[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debian-users:47478] [Translate] [SECURITY] [DSA 1196-1] New clamav packages fix arbitrary code execution



かねこです。
URL 等は Debian-security-announce メーリングリストの元記事を確認
ください。

------>8------------>8------------>8------------>8------------>8-
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1196-1                    security@debian.org
http://www.debian.org/security/                         Moritz Muehlenhoff
October 19th, 2006                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : clamav
Vulnerability  : 複数
Problem-Type   : リモート
Debian-specific: いいえ
CVE ID         : CVE-2006-4182 CVE-2006-5295

ClamAV マルウェアスキャンエンジンに、任意コード実行の可能性に繋がる複数の
リモートから攻撃可能な問題が発見されました。The Common Vulnerabilities
and Exposures project では以下の問題を認識しています。

CVE-2006-4182

    Damian Put さんにより、PE ファイルをリビルドするスクリプトにヒープオ
    ーバフローが発見されました。この欠陥は任意コード実行に繋がる可能性が
    あります。

CVE-2006-5295

    Damian Putさんにより、CHM 処理コードに入力のサニタイズが抜けているた
    め、サービス拒否攻撃の可能性があることが発見されました。


安定版  (stable) ディストリビューション (sarge) では、これらの問題はバージ
ョン 0.84-2.sarge.11 で修正されています。技術的問題により、sparc アーキテ
クチャ向けの更新はまだ提供されていませんが、近く提供の予定です。

不安定版 (unstable) ディストリビューション (sid) では、これらの問題はバー
ジョン 0.88.5-1 で修正されています。

直ぐに clamav パッケージをアップグレードすることを勧めます。


アップグレード手順
------------------

wget url
        	でファイルを取得できます。
dpkg -i file.deb
                で参照されたファイルをインストールできます。

apt-get パッケージマネージャを用いている場合には、本メールのフッタ記載の
行を sources.list に加えて、

apt-get update
        を実行して内部データベースを更新し、
apt-get upgrade
        によって修正されたパッケージをインストールしてください。

本メールのフッタ記載の設定を自ホストの設定に加えることにより、自動更新を
行うこともできます。



Debian GNU/Linux 3.1 愛称 sarge
- --------------------------------

  ソースアーカイブ:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.11.dsc
      Size/MD5 checksum:      874 28ac6ad45d008a1a40f1043ce208f7e9
    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.11.diff.gz
      Size/MD5 checksum:   176562 4b0c191cf10e3184baee4004c7992b09
    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84.orig.tar.gz
      Size/MD5 checksum:  4006624 c43213da01d510faf117daa9a4d5326c

  Architecture independent components:

    http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.84-2.sarge.11_all.deb
      Size/MD5 checksum:   154890 32b1629d649ed6168dd411e0458cca08
    http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.84-2.sarge.11_all.deb
      Size/MD5 checksum:   694414 e8160f6502023138511d613240ff8a7a
    http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.84-2.sarge.11_all.deb
      Size/MD5 checksum:   123884 82b26302a2c4697b7d58825dd64149c3

  Alpha architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.11_alpha.deb
      Size/MD5 checksum:    74768 39a1eb656cb857019708e6a9f13e6670
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.11_alpha.deb
      Size/MD5 checksum:    48830 de988902ce6b7a56b0f72daa6e113614
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.11_alpha.deb
      Size/MD5 checksum:  2176452 e16e6c071d0233820855fb4777b90a7d
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.11_alpha.deb
      Size/MD5 checksum:    42120 fa4bd16b77814caf48f9c32e5ebf10f4
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.11_alpha.deb
      Size/MD5 checksum:   255774 19ff1809f543ca8aadb819be4b879f44
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.11_alpha.deb
      Size/MD5 checksum:   285586 e33630652b74d4a2ddb1c936daf4a7ec

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.11_amd64.deb
      Size/MD5 checksum:    68850 03fd7d2e437ef1d337236884289f9cfd
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.11_amd64.deb
      Size/MD5 checksum:    44186 3b44c71024838a3d9e367807fe8664dd
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.11_amd64.deb
      Size/MD5 checksum:  2173268 f41d15ff5a51f3aa601d8bc1f5ddad6a
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.11_amd64.deb
      Size/MD5 checksum:    39988 3ae59e939bb67cb743c655089d7c66a7
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.11_amd64.deb
      Size/MD5 checksum:   176496 bb458a66c0422f2c567e0f5bc0db6fc0
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.11_amd64.deb
      Size/MD5 checksum:   259796 ace9bd92aec68b79785d812112df3b8c

  ARM architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.11_arm.deb
      Size/MD5 checksum:    63924 13852fbd45ab407a4d12529d3c9af7d1
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.11_arm.deb
      Size/MD5 checksum:    39600 c11f5ed1c7d9867e2d3c8feebffeafc7
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.11_arm.deb
      Size/MD5 checksum:  2171292 a28d43cf47bbf88d6eb750eb32b318ee
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.11_arm.deb
      Size/MD5 checksum:    37314 c12fda2e2e2d6d35ca7b7907e8276cd6
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.11_arm.deb
      Size/MD5 checksum:   174878 4685182160e39404d8f15fe249b64a5e
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.11_arm.deb
      Size/MD5 checksum:   249784 0f7eeccd53136dcd6bb78ea6020e73b0

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.11_hppa.deb
      Size/MD5 checksum:    68278 35e8f30df61e0c77fd22b8c02e2f6ebb
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.11_hppa.deb
      Size/MD5 checksum:    43282 c0d8fe7883d6d4aff3824549bb221e89
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.11_hppa.deb
      Size/MD5 checksum:  2173730 4b003090224b6fedf73abd38a1a32eb2
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.11_hppa.deb
      Size/MD5 checksum:    39456 33b5e0dbc1dc6aff76b0b5f4164b8256
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.11_hppa.deb
      Size/MD5 checksum:   202698 75ddd21a939d57b35a0f2256bf0d99f7
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.11_hppa.deb
      Size/MD5 checksum:   283454 82057fdf8dca950c4dd3a72b5b6f811a

