b46 10.2/RPMS/clamav-0.88.1-0.1.102mdk.i586.rpm
386742ea0d3fa49e7d4116c883632c40 10.2/RPMS/clamav-db-0.88.1-0.1.102mdk.i586.rpm
162bac111e036526638c9556404f84ef 10.2/RPMS/clamav-milter-0.88.1-0.1.102mdk.i586.rpm
790cae6bca4f206d0d41ccdc9aab4172 10.2/RPMS/clamd-0.88.1-0.1.102mdk.i586.rpm
f4ec987f6de8dbe0fa0a370a8513576c 10.2/RPMS/libclamav1-0.88.1-0.1.102mdk.i586.rpm
4cf47fde81840efb4c17e24181587fad 10.2/RPMS/libclamav1-devel-0.88.1-0.1.102mdk.i586.rpm
4ae4f91cb63670f018c84644685708d1 10.2/SRPMS/clamav-0.88.1-0.1.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
d67ab22811cc7329d889fd2953ff98e4 x86_64/10.2/RPMS/clamav-0.88.1-0.1.102mdk.x86_64.rpm
1750f5d9e63d9e37a170114cee64fe7f x86_64/10.2/RPMS/clamav-db-0.88.1-0.1.102mdk.x86_64.rpm
28310e3fb5eba18cb1312591ee94b747 x86_64/10.2/RPMS/clamav-milter-0.88.1-0.1.102mdk.x86_64.rpm
afa8503930c109873deb561d0bf19637 x86_64/10.2/RPMS/clamd-0.88.1-0.1.102mdk.x86_64.rpm
90b6e2108b96abc940309dbdf277c15b x86_64/10.2/RPMS/lib64clamav1-0.88.1-0.1.102mdk.x86_64.rpm
53b7e0d8aa707a2679121c1ee3e3a68d x86_64/10.2/RPMS/lib64clamav1-devel-0.88.1-0.1.102mdk.x86_64.rpm
4ae4f91cb63670f018c84644685708d1 x86_64/10.2/SRPMS/clamav-0.88.1-0.1.102mdk.src.rpm

Mandriva Linux 2006.0:
604deb9acc669892e83889e21003da72 2006.0/RPMS/clamav-0.88.1-0.1.20060mdk.i586.rpm
130c0cd5592f794dff01c816da87a22c 2006.0/RPMS/clamav-db-0.88.1-0.1.20060mdk.i586.rpm
c70b05eb926c8de70e8c61404ffe878d 2006.0/RPMS/clamav-milter-0.88.1-0.1.20060mdk.i586.rpm
744662b01972ca7d4e8cf319778f5e70 2006.0/RPMS/clamd-0.88.1-0.1.20060mdk.i586.rpm
b33e83e43cf31b1cf8b01d4ae0140cb6 2006.0/RPMS/libclamav1-0.88.1-0.1.20060mdk.i586.rpm
494e3c588012bb49c7539379a1ed7d04 2006.0/RPMS/libclamav1-devel-0.88.1-0.1.20060mdk.i586.rpm
ee0dad2e6693a49018772d523b31caf7 2006.0/SRPMS/clamav-0.88.1-0.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
9ed21b8dfaf3cc0e97642c01a60cb77e x86_64/2006.0/RPMS/clamav-0.88.1-0.1.20060mdk.x86_64.rpm
6c9774f949aa4d6543fe73465fa18fd3 x86_64/2006.0/RPMS/clamav-db-0.88.1-0.1.20060mdk.x86_64.rpm
7da7ff8ca78611296e2a9deeb13f3c21 x86_64/2006.0/RPMS/clamav-milter-0.88.1-0.1.20060mdk.x86_64.rpm
0cdd6ea74f17fb4179d86005a0ee74a0 x86_64/2006.0/RPMS/clamd-0.88.1-0.1.20060mdk.x86_64.rpm
e029708922271f57d28fb04fbfbc670e x86_64/2006.0/RPMS/lib64clamav1-0.88.1-0.1.20060mdk.x86_64.rpm
0c6075c66b0fc5aa791d661e4b356f7e x86_64/2006.0/RPMS/lib64clamav1-devel-0.88.1-0.1.20060mdk.x86_64.rpm
ee0dad2e6693a49018772d523b31caf7 x86_64/2006.0/SRPMS/clamav-0.88.1-0.1.20060mdk.src.rpm

