From 19fa322767240a9b67ebec1874f80cb1f9a05100 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Sat, 5 Nov 2005 06:40:17 +0000 Subject: Prepare to release DTSA-21 clamav git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@2670 e39458fd-73e7-0310-bf30-c45bca0a0e42 --- website/DTSA/DTSA-21-1.html | 117 ++++++++++++++++++++++++++++++++++++++++++++ website/list.html | 2 + 2 files changed, 119 insertions(+) create mode 100644 website/DTSA/DTSA-21-1.html (limited to 'website') diff --git a/website/DTSA/DTSA-21-1.html b/website/DTSA/DTSA-21-1.html new file mode 100644 index 0000000000..88feac0c3b --- /dev/null +++ b/website/DTSA/DTSA-21-1.html @@ -0,0 +1,117 @@ + + + Debian testing security team - Advisory + + + + +
+ + + + + Debian Project +
+
+ + + + + + + + + + + +
+ Debian testing security team - Advisory +
+ + +
+ + +

DTSA-21-1

+
+
Date Reported:
+
November 3rd, 2005
+
Affected Package:
+
clamav
+
Vulnerability:
+
Denial of service vulnerabilities and buffer overflow
+
Problem-Scope:
+
remote
+
Debian-specific:
+
No
+
CVE:
+
+CVE-2005-3239 +CVE-2005-3500 +CVE-2005-3501 +CVE-2005-3303 +
+
More information:
+
 
+Multiple security holes were found in clamav: 

+CVE-2005-3239 

+ The OLE2 unpacker allows remote attackers to cause a denial of service  
+ by sending a DOC file with an invalid property tree, triggering  
+ an infinite recursion. 

+CVE-2005-3500 

+ The tnef_attachment function in Clam AntiVirus before 0.87.1 
+ allows remote attackers to cause a denial of service, through 
+ an infinate loop and memory exhaustion, by crafting a CAB file 
+ with a value that causes ClamAV to repeatedly scan the same block 

+CVE-2005-3501 

+ The cabd_find function in of the libmspack library in Clam AntiVirus 
+ before 0.87.1 allows remote attackers to cause a denial of service 
+ via a crafted CAB file that causes cabd_find to be called with a zero 
+ length. 

+CVE-2005-3303 

+ The FSB unpacker in Clam AntiVirus 0.80 through 0.87 allows 
+ remote attackers to cause memory corruption and execute arbitrary 
+ code via a crafted FSG 1.33 file. 
+
+
For the testing distribution (etch) this is fixed in version 0.87.1-0etch.1
+
For the unstable distribution (sid) this is fixed in version 0.87.1
+
This upgrade is recommended if you use clamav.
+
If you have the secure testing lines in your sources.list, you can update by running this command as root:
+ +
apt-get update && apt-get upgrade
+
+ +
+
To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:
+
+
deb http://secure-testing-mirrors.debian.net/debian-secure-testing etch-proposed-updates/security-updates main contrib non-free
+
deb-src http://secure-testing-mirrors.debian.net/debian-secure-testing etch-proposed-updates/security-updates main contrib non-free
+
+
The archive signing key can be downloaded from
+
http://secure-testing.debian.net/ziyi-2005-7.asc
+ +
+ + +
+ + Valid HTML 4.01! + + Valid CSS! + + + + diff --git a/website/list.html b/website/list.html index c6604023b8..881e242968 100644 --- a/website/list.html +++ b/website/list.html @@ -75,6 +75,8 @@
buffer overflow and infinate loop problems
[October 13th, 2005] DTSA-20-1 mailutils
Format string vulnerability
+
[November 3rd, 2005] DTSA-21-1 clamav
+
Denial of service vulnerabilities and buffer overflow
-- cgit v1.2.3