[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debian-users:51190] [Translate] [SECURITY] [DSA 1660-1] New clamav packages fix denial of service



かねこです。
URL 等は Debian-security-announce メーリングリストの元記事を確認
ください。

------>8------------>8------------>8------------>8------------>8-
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1660-1                  security@debian.org
http://www.debian.org/security/                           Florian Weimer
October 26, 2008                      http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : clamav
Vulnerability  : ヌルポインタ参照、リソース使い果たし
Problem type   : ローカル (リモート)
Debian-specific: いいえ
CVE Id(s)      : CVE-2008-3912, CVE-2008-3913, CVE-2008-3914

複数のサービス拒否攻撃に繋がる欠陥が、ClamAV アンチウィルスツールキット
に発見されました。

メモリ不足条件のチェックが不足しているため、ヌルポインタ参照が起きます
(CVE-2008-3912)。

エラー処理論理に誤りがあり、メモリリーク (CVE-2008-3913) やファイルディ
スクリプタリーク (CVE-2008-3914) に繋がります。

安定版 (stable) ディストリビューション (etch) では、これらの問題はバージ
ョン 0.90.1dfsg-4etch15 で修正されています。

テスト版 (testing) および不安定版 (unstable) ディストリビューション
 (lenny および sid) では、これらの問題はバージョン 0.94.dfsg-1 で修正さ
れています。

直ぐに clamav パッケージをアップグレードすることを勧めます。


アップグレード手順
------------------

wget url
        	でファイルを取得できます。
dpkg -i file.deb
                で参照されたファイルをインストールできます。

apt-get パッケージマネージャを用いている場合には、本メールのフッタ記載の
行を sources.list に加えて、

apt-get update
        を実行して内部データベースを更新し、
apt-get upgrade
        によって修正されたパッケージをインストールしてください。

本メールのフッタ記載の設定を自ホストの設定に加えることにより、自動更新を
行うこともできます。


Debian GNU/Linux 4.0 alias etch
- -------------------------------

ソースアーカイブ:

  http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch15.diff.gz
    Size/MD5 checksum:   211673 f32684dc7b5c10438ed72ed8c522ced8
  http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg.orig.tar.gz
    Size/MD5 checksum: 11610428 6dc18602b0aa653924d47316f9411e49
  http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch15.dsc
    Size/MD5 checksum:      900 5c1aca2a402b405e027e79c7d9fdde39

アーキテクチャに依存しないパッケージ:


http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.90.1dfsg-4etch15_all.deb
    Size/MD5 checksum:  1005428 058124325863f5c4d6009547b81d3d10

http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.90.1dfsg-4etch15_all.deb
    Size/MD5 checksum:   202184 24e50f137412d6432f489f0c0bccefa2

http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.90.1dfsg-4etch15_all.deb
    Size/MD5 checksum:   158456 ee5378f52517374ecc6d45d0954a8da8

alpha architecture (DEC Alpha)


http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-4etch15_alpha.deb
    Size/MD5 checksum:   372930 f51ff2874a06cf834e586ffd629935a4

http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch15_alpha.deb
    Size/MD5 checksum:   182734 5c0db34ae38a22c21513210c00c3c69b

http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch15_alpha.deb
    Size/MD5 checksum:   465258 e5745dfa0c5a1b59e19fcce6743b8ea6

http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch15_alpha.deb
    Size/MD5 checksum:  9305242 c8970fe72c484513f6b405b5bbc2107f

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch15_alpha.deb
    Size/MD5 checksum:   862312 196a2f722ea12a073ab81ca361a4c8a4

http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch15_alpha.deb
    Size/MD5 checksum:   597822 f183a3e677f0eda5196f32e164c74bcd

http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-4etch15_alpha.deb
    Size/MD5 checksum:   180882 91a8a71ea5822c9bb74907d1c273c6a8

amd64 architecture (AMD x86_64 (AMD64))


http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-4etch15_amd64.deb
    Size/MD5 checksum:   341716 cf6f3fa99270adead786b673311f8d61

http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch15_amd64.deb
    Size/MD5 checksum:  9301976 2876b674f6cea7d15c5157e2de2328ee

http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch15_amd64.deb
    Size/MD5 checksum:   355170 de088b17a337d686b4621770fe4f9857