Corporate 3.0:
338f4fde8dc1b3c025a0aafe7e3f1d16 corporate/3.0/RPMS/clamav-0.88.1-0.1.C30mdk.i586.rpm
0b103f86de58322decb7eab357ae8303 corporate/3.0/RPMS/clamav-db-0.88.1-0.1.C30mdk.i586.rpm
872ff963443a695f7339925e17751fb4 corporate/3.0/RPMS/clamav-milter-0.88.1-0.1.C30mdk.i586.rpm
4398815889ab571ef8a88aaa1cd96d0c corporate/3.0/RPMS/clamd-0.88.1-0.1.C30mdk.i586.rpm
422f5145947d02532671885b115a6ef6 corporate/3.0/RPMS/libclamav1-0.88.1-0.1.C30mdk.i586.rpm
8b14d93a15408fb129c66d1395c3595c corporate/3.0/RPMS/libclamav1-devel-0.88.1-0.1.C30mdk.i586.rpm
ad723ef00c23c3b8c36be5aee40abb15 corporate/3.0/SRPMS/clamav-0.88.1-0.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
01fd41e817e1d96789b1b9dc43cbd760 x86_64/corporate/3.0/RPMS/clamav-0.88.1-0.1.C30mdk.x86_64.rpm
434648110ef5603f85049ae02e44b7e4 x86_64/corporate/3.0/RPMS/clamav-db-0.88.1-0.1.C30mdk.x86_64.rpm
10a1d45e5d53d170112b1698fcdb66ba x86_64/corporate/3.0/RPMS/clamav-milter-0.88.1-0.1.C30mdk.x86_64.rpm
c1f38d2e0d753997b096c5e0fbf4f575 x86_64/corporate/3.0/RPMS/clamd-0.88.1-0.1.C30mdk.x86_64.rpm
b1bd0032ab359f4a25b48675df76e1be x86_64/corporate/3.0/RPMS/lib64clamav1-0.88.1-0.1.C30mdk.x86_64.rpm
bc9dfa91d651edaf6957def3c502ec21 x86_64/corporate/3.0/RPMS/lib64clamav1-devel-0.88.1-0.1.C30mdk.x86_64.rpm
ad723ef00c23c3b8c36be5aee40abb15 x86_64/corporate/3.0/SRPMS/clamav-0.88.1-0.1.C30mdk.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>


Mandriva Linux Security Advisory MDKSA-2006:068
http://www.mandriva.com/security/


Package : mplayer
Date : April 7, 2006
Affected: 2006.0, Corporate 3.0


Problem Description:

Multiple integer overflows in MPlayer 1.0pre7try2 allow remote attackers to cause a denial of service and trigger heap-based buffer overflows via (1) a certain ASF file handled by asfheader.c that causes the asf_descrambling function to be passed a negative integer after the conversion from a char to an int or (2) an AVI file with a crafted wLongsPerEntry or nEntriesInUse value in the indx chunk, which is handled in aviheader.c.

The updated packages have been patched to prevent this problem.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1502


Updated Packages:

