[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debian-users:48488] [Translate] [SECURITY] [DSA 1281-1] New clamav packages fix several vulnerabilities



かねこです。
URL 等は Debian-security-announce メーリングリストの元記事を確認
ください。

------>8------------>8------------>8------------>8------------>8-
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1281-1                    security@debian.org
http://www.debian.org/security/                         Moritz Muehlenhoff
April 25th, 2006                        http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : clamav
Vulnerability  : 複数
Problem-Type   : リモート
Debian-specific: いいえ
CVE ID         : CVE-2007-1745 CVE-2007-1997 CVE-2007-2029

Clam anti-virus ツールキットに、リモートから攻撃可能な複数の問題が発見さ
れました。 The Common Vulnerabilities and Exposures project は以下の問題
を認識しています。

CVE-2007-1745

    CHM ファイル形式のハンドラにファイルディスクリプタリークがあり、サー
    ビス拒否攻撃が可能であることが発見されました。

CVE-2007-1997

    CAB ファイル形式のハンドラにバッファオーバフローがあり、任意コード実
    行の可能性があることが発見されました。

CVE-2007-2029

    PDF ファイル形式のハンドラにファイルディスクリプタリークがあり、サー
    ビス拒否攻撃が可能であることが発見されました。


旧安定版 (stable) ディストリビューション (sarge) では、これらの問題はバー
ジョン 0.84-2.sarge.16 で修正されています。

安定版 (stable) ディストリビューション (etch) では、これらの問題はバージ
ョン 0.90.1-3etch1 で修正されています。

不安定版 (unstable) ディストリビューション (sid) では、これらの問題はバー
ジョン 0.90.2-1 で修正されています。

直ぐに clamav パッケージをアップグレードすることを勧めます。arm, sparc,
m68k および mips-bg/el の各アーキテクチャ向けのものはまだ提供できていま
せん。これらは後日提供予定です。


アップグレード手順
------------------

wget url
        	でファイルを取得できます。
dpkg -i file.deb
                で参照されたファイルをインストールできます。

apt-get パッケージマネージャを用いている場合には、本メールのフッタ記載の
行を sources.list に加えて、

apt-get update
        を実行して内部データベースを更新し、
apt-get upgrade
        によって修正されたパッケージをインストールしてください。

本メールのフッタ記載の設定を自ホストの設定に加えることにより、自動更新を
行うこともできます。



Debian GNU/Linux 3.1 愛称 sarge
- --------------------------------

  ソースアーカイブ:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.16.dsc
      Size/MD5 checksum:      874 750b482eeb436112babe47c8d4e462f4
    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.16.diff.gz
      Size/MD5 checksum:   187501 4fa4f6002ac647a88cc991491026f495
    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84.orig.tar.gz
      Size/MD5 checksum:  4006624 c43213da01d510faf117daa9a4d5326c

  アーキテクチャに依存しない内容:


http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.84-2.sarge.16_all.deb
      Size/MD5 checksum:   155282 27dda07f76c431190815699c933c96f1

http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.84-2.sarge.16_all.deb
      Size/MD5 checksum:   690904 0599cd77c6f729719f7d2218238286dc

http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.84-2.sarge.16_all.deb
      Size/MD5 checksum:   124268 dc29df62c5e663ac861871fb261c8f5f

  Alpha architecture:


http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.16_alpha.deb
      Size/MD5 checksum:    74760 6f5e17b5709704bb3cbb5df87886c535

http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.16_alpha.deb
      Size/MD5 checksum:    48704 42d401657e3ce03e9b3f8bc8c2eb6c2a

http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.16_alpha.deb
      Size/MD5 checksum:  2175750 6362f96b3ea12a7756a65be181ade900

http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.16_alpha.deb
      Size/MD5 checksum:    41738 fc892161427bb646375cd488ccdf8cf4

http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.16_alpha.deb
      Size/MD5 checksum:   256048 08a862b95ba887ef60d7e782b3860c4b

http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.16_alpha.deb
      Size/MD5 checksum:   286514 911985fc43f62e1648fc49c699873102

  AMD64 architecture:


http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.16_amd64.deb
      Size/MD5 checksum:    69018 d3cdbb0197531ab9c9b2da5fdd3f28d2

http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.16_amd64.deb
      Size/MD5 checksum:    44290 8dfb6f556b0e94177ced1b8437fd05c6

http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.16_amd64.deb
      Size/MD5 checksum:  2173300 4bddbe30c350a2cdf7085401d9ba2bd4

http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.16_amd64.deb
      Size/MD5 checksum:    40044 fe9c8fbf07d5bb4f2ea8c186fa4554d0

http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.16_amd64.deb
      Size/MD5 checksum:   176820 671a48baa1cff978ba6ac698bd92ce35

http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.16_amd64.deb
      Size/MD5 checksum:   260434 fcbd3ed5d6d195d941ae8c2c4be78583