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch15_amd64.deb
    Size/MD5 checksum:   856710 666d145be4f30dff32fa4ea4a7baf3cf

http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch15_amd64.deb
    Size/MD5 checksum:   593892 f998497019eda5c09b4b9d72b28a20cd

http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-4etch15_amd64.deb
    Size/MD5 checksum:   177632 012e805063b0f0d0add72b3b7e31bc27

http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch15_amd64.deb
    Size/MD5 checksum:   178214 9cb0fd2d134382ab68377ea080354c39

arm architecture (ARM)


http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-4etch15_arm.deb
    Size/MD5 checksum:   175958 61f2238a6151d710f61898a69a7f17dd

http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch15_arm.deb
    Size/MD5 checksum:   554314 eeca09ab4e6114c1647f58e056bbbe88

http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-4etch15_arm.deb
    Size/MD5 checksum:   335754 a4455a0a045e44d7fe4e78e3138f9839

http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch15_arm.deb
    Size/MD5 checksum:   336508 7381b097f4239890fd7ecf3604b18a7b
  http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch15_arm.deb
    Size/MD5 checksum:   853888 cc8eb16ceef93c5dc7a344c31b76a1c4

http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch15_arm.deb
    Size/MD5 checksum:  9299654 079be0e85b9488a6c1a79e47fa473697

http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch15_arm.deb
    Size/MD5 checksum:   171826 4caa4c8de5d905072458b20c47fe6cf7

hppa architecture (HP PA RISC)


http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch15_hppa.deb
    Size/MD5 checksum:   178420 bb3bf378c5b4b2399066ef14d3a56f99

http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-4etch15_hppa.deb
    Size/MD5 checksum:   373022 03ab8e9d8f491cc2e36b6231df6a1598

http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch15_hppa.deb
    Size/MD5 checksum:   572122 49ede4d4a1cfaf08d2335a0643445281

http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-4etch15_hppa.deb
    Size/MD5 checksum:   178162 def9c5ec2aa784f7dce6292be42f47d9

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch15_hppa.deb
    Size/MD5 checksum:   857652 5d02382877ea32a59807865743c97bfd

http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch15_hppa.deb
    Size/MD5 checksum:   396408 ef2e43b492945bb1769a6f706788b658

http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch15_hppa.deb
    Size/MD5 checksum:  9303936 f3f4d2f867bde284abf7db446705ed95

i386 architecture (Intel ia32)


http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch15_i386.deb
    Size/MD5 checksum:  9301270 0a5dc62b3aab325ab4ea20276a45442d

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch15_i386.deb
    Size/MD5 checksum:   856306 8d74ae00e735d95515aa9bb808c6671c

http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-4etch15_i386.deb
    Size/MD5 checksum:   340162 08312dde22cde79581b15286c44f4301

http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch15_i386.deb
    Size/MD5 checksum:   172982 22de0edc3a1de0f0fbcb87edca082d50

http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch15_i386.deb
    Size/MD5 checksum:   338336 d1ef1a5beae644f9f1296d6039bb69ef

http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-4etch15_i386.deb
    Size/MD5 checksum:   175660 db8eac754a12034b9f75eaf05386ca82

http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch15_i386.deb
    Size/MD5 checksum:   560354 9c8893eb2188dadfaf3fd17a434f8b06

ia64 architecture (Intel ia64)


http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch15_ia64.deb
    Size/MD5 checksum:   610916 7ad33fed4d558be67ede30630d6c72a7

http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-4etch15_ia64.deb
    Size/MD5 checksum:   427888 c209553ee479329f7c7363c1ebdc1a74

http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-4etch15_ia64.deb
    Size/MD5 checksum:   192618 befb38ab9b489751714f779dbea3d291

