[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debian-users:48761] [Translate] [SECURITY] [DSA 1281-2] New clamav packages fix denial of service vulnerability



かねこです。
URL 等は Debian-security-announce メーリングリストの元記事を確認
ください。

------>8------------>8------------>8------------>8------------>8-
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1281-2                security@debian.org
http://www.debian.org/security/                         Noah Meyerhans
May 21, 2007
- ------------------------------------------------------------------------

Package        : clamav
Vulnerability  : file descriptor leak
Problem type   : リモート
Debian-specific: いいえ
CVE Id(s)      : CVE-2007-2029
BugTraq ID     : 23656

4/25 に the Debian Security Team は Clam アンチウイルスツールキット
Clamav の更新版 0.90.1-3etch1 を、複数の欠陥の対策のためリリースしました。
残念ながら、この更新版パッケージには誤りがあり、PDF 文書ハンドラのファイ
ルディスクリプタリークに関する CVE-2007-2029 が Debian 4.0 (etch) および
テスト版 (lenny) で正しく修正されていませんでした。

この問題は安定版 (stable) ではバージョン 0.90.1-3etch2 で修正されており、
テスト版 (lenny) では clamav_0.90.1-3.1lenny2 で修正予定です。テスト版
(testing) については testing-security チャネル経由でできるだけ速くリリー
スいたします。それ以外の版には影響はありません。

直ぐに clamav パッケージをアップグレードすることを勧めます。

アップグレード手順
------------------

wget url
        	でファイルを取得できます。
dpkg -i file.deb
                で参照されたファイルをインストールできます。

apt-get パッケージマネージャを用いている場合には、本メールのフッタ記載の
行を sources.list に加えて、

apt-get update
        を実行して内部データベースを更新し、
apt-get upgrade
        によって修正されたパッケージをインストールしてください。

本メールのフッタ記載の設定を自ホストの設定に加えることにより、自動更新を
行うこともできます。


Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel,
powerpc, s390 and sparc.

ソースアーカイブ:

  http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1.orig.tar.gz
    Size/MD5 checksum: 11643310 cd11c05b5476262eaea4fa3bd7dc25bf
  http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch2.diff.gz
    Size/MD5 checksum:   202678 b69d5dd04efa34a1b5d754d00d02325a
  http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch2.dsc
    Size/MD5 checksum:      886 8ea6dec6430464f80367174cbf1522ee

Architecture independent packages:

  http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.90.1-3etch2_all.deb
    Size/MD5 checksum:   200024 399e614261bcf6fc11f9d8cb1f31aa36
  http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.90.1-3etch2_all.deb
    Size/MD5 checksum:  1005888 07cf61246264a02b5f3f75b712dc352f

http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.90.1-3etch2_all.deb
    Size/MD5 checksum:   157450 84cfbe25cbb8f43f84d3e7608dd1ff00

alpha architecture (DEC Alpha)


http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch2_alpha.deb
    Size/MD5 checksum:   405598 e89e635ca763a960a2b9641034cffe1f
  http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch2_alpha.deb
    Size/MD5 checksum:   863126 be2975967f9abcad74ac30ad1a7b4ecc

http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch2_alpha.deb
    Size/MD5 checksum:   509806 596fb241736d8336811f5631ef922937

http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch2_alpha.deb
    Size/MD5 checksum:   184282 678347363c2723c9562aa7e5edda23fe

http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch2_alpha.deb
    Size/MD5 checksum:   643780 d44e46beb7ed21b5f423cc40d93feae9

http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch2_alpha.deb
    Size/MD5 checksum:  9303354 954ef0ff1af4fbafdf32d0230edf6d79

http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch2_alpha.deb
    Size/MD5 checksum:   179444 d066c1c6f9d1b738abba4150ecfbe3ef

amd64 architecture (AMD x86_64 (AMD64))


http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch2_amd64.deb
    Size/MD5 checksum:   176536 3b19c1bfabe694d90a047232a3cb21ea

http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch2_amd64.deb
    Size/MD5 checksum:   178048 1d2d279449991d196c0444502fd05e7a

http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch2_amd64.deb
    Size/MD5 checksum:   637530 8914446075225de9dc8c97dd16b83acd
  http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch2_amd64.deb
    Size/MD5 checksum:   856120 96322f73a53bc97b115ee7fcbfb3560e

http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch2_amd64.deb
    Size/MD5 checksum:   366656 ff2956673dbbb4a62e5ab9153a80a9cf

http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch2_amd64.deb
    Size/MD5 checksum:   385832 56bd5d5f8a4b2a1241c109d88d3b4279

http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch2_amd64.deb
    Size/MD5 checksum:  9301488 175ff062a9408489ec8c185124e209a4