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.16_i386.deb
      Size/MD5 checksum:    65316 388cb174e2802231f2e00be75e557525

http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.16_i386.deb
      Size/MD5 checksum:    40360 eb1b678e9f9e6902baf07337031a15c9

http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.16_i386.deb
      Size/MD5 checksum:  2171592 538f510efe1172159b580d2de8a685e3

http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.16_i386.deb
      Size/MD5 checksum:    38060 fc3bbba2437c2822000e045c6709c8b0

http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.16_i386.deb
      Size/MD5 checksum:   159914 61cff431ff68479054321cae6ce49434

http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.16_i386.deb
      Size/MD5 checksum:   255106 06c6210c2302fa4b12539f5d9d6ed90c

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.16_ia64.deb
      Size/MD5 checksum:    81948 b2532d41280dd297e11fe259cda69f43

http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.16_ia64.deb
      Size/MD5 checksum:    55324 4ece492972b78bd0a85a0a349219ba0c

http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.16_ia64.deb
      Size/MD5 checksum:  2180240 d59d5be58695e7eda4bb850329b61eaf

http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.16_ia64.deb
      Size/MD5 checksum:    49242 25aebadfb837f4b693c0ca7f00d7d7e5

http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.16_ia64.deb
      Size/MD5 checksum:   252464 9a98dab31c6cbd4010a070af84586379

http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.16_ia64.deb
      Size/MD5 checksum:   318554 ebfcc4e83fcce638cf4d6fd204f406ba

  PowerPC architecture:


http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.16_powerpc.deb
      Size/MD5 checksum:    69390 825a3ff9344b0ff0040c9009043d0345

http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.16_powerpc.deb
      Size/MD5 checksum:    44728 719d0f39e79ca450060ccf2b31841893

http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.16_powerpc.deb
      Size/MD5 checksum:  2173682 4da2c1673aec276f67dd78f418e20418

http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.16_powerpc.deb
      Size/MD5 checksum:    38890 13405ffbf96d22acac493dd5ca2561f9

http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.16_powerpc.deb
      Size/MD5 checksum:   187910 3f20cb90f59c59296469564288bc851f

http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.16_powerpc.deb
      Size/MD5 checksum:   265536 7f953c829582ff78a9c059e9a21c7ecc

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.16_s390.deb
      Size/MD5 checksum:    67964 2e69d92100ff9b5af69d2c6482c332e6

http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.16_s390.deb
      Size/MD5 checksum:    43642 4bc4573c069697913e88f90ce180bc78

http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.16_s390.deb
      Size/MD5 checksum:  2172968 095a7323846207c070de4be0cfca904b

http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.16_s390.deb
      Size/MD5 checksum:    38966 20219f58e85b9bd3742941042bf536b0

http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.16_s390.deb
      Size/MD5 checksum:   182852 1c38c0a2187b948fa7062a50a93d26ce

http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.16_s390.deb
      Size/MD5 checksum:   270160 298f91ebdd0f8fec45c7115a71e9ff76


Debian GNU/Linux 4.0 alias etch
- -------------------------------

  ソースアーカイブ:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch1.dsc
      Size/MD5 checksum:      886 03ca483d25aa8a5843c0334454fa854b
    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch1.diff.gz
      Size/MD5 checksum:   198874 332face9b6c9dd61ea183b97920d58e6
    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1.orig.tar.gz
      Size/MD5 checksum: 11643310 cd11c05b5476262eaea4fa3bd7dc25bf

  アーキテクチャに依存しない内容:


http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.90.1-3etch1_all.deb
      Size/MD5 checksum:   201166 15ff75fe7f8d74c20a1ed138a3ef96a3

http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.90.1-3etch1_all.deb
      Size/MD5 checksum:  1002982 c522f91db205e1317d7ffa4fcff219cc

http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.90.1-3etch1_all.deb
      Size/MD5 checksum:   157358 8f0bccc0ffe35df7afd1c970e7a6424d

  Alpha architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch1_alpha.deb
      Size/MD5 checksum:   863012 56735cac5c48a2b1cff498aa74af5b74

http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch1_alpha.deb
      Size/MD5 checksum:   184208 d61917178e7334eb9267834929ec3ac1

http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch1_alpha.deb
      Size/MD5 checksum:   643690 8a9d04ad670ff22316a894a6ee693526

http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch1_alpha.deb
      Size/MD5 checksum:  9303270 89869fa569a5b7a8175c5eae35d2dc4c

http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch1_alpha.deb
      Size/MD5 checksum:   179372 7a1dba33725c9de4ece9641d2b1c4b2f

http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch1_alpha.deb
      Size/MD5 checksum:   509666 e47d02325d68fe25a875843c6d390b80

http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch1_alpha.deb
      Size/MD5 checksum:   405480 38ccb1a5c657c5c70f410f94d66c93a1

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch1_amd64.deb
      Size/MD5 checksum:   856028 b605cea366cd60582a4f2926cd8dbbf0

http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch1_amd64.deb
      Size/MD5 checksum:   177964 d26c6f071ae2f9ef5a6a446ffdc79dac

http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch1_amd64.deb
      Size/MD5 checksum:   637432 dc8505b28e41acc8ae53502ddaeae429

http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch1_amd64.deb
      Size/MD5 checksum:  9301322 90c4819bcecb55a12dc94fdbd868b5e8

http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch1_amd64.deb
      Size/MD5 checksum:   176430 16d4a80aef673ec34e4c771013835463

http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch1_amd64.deb
      Size/MD5 checksum:   385728 391eab43682d135cd5a7321067b358e1

http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch1_amd64.deb
      Size/MD5 checksum:   366562 c71cc7f8c0cb058a725b7e8d6cc76df0