Mandriva Linux 2006.0:
03c437640874758ea658eff341005320 2006.0/RPMS/libdha1.0-1.0-1.pre7.12.3.20060mdk.i586.rpm
a2b8e4aabaafd0c884eb659f6cd0feaf 2006.0/RPMS/libpostproc0-1.0-1.pre7.12.3.20060mdk.i586.rpm
d1676891039ac155896170842f97ed40 2006.0/RPMS/libpostproc0-devel-1.0-1.pre7.12.3.20060mdk.i586.rpm
28fca9318c85691868955113a8c7808b 2006.0/RPMS/mencoder-1.0-1.pre7.12.3.20060mdk.i586.rpm
7c16c92c8ed358e216dacab0b018278b 2006.0/RPMS/mplayer-1.0-1.pre7.12.3.20060mdk.i586.rpm
5a3ff20ed2086148e600d0f1a88e1ef2 2006.0/RPMS/mplayer-gui-1.0-1.pre7.12.3.20060mdk.i586.rpm
b427ac400ce812c26d4a72b9fb0dd20c 2006.0/SRPMS/mplayer-1.0-1.pre7.12.3.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
e0e4cfa862c584978ed8ac02f2be19a0 x86_64/2006.0/RPMS/lib64postproc0-1.0-1.pre7.12.3.20060mdk.x86_64.rpm
a12a7da30ba364ded2558b17ce961ca9 x86_64/2006.0/RPMS/lib64postproc0-devel-1.0-1.pre7.12.3.20060mdk.x86_64.rpm
a0716acb06f3473646a6077f8fb0684c x86_64/2006.0/RPMS/mencoder-1.0-1.pre7.12.3.20060mdk.x86_64.rpm
2e1e0b7cd6ce8c13f80d4de208550268 x86_64/2006.0/RPMS/mplayer-1.0-1.pre7.12.3.20060mdk.x86_64.rpm
74e8472e651326cf569f912c76548a80 x86_64/2006.0/RPMS/mplayer-gui-1.0-1.pre7.12.3.20060mdk.x86_64.rpm
b427ac400ce812c26d4a72b9fb0dd20c x86_64/2006.0/SRPMS/mplayer-1.0-1.pre7.12.3.20060mdk.src.rpm

Corporate 3.0:
e96a39ec87ce97b97a3ccc10b7ea80cc corporate/3.0/RPMS/libdha0.1-1.0-0.pre3.14.7.C30mdk.i586.rpm
6466d0a2b2a01ddf3bb4d25f477e8fb6 corporate/3.0/RPMS/libpostproc0-1.0-0.pre3.14.7.C30mdk.i586.rpm
ac89e6c99a5f83217bf0633661d035e1 corporate/3.0/RPMS/libpostproc0-devel-1.0-0.pre3.14.7.C30mdk.i586.rpm
301733fd13558987b64c3404cbe992d6 corporate/3.0/RPMS/mencoder-1.0-0.pre3.14.7.C30mdk.i586.rpm
ff5e64d0353c5047711b71a472816b20 corporate/3.0/RPMS/mplayer-1.0-0.pre3.14.7.C30mdk.i586.rpm
92337dd6b2c24822e0473a9f89680163 corporate/3.0/RPMS/mplayer-gui-1.0-0.pre3.14.7.C30mdk.i586.rpm
70e6a51230bf28e9215b0036f3290d55 corporate/3.0/SRPMS/mplayer-1.0-0.pre3.14.7.C30mdk.src.rpm

Corporate 3.0/X86_64:
7d84b489e9df376ef008a309f0da66c7 x86_64/corporate/3.0/RPMS/lib64postproc0-1.0-0.pre3.14.7.C30mdk.x86_64.rpm
f9003ffa5f6b32b6d677208d71bebf11 x86_64/corporate/3.0/RPMS/lib64postproc0-devel-1.0-0.pre3.14.7.C30mdk.x86_64.rpm
5363a56acd413b4e93f22897eaf38c2b x86_64/corporate/3.0/RPMS/mencoder-1.0-0.pre3.14.7.C30mdk.x86_64.rpm
1c493d2eddd5cc94b1d32cdc52f16ca1 x86_64/corporate/3.0/RPMS/mplayer-1.0-0.pre3.14.7.C30mdk.x86_64.rpm
b58a53a83e69fc98a739c447272c2174 x86_64/corporate/3.0/RPMS/mplayer-gui-1.0-0.pre3.14.7.C30mdk.x86_64.rpm
70e6a51230bf28e9215b0036f3290d55 x86_64/corporate/3.0/SRPMS/mplayer-1.0-0.pre3.14.7.C30mdk.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>