Security Advisory 05 for Kolab Server

Thomas Arendsen Hein thomas at intevation.de
Thu Oct 20 18:34:56 CEST 2005


Kolab Security Issue 05 20051020
================================

Package:              clamav
Vulnerability:        buffer overflow, DOS, remotely exploitable
Kolab Specific:       yes
Dependent Packages:   none


Summary
-------

Thorsten Schnebeck informed us on the kolab-users mailing list that the
obmtool.conf file distributed with Kolab Security Issue 04 20051014 may
cause a downgrade of clamav to a vulnerable version.


Affected Versions
-----------------

ClamAV-0.86.2 or earlier are affected.

You can check the installed version with:
/kolab/bin/openpkg rpm -q clamav


Fixes
-----

Upgrade to ClamAV 0.87 again by following the instructions from
Kolab Security Issue 03 20050921, included here for convenience:

A new ClamAV RPM is available from the Kolab download mirrors as
security-updates/20050921/clamav-0.87-20050916.src.rpm

A binary RPM for Debian woody (ix86) is available as
security-updates/20050921/clamav-0.87-20050916.ix86-debian3.0-kolab.rpm

The mirrors are listed on http://kolab.org/mirrors.html


Details
-------

http://kolab.org/security/kolab-vendor-notice-03.txt
	Kolab Security Issue 03 20050921

http://kolab.org/security/kolab-vendor-notice-04.txt
	Kolab Security Issue 04 20051014

http://kolab.org/pipermail/kolab-users/2005-October/003582.html
	Thorsten Schnebeck published the problem on kolab-users


Timeline
--------
    20051014 Kolab Security Issue 04 published with incorrect obmtool.conf
    20051020 Problem published on kolab-users mailing list
    20051020 Problem confirmed and updated security advisory published

-- 
Email: thomas at intevation.de
http://intevation.de/~thomas/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.kolab.org/pipermail/users/attachments/20051020/358dfd6c/attachment.sig>


More information about the users mailing list