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch1_hppa.deb
      Size/MD5 checksum:   856792 69390669062759614b5068a91daf47fd

http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch1_hppa.deb
      Size/MD5 checksum:   177694 4e12f71d9e471ab44270ef8629c566f9

http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch1_hppa.deb
      Size/MD5 checksum:   617522 5157056214621eed9948cfcd417b56c3

http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch1_hppa.deb
      Size/MD5 checksum:  9302752 c8176be01a85cce59bce5869643e425a

http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch1_hppa.deb
      Size/MD5 checksum:   176522 f4379b7ca228397a28a2e040e890a3a5

http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch1_hppa.deb
      Size/MD5 checksum:   432108 07f29046db300ff6a57a86367c940e44

http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch1_hppa.deb
      Size/MD5 checksum:   404280 d69e5a48f1ff41d90885029f7212963b

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch1_i386.deb
      Size/MD5 checksum:   853434 e33737d0e8eeae82880dee160b884e4c

http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch1_i386.deb
      Size/MD5 checksum:   174318 188d945b3c78e3d540a8288115eb4923

http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch1_i386.deb
      Size/MD5 checksum:   603398 56ab1e4be6b9a86ef5b9ccfbf9d6faa2

http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch1_i386.deb
      Size/MD5 checksum:  9299850 b15d3a6570be05bf476bd9cd5821f179

http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch1_i386.deb
      Size/MD5 checksum:   174450 d33e361d311972a8f832e9a5c9cacd02

http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch1_i386.deb
      Size/MD5 checksum:   367182 c46322a281159fad5ee98725b293f295

http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch1_i386.deb
      Size/MD5 checksum:   365140 33b24038fd1f0cd610e18c5e9a6a45a8

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch1_ia64.deb
      Size/MD5 checksum:   878008 af774d8ff869cf7f6c2f01ecc7c066bf

http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch1_ia64.deb
      Size/MD5 checksum:   201168 74a33b6216e0e8210f6cd64d9b01e84a

http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch1_ia64.deb
      Size/MD5 checksum:   656168 74cd735a0f44db53d22d0d97847375fa

http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch1_ia64.deb
      Size/MD5 checksum:  9314758 b82acf9cc3c39df48574d645ff66dbcc

http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch1_ia64.deb
      Size/MD5 checksum:   190824 94493ed780a6188f973d4bff2b54b1dd

http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch1_ia64.deb
      Size/MD5 checksum:   520604 a139c1db4f8e08468e3138b3c17412c1

http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch1_ia64.deb
      Size/MD5 checksum:   474144 354eec2bd1aa062fb9e1150068b88f77

  PowerPC architecture:


http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch1_powerpc.deb
      Size/MD5 checksum:   856836 db956d3268e97ee29c056b92bfe175c6

http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch1_powerpc.deb
      Size/MD5 checksum:   181406 31d55adca529fcd1f843d35c4fe5733e

http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch1_powerpc.deb
      Size/MD5 checksum:   636432 c15e564ca0bba6f47553a15c52f70224

http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch1_powerpc.deb
      Size/MD5 checksum:  9301660 e57ce0bdd33f992cf842c47146160272

http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch1_powerpc.deb
      Size/MD5 checksum:   175544 806666c67449d7539310ce20e986892c

http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch1_powerpc.deb
      Size/MD5 checksum:   405180 b1a347e43bf7d8e0f5f89012d59b5bb6

http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch1_powerpc.deb
      Size/MD5 checksum:   377662 fa0be5ca2222ba19f85549416daf0333

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch1_s390.deb
      Size/MD5 checksum:   854784 38773a96cc7e238cfbff8e301af67e7f

http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch1_s390.deb
      Size/MD5 checksum:   175982 314d4bb67d61d26c374a80d2fb7d177e

http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch1_s390.deb
      Size/MD5 checksum:   627524 9b9f81c79c2fca92d060163a6cba5d3d

http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch1_s390.deb
      Size/MD5 checksum:  9300600 19ab58095839cac85be2f22f326859a3

http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch1_s390.deb
      Size/MD5 checksum:   176114 3375fd42709def635bf4929fe404a6f2

http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch1_s390.deb
      Size/MD5 checksum:   401188 28cde64e90a013bdf66a28f1b7d9058b

http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch1_s390.deb
      Size/MD5 checksum:   390658 40ead43ae79832d790c0e8fd290f0b8e

  これらのファイルは次の版の安定版リリース時そちらに移されます。


- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
------>8------------>8------------>8------------>8------------>8-
-- 
Seiji Kaneko                         skaneko@xxxxxxxxxxxx
---------------------------------------------------------