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch2_arm.deb
    Size/MD5 checksum:   362196 50bfa1d26925ac85140583fce13b3909

http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch2_arm.deb
    Size/MD5 checksum:   173260 8e65843c91e2a1fe5446cb540445556a

http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch2_arm.deb
    Size/MD5 checksum:  9299326 4a9c05ea0f08fbca693f1884f116b0f8

http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch2_arm.deb
    Size/MD5 checksum:   366018 d07ef427cb65e5839f0b523c08d55c1c

http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch2_arm.deb
    Size/MD5 checksum:   174362 74669807f901a4b8a3ce125b3ad333c9
  http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch2_arm.deb
    Size/MD5 checksum:   596846 c1ac53e1501d73611556ffc547496f3b
  http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch2_arm.deb
    Size/MD5 checksum:   851644 952a117428093c42dd281b5c695832e0

hppa architecture (HP PA RISC)


http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch2_hppa.deb
    Size/MD5 checksum:   176618 89bf2c97a2690eecccebe60e3a7cd55f
  http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch2_hppa.deb
    Size/MD5 checksum:   404346 22abe6d6d95e7933d38969fabc552253

http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch2_hppa.deb
    Size/MD5 checksum:  9302836 78c95396f0971eef4c1b8f73809b74a6
  http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch2_hppa.deb
    Size/MD5 checksum:   617610 b0b2c5131ae5c8ebbbc049a0a204ffd4
  http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch2_hppa.deb
    Size/MD5 checksum:   856878 b085a2d8317bce6476d6129df8962e38

http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch2_hppa.deb
    Size/MD5 checksum:   177774 0a2a82b14cdcf0cabd566e8ed8c74e9c

http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch2_hppa.deb
    Size/MD5 checksum:   432198 c4ad61a24a60b73528db102363af6d00

i386 architecture (Intel ia32)


http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch2_i386.deb
    Size/MD5 checksum:   367872 4a4c2d68de04892779fa2ee18d454af1

http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch2_i386.deb
    Size/MD5 checksum:  9299034 a57a8dabcbfdb1ca948c7807e2b161d5

http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch2_i386.deb
    Size/MD5 checksum:   173352 1effd13aca20fd86e8b00d1a0a21e842
  http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch2_i386.deb
    Size/MD5 checksum:   365298 a188cff902e8d3642e376a2185f48209
  http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch2_i386.deb
    Size/MD5 checksum:   604376 3f2b2b9b7019c4b0ec612acab2de915b

http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch2_i386.deb
    Size/MD5 checksum:   174936 ac2c9892b4ba30ecae20c35597b8fcc9
  http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch2_i386.deb
    Size/MD5 checksum:   854652 8a44c143be20d81e88ac3500ef387df6

ia64 architecture (Intel ia64)


http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch2_ia64.deb
    Size/MD5 checksum:  9314878 52935be009b4a84223a81151df5ddbba
  http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch2_ia64.deb
    Size/MD5 checksum:   474192 c31fc49ca7bdd22488a15b99357b5d76

http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch2_ia64.deb
    Size/MD5 checksum:   201282 f1fe669400c25fab7b39c54ef4eaecda
  http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch2_ia64.deb
    Size/MD5 checksum:   878096 fcdac4ab11700a235d4d39ebdbeb27c5

http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch2_ia64.deb
    Size/MD5 checksum:   190928 62d04383c37b80857a93467913a1c14c
  http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch2_ia64.deb
    Size/MD5 checksum:   656284 de83f9db8dfdf447752093747bd2a2d9

http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch2_ia64.deb
    Size/MD5 checksum:   520668 edc7f091eb3cc1186839384bfef06d21

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch2_mips.deb
    Size/MD5 checksum:   371698 fc79ffd010ad11bfa3160cf6ea3ce707

http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch2_mips.deb
    Size/MD5 checksum:   179500 911eb19759eaf1cf427542dae6f28406

http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch2_mips.deb
    Size/MD5 checksum:   174912 cf528b98d0097a8eb48f20904c9d2293

http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch2_mips.deb
    Size/MD5 checksum:  9301294 c790bf6ecaf6006c91e1cef8a4a77923
  http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch2_mips.deb
    Size/MD5 checksum:   646430 f5c54dcdcded52b66ff4147fddc71f59
  http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch2_mips.deb
    Size/MD5 checksum:   854314 305e3bf521ff3f2cd96792922a2c625b

http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch2_mips.deb
    Size/MD5 checksum:   434900 6a543233716cd4b768afebbea6b61d6a