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.11_i386.deb
      Size/MD5 checksum:    65200 a945220bc5697dece23aafc00fed3d5f
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.11_i386.deb
      Size/MD5 checksum:    40308 60923ec7ee8c7b86881f4e5389cf43cb
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.11_i386.deb
      Size/MD5 checksum:  2171624 59374c11897bcaf9f3dc7c71bcb6fa56
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.11_i386.deb
      Size/MD5 checksum:    38038 05b67aee86f2c60105806ad74d77e32d
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.11_i386.deb
      Size/MD5 checksum:   159720 074ef1d4d28391d2eb394ea24c702e78
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.11_i386.deb
      Size/MD5 checksum:   254468 a80e82dfeb22354d3623a40e85fbbcc6

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.11_ia64.deb
      Size/MD5 checksum:    81828 c46f0b2c499e816a3cb440d0651a2b55
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.11_ia64.deb
      Size/MD5 checksum:    55246 7a442d4f53746822fe60cb1628730d00
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.11_ia64.deb
      Size/MD5 checksum:  2180272 33333853b7919432646bcfdae6abd54c
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.11_ia64.deb
      Size/MD5 checksum:    49190 53a172cf4d463f4e1650d33b4851e832
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.11_ia64.deb
      Size/MD5 checksum:   252174 8e184d5dba13b625ae0e44e89485c6a7
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.11_ia64.deb
      Size/MD5 checksum:   317870 2222c0d7e5cf059381ebd9a151b8a5af

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.11_m68k.deb
      Size/MD5 checksum:    62518 7f0f240a3ecc077fc140e88bac5b1fe8
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.11_m68k.deb
      Size/MD5 checksum:    38194 06f87cf4f5bcccf1f8d8b1099bef70d3
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.11_m68k.deb
      Size/MD5 checksum:  2170504 809d90d8aedaa980866431ffa90a28aa
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.11_m68k.deb
      Size/MD5 checksum:    35070 02f5faec5ab1070cb09e5488d24d910b
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.11_m68k.deb
      Size/MD5 checksum:   146328 99c2e58e91dbbf20c126b29f0af6bc2c
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.11_m68k.deb
      Size/MD5 checksum:   250494 87ad44430613edb59b8b8d300786a8b7

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.11_mips.deb
      Size/MD5 checksum:    67956 2e78155905e710e6b0ff27b53e45f269
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.11_mips.deb
      Size/MD5 checksum:    43800 fb236f7c6cf785d6a55aae1a4515338a
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.11_mips.deb
      Size/MD5 checksum:  2173046 ac2d5755af45a3d4a0c20c29508066c8
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.11_mips.deb
      Size/MD5 checksum:    37668 48b4aa4c897d00929da982ef07c8a15a
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.11_mips.deb
      Size/MD5 checksum:   195568 bb600d223c0b65faa1b646df27dc7e74
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.11_mips.deb
      Size/MD5 checksum:   257606 679b4cce53bcc33e8ac10650aff4c5a0

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.11_mipsel.deb
      Size/MD5 checksum:    67556 4520d58dd04533e2777f3cca4975a4d3
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.11_mipsel.deb
      Size/MD5 checksum:    43598 92da7fbb103c7a1c37b05522ae1e19a2
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.11_mipsel.deb
      Size/MD5 checksum:  2173008 e6745c1d5156d5cfca2dac85be5f1423
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.11_mipsel.deb
      Size/MD5 checksum:    37954 95d22e916f84828d555c5d13674e5d4c
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.11_mipsel.deb
      Size/MD5 checksum:   191974 604b00ff88ac5373c196248e906beb0d
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.11_mipsel.deb
      Size/MD5 checksum:   255282 e904a9e0a41a5256e36fc71781135f05

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.11_powerpc.deb
      Size/MD5 checksum:    69294 07c0764302ddd5a9140581c6ede04487
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.11_powerpc.deb
      Size/MD5 checksum:    44674 8c9d17ca61c993632aa25da98c8b6cef
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.11_powerpc.deb
      Size/MD5 checksum:  2173668 5a591aa69f1d101cfce0597398c25ae6
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.11_powerpc.deb
      Size/MD5 checksum:    38870 8ea03838330fa3c56482e2f343c5431a
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.11_powerpc.deb
      Size/MD5 checksum:   187714 10bc94cec5fa66dcff4c76f49ba2e3c1
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.11_powerpc.deb
      Size/MD5 checksum:   264980 c5452abaf240f6f8d927ef69ea29d0b5

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.11_s390.deb
      Size/MD5 checksum:    67898 68e72a9d5ac378fc62e1cd6bb076da18
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.11_s390.deb
      Size/MD5 checksum:    43554 207dcf7c5897971f44c5afbed4b660e5
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.11_s390.deb
      Size/MD5 checksum:  2172956 7408bb7618f0b0d4b984e009b15e3a34
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.11_s390.deb
      Size/MD5 checksum:    38932 dc9a5cc5dfcbd829dc65811713d84ba8
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.11_s390.deb
      Size/MD5 checksum:   182686 a743f6f9a8dd3aa06e51c168e6a78cf2
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.11_s390.deb
      Size/MD5 checksum:   269600 382c4a08915ddc6d50208aeb9468bdab


  これらのファイルは次の版の安定版リリース時そちらに移されます。


- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
------>8------------>8------------>8------------>8------------>8-
-- 
Seiji Kaneko                         skaneko@xxxxxxxxxxxx
---------------------------------------------------------