[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debian-users:48155] [Translate] [SECURITY] [DSA 1263-1] New clamav packages fix denial of service



かねこです。
URL 等は Debian-security-announce メーリングリストの元記事を確認
ください。

------>8------------>8------------>8------------>8------------>8-
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1263-1                    security@debian.org
http://www.debian.org/security/                         Moritz Muehlenhoff
March 6th, 2006                         http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : clamav
Vulnerability  : 複数
Problem-Type   : リモート
Debian-specific: いいえ
CVE ID         : CVE-2007-0897 CVE-2007-0898
Debian Bug     : 411118

Clam アンチウィルスツールキットに、リモートから攻撃可能な複数の問題が発
見されました。この欠陥を攻撃することでサービス拒否攻撃が可能です。The
Common Vulnerabilities and Exposures project は以下の問題を認識していま
す。

CVE-2007-0897

    不正な形式の CAB アーカイブによりファイルディスクリプタを使い尽くす
    ことができるため、サービス拒否攻撃が可能です。

CVE-2007-0898

    MIME ヘッダパーザにディレクトリトラバーサル欠陥があり、サービス拒否
    攻撃が可能です。


安定版  (stable) ディストリビューション (sarge) では、これらの問題はバー
ジョン 0.84-2.sarge.15 で修正されています。

次期安定版 (etch) ディストリビューションでは、これらの問題はバージョン
0.88.7-2 で修正されています。

不安定版 (unstable) ディストリビューション (sid) では、これらの問題はバー
ジョン 0.90-1 で修正されています。

直ぐに clamav パッケージをアップグレードすることを勧めます。


アップグレード手順
------------------

wget url
        	でファイルを取得できます。
dpkg -i file.deb
                で参照されたファイルをインストールできます。

apt-get パッケージマネージャを用いている場合には、本メールのフッタ記載の
行を sources.list に加えて、

apt-get update
        を実行して内部データベースを更新し、
apt-get upgrade
        によって修正されたパッケージをインストールしてください。

本メールのフッタ記載の設定を自ホストの設定に加えることにより、自動更新を
行うこともできます。



Debian GNU/Linux 3.1 愛称 sarge
- --------------------------------

  ソースアーカイブ:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15.dsc
      Size/MD5 checksum:      874 164ac3671dc1ede72f116703ff47f5c7
    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15.diff.gz
      Size/MD5 checksum:   181092 4cb9909ef8d4d1da088a44a40a3d0a5d
    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84.orig.tar.gz
      Size/MD5 checksum:  4006624 c43213da01d510faf117daa9a4d5326c

  Architecture independent components:

    http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.84-2.sarge.15_all.deb
      Size/MD5 checksum:   155290 d03243c2e40548b1ed8a7187dbbe05c0
    http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.84-2.sarge.15_all.deb
      Size/MD5 checksum:   690908 6a35ca9ba3a2cccafe60ee6ba15dff30
    http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.84-2.sarge.15_all.deb
      Size/MD5 checksum:   124274 50a76314d37beaa54c9939d01268a295

  Alpha architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_alpha.deb
      Size/MD5 checksum:    74852 2f8ba776b5b8ecabb5ced89124df8711
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_alpha.deb
      Size/MD5 checksum:    48910 3c1e853f2c6cd9e75c1f88f9e607196c
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_alpha.deb
      Size/MD5 checksum:  2176498 f00a4e4a4724e7c278b356f74dcd6e9f
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_alpha.deb
      Size/MD5 checksum:    42160 1632e0df7ee729b9863ddd3deb70f57c
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_alpha.deb
      Size/MD5 checksum:   256108 8cd276b750093c23907973a9d3e80031
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_alpha.deb
      Size/MD5 checksum:   286304 85f2cd7418bb2bae13615499b52211fe