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch15_ia64.deb
    Size/MD5 checksum:   879096 61a9e8155e1f09336597fe3f4a37d3fe

http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch15_ia64.deb
    Size/MD5 checksum:   465992 0c339ef0bb56f9b78396c5cef52d7f9b

http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch15_ia64.deb
    Size/MD5 checksum:   202350 a7a2a4426c2009d5834d077992fc958c

http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch15_ia64.deb
    Size/MD5 checksum:  9315990 f98473c93e67b4b211484830daf41832

mips architecture (MIPS (Big Endian))


http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch15_mips.deb
    Size/MD5 checksum:   179764 7993bddf6d20c53d04dfa82db8c45f17

http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-4etch15_mips.deb
    Size/MD5 checksum:   343582 963becae67065832dc9544c1b81c6af9

http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch15_mips.deb
    Size/MD5 checksum:  9301686 cc048163c4d480e18e26fc43a20557a5

http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch15_mips.deb
    Size/MD5 checksum:   599950 0cdd81bdd2254f51bb0042b9aff03799

http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch15_mips.deb
    Size/MD5 checksum:   398656 085b4754c33410f999a6c92a7fab83e5

http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-4etch15_mips.deb
    Size/MD5 checksum:   175634 aa1d7b2f22ed7e3e1d380e8e8b81affd

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch15_mips.deb
    Size/MD5 checksum:   855198 0a1ff9eb459bd43042abd61a5e417b7b

powerpc architecture (PowerPC)


http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch15_powerpc.deb
    Size/MD5 checksum:   591114 c8462b221e0ffa9e98768074c1a35e46

http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch15_powerpc.deb
    Size/MD5 checksum:   372666 368d9b9438ad78195fab6682815d0658

http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-4etch15_powerpc.deb
    Size/MD5 checksum:   350662 e003d2a4c115aa56b5cb58703ea8abb8

http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch15_powerpc.deb
    Size/MD5 checksum:   182422 50b96cab6541a0ea2809a60ec2977f6e

http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-4etch15_powerpc.deb
    Size/MD5 checksum:   177040 c44f2cdab20f3159c6e05decd53e5a42

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch15_powerpc.deb
    Size/MD5 checksum:   857930 14100228766332ab199d6d0e5e023a31

http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch15_powerpc.deb
    Size/MD5 checksum:  9303010 8d9887c249921ffd2d077060b86c33cd

s390 architecture (IBM S/390)


http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch15_s390.deb
    Size/MD5 checksum:   176984 c73d0d25cb9c6fb1471dc75dc1eae93b

http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch15_s390.deb
    Size/MD5 checksum:   370222 85073bbf0c93b0febd8653ea69d4bdd8

http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch15_s390.deb
    Size/MD5 checksum:   581758 20aad1ce19fb1e89f14f14cb9cb15abc

http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-4etch15_s390.deb
    Size/MD5 checksum:   361652 5a0de663fbef083c9dcbd26bec3be8b1

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch15_s390.deb
    Size/MD5 checksum:   855896 ba7952cb99fcbe5f7d95e3ee94a8cc60

http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-4etch15_s390.deb
    Size/MD5 checksum:   177818 667e53e87004a1a3dec45f976223b5ff

http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch15_s390.deb
    Size/MD5 checksum:  9301658 bc0b5281a733ed8dad0721921f3074d8

sparc architecture (Sun SPARC/UltraSPARC)


http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-4etch15_sparc.deb
    Size/MD5 checksum:   174724 e0ba1dd7dc376ed26e1ad691be01bc28

http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch15_sparc.deb
    Size/MD5 checksum:   852022 571af9e5cca4709e67315bc8d4e27f8d

http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch15_sparc.deb
    Size/MD5 checksum:   172782 e1f14cbb1310608ae919dbe2ba6dc2da

http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch15_sparc.deb
    Size/MD5 checksum:  9299404 dc0687d0d19b33a47549213a92986141

http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch15_sparc.deb
    Size/MD5 checksum:   541198 a7f2f8746008045edf1b94acacc60db9

http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch15_sparc.deb
    Size/MD5 checksum:   358074 71ddd770d23bd40dc8da26271556471a

http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-4etch15_sparc.deb
    Size/MD5 checksum:   349468 24934fe9a2cd03571fcbdcac63aa11c9


  これらのファイルは次の版の安定版リリース時そちらに移されます。


- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
------>8------------>8------------>8------------>8------------>8-
-- 
Seiji Kaneko                         skaneko@xxxxxxxxxxxx
---------------------------------------------------------