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch2_mipsel.deb
    Size/MD5 checksum:   854248 3ea1e1812a2daa168a9533176fe1e074

http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch2_mipsel.deb
    Size/MD5 checksum:   179608 8541d8cbfbe953440b3ef5dfd517b63e

http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch2_mipsel.deb
    Size/MD5 checksum:  9301454 7f1090c461b1770d05c8ded4308f1e89

http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch2_mipsel.deb
    Size/MD5 checksum:   364882 c8bc7c3b7c605e37af80ebce9eea919a

http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch2_mipsel.deb
    Size/MD5 checksum:   426150 401882418c4e16b3e58a99d8b021f8b7

http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch2_mipsel.deb
    Size/MD5 checksum:   635298 81f659a808b56347b350ad675e0c29ce

http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch2_mipsel.deb
    Size/MD5 checksum:   175152 4440f5cfc45930032d5b7ee149c8ffa8

powerpc architecture (PowerPC)


http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch2_powerpc.deb
    Size/MD5 checksum:   181496 f05c77fa28abd1aafcc376ae4e28c587

http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch2_powerpc.deb
    Size/MD5 checksum:   405258 3bd384a4001434b69039dd3bb1437826

http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch2_powerpc.deb
    Size/MD5 checksum:   636532 7434d9bb7f4657e77204fa5f708b3421
  http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch2_powerpc.deb
    Size/MD5 checksum:   856934 13a0e913693e549c7562afbe59ee2cc0

http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch2_powerpc.deb
    Size/MD5 checksum:   377756 8a28b60a850123a811317bf1ab752947

http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch2_powerpc.deb
    Size/MD5 checksum:  9301808 ff846ca9fe56ce38d25a00ee83cecc2a

http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch2_powerpc.deb
    Size/MD5 checksum:   175654 52166fa0e96a3fbed8c47600bd9b6ccb

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch2_s390.deb
    Size/MD5 checksum:   854876 4eb7c4af3574b496997a79de2c00bd59
  http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch2_s390.deb
    Size/MD5 checksum:   390766 6f40991adee8e0877e9e0968240fc299

http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch2_s390.deb
    Size/MD5 checksum:   176048 ce6514408234d53d0e09e78de7b34b60

http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch2_s390.deb
    Size/MD5 checksum:   176232 f26d9e37a2b5b6e2ebc11408c2a1c87e

http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch2_s390.deb
    Size/MD5 checksum:   401248 30566a8c06b87fa9226e3ee490ed985f
  http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch2_s390.deb
    Size/MD5 checksum:   627618 c46d97bd8cf40a85cb8882df6e554913

http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch2_s390.deb
    Size/MD5 checksum:  9300662 5a58ee27fad028c3e8e4632426cce41c

sparc architecture (Sun SPARC/UltraSPARC)


http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch2_sparc.deb
    Size/MD5 checksum:  9298416 e3846fca2a382ccc5596d04e9a5ab469

http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch2_sparc.deb
    Size/MD5 checksum:   583752 1085766a6eb6e086a745b65c8d65f3cd

http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch2_sparc.deb
    Size/MD5 checksum:   171712 0be51d03cf3b023cf6e5899d6b71d798

http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch2_sparc.deb
    Size/MD5 checksum:   388500 3cb57fbe22b4fb9d4fad41e9b7d25ed8

http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch2_sparc.deb
    Size/MD5 checksum:   376772 3e724ed0289a2c8d42e6cde9155cb4b3
  http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch2_sparc.deb
    Size/MD5 checksum:   850984 cd8672207fe749f42f909fb135f3ab06

http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch2_sparc.deb
    Size/MD5 checksum:   173342 e6a2627dffed9ac3afe3716271d8efb1


  これらのファイルは次の版の安定版リリース時そちらに移されます。


- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
------>8------------>8------------>8------------>8------------>8-
-- 
Seiji Kaneko                         skaneko@xxxxxxxxxxxx
---------------------------------------------------------