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_amd64.deb
      Size/MD5 checksum:    69010 5c1285590a4068fe6253145862a4ade9
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_amd64.deb
      Size/MD5 checksum:    44278 5b7a1bc8cd6034bbc5ea6b4af21c5adc
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_amd64.deb
      Size/MD5 checksum:  2173282 eedaa60dcb78037af56c2868aaa70a8a
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_amd64.deb
      Size/MD5 checksum:    40038 92967a280f254f2254851bed6f1dfd0f
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_amd64.deb
      Size/MD5 checksum:   176818 c76d900e5c2b6add3da38f4ef84adc2b
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_amd64.deb
      Size/MD5 checksum:   260378 b6b0304db0b1ac7306b43d854eb8a4d5

  ARM architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_arm.deb
      Size/MD5 checksum:    63970 a8146a69333876298408f196c7b6de18
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_arm.deb
      Size/MD5 checksum:    39636 f3768da7d1f98159134b0d5375585567
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_arm.deb
      Size/MD5 checksum:  2171278 b728182250c04bb804c25150a1c008bc
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_arm.deb
      Size/MD5 checksum:    37320 1dbc35eb0c07bb0b19f83f002346462c
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_arm.deb
      Size/MD5 checksum:   175142 e1a4473d761f38ea9e22aeede630d8af
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_arm.deb
      Size/MD5 checksum:   250250 5be64956ab66d665a714dd889616d8a7

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_hppa.deb
      Size/MD5 checksum:    68470 75c8d1e6c3f6d20d8955178dc1f9a74d
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_hppa.deb
      Size/MD5 checksum:    43276 23d1c8cacac81c26942fb1fc91a57756
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_hppa.deb
      Size/MD5 checksum:  2173656 13c73779b34757f034a924aa72c589f3
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_hppa.deb
      Size/MD5 checksum:    39534 cc09b2a89978af3c674d3b908bac0ce6
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_hppa.deb
      Size/MD5 checksum:   202948 cd2bd9baaf5784217111a7527c085faa
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_hppa.deb
      Size/MD5 checksum:   283994 91570ebc055a4c6542369090b9c42833

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_i386.deb
      Size/MD5 checksum:    65324 27e131c923911d74c77b081081efd53b
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_i386.deb
      Size/MD5 checksum:    40372 302701e63dd3ed03f4d6df6be0ea9fda
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_i386.deb
      Size/MD5 checksum:  2171596 4df76765279396b0c35e5f08c45ed9ba
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_i386.deb
      Size/MD5 checksum:    38044 56981cfac9af7758ee3c9bfb900312e8
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_i386.deb
      Size/MD5 checksum:   159896 ae0b9dab053b2a5e14f795298b27a4dd
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_i386.deb
      Size/MD5 checksum:   255084 dce16317d32ee0c1fa89e7b881627ae3

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_ia64.deb
      Size/MD5 checksum:    81954 38e69159641cd1a96823bca6bd9dbe65
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_ia64.deb
      Size/MD5 checksum:    55336 5c9ed951a1c11eb69c99c4b896b79b8d
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_ia64.deb
      Size/MD5 checksum:  2180266 7d15c59e8b1c8514c654deab1902aed2
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_ia64.deb
      Size/MD5 checksum:    49252 9184c9e05f4bb5d42e8d837016065946
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_ia64.deb
      Size/MD5 checksum:   252442 936bbea0fb4950db7be9bb8a01164fc3
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_ia64.deb
      Size/MD5 checksum:   318470 07a022c3616a0a1b5ddc5f6acb132b50

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_m68k.deb
      Size/MD5 checksum:    62640 6315cbb887a6e57471451c8a4d930b51
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_m68k.deb
      Size/MD5 checksum:    38258 76d989cd3d071c5600d9239ec44d5e10
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_m68k.deb
      Size/MD5 checksum:  2170534 f35dcc6912fb0acd0b259acae8a9b9a2
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_m68k.deb
      Size/MD5 checksum:    35122 40b89cf394c25f79e17acc8dfb329b0d
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_m68k.deb
      Size/MD5 checksum:   146484 0098c6f52a629d5e1997ada7e752170e
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_m68k.deb
      Size/MD5 checksum:   251086 888c34801a5588dbc49f66e2acf1216a

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_mips.deb
      Size/MD5 checksum:    68062 9d6a26efae1f42e04162a5423ac317fb
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_mips.deb
      Size/MD5 checksum:    43874 f1cd8daafda6e91f288a8206d168f301
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_mips.deb
      Size/MD5 checksum:  2173058 6f5c70b355790ce6d4ff9c082e8506a3
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_mips.deb
      Size/MD5 checksum:    37682 a6706508bb4aaf8098968d60f8397be6
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_mips.deb
      Size/MD5 checksum:   195860 ea70cd36f235d4f2326307df22e06f69
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_mips.deb
      Size/MD5 checksum:   258188 9d874d790e66793797211be2a5a8ce86

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_mipsel.deb
      Size/MD5 checksum:    67650 9a9146d5667ccf4b111dd30d752f0a91
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_mipsel.deb
      Size/MD5 checksum:    43684 21fb06cf16611c12fdacdb8937ae92b1
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_mipsel.deb
      Size/MD5 checksum:  2173010 cc75d6c3f0f2fe5e597e79d547199a0f
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_mipsel.deb
      Size/MD5 checksum:    37996 3aeecfbf91fa68a8a2175ab5a1caa013
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_mipsel.deb
      Size/MD5 checksum:   192220 c612ee4b274d41ee7c7a2f7c06665958
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_mipsel.deb
      Size/MD5 checksum:   255722 66f071a933589d62c11c161a49015702

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_powerpc.deb
      Size/MD5 checksum:    69390 57c24e63fb8b9eee0ba65f82ebce29c5
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_powerpc.deb
      Size/MD5 checksum:    44732 b79f087c2d6b9a6a0443257dd664cd28
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_powerpc.deb
      Size/MD5 checksum:  2173690 c13fd5c3eb38db179db4db8a25017bd1
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_powerpc.deb
      Size/MD5 checksum:    38886 902c240c9ba87fb45d2018d6e7071b9e
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_powerpc.deb
      Size/MD5 checksum:   187852 cbfcd17a7acf154d92f2324aa6cc9bc3
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_powerpc.deb
      Size/MD5 checksum:   265522 5803d3f1b222cfd28229a2e47076bcae

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_s390.deb
      Size/MD5 checksum:    67960 8abf60927cc67e39c30af5147038457f
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_s390.deb
      Size/MD5 checksum:    43632 2087d0ad268f72be98b9c711543b4e15
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_s390.deb
      Size/MD5 checksum:  2172968 1e93b48d8eabf027a2885c44eeb2f694
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_s390.deb
      Size/MD5 checksum:    38974 15884fe049d94ea78d1392025734f719
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_s390.deb
      Size/MD5 checksum:   182844 894b86b7256a132a8c4d7ddf9adc3a0e
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_s390.deb
      Size/MD5 checksum:   270124 b804fa150e7e2c85e09ebb4fa5c15d8a

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_sparc.deb
      Size/MD5 checksum:    64742 57b8bb2c49e2eb5360b8f105ed4b9f91
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_sparc.deb
      Size/MD5 checksum:    39522 59eb16c39f5c0dd52919b5fa3b2096fb
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_sparc.deb
      Size/MD5 checksum:  2171204 d66238ca67d4f22ff1145cf9ca393d9c
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_sparc.deb
      Size/MD5 checksum:    36890 5ffe48cc0fdea294f6382f73a668fe30
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_sparc.deb
      Size/MD5 checksum:   176144 1110fde33987418132d3ee6df0990ac8
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_sparc.deb
      Size/MD5 checksum:   265558 a2096ed70b830e852a72099dc9962641


  これらのファイルは次の版の安定版リリース時そちらに移されます。


- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
------>8------------>8------------>8------------>8------------>8-
-- 
Seiji Kaneko                         skaneko@xxxxxxxxxxxx
---------------------------------------------------------