[Kolab-announce] Security Advisory 10 for Kolab Server (CVE-2006-4018, ClamAV)

Bernhard Reiter bernhard at intevation.de
Thu Aug 10 17:49:21 CEST 2006


-------------- next part --------------
Kolab Security Issue 09 20060810
================================

Package:              Kolab Server, ClamAV
Vulnerability:        buffer overflow, remotely exploitable (CVE-2006-4018)
Kolab Specific:       no
Dependent Packages:   none
Impact: 	      high


Summary
~~~~~~~

The Clam AntiVirus package's freshclam component has a buffer overflow
in the handler for compressed UPX files that can be exploited remotely.


Affected Versions
~~~~~~~~~~~~~~~~~

This affects all servers which have ClamAV 0.81 up to 0.88.3 running.
Kolab Server 2.0.3, Kolab Server 2.1beta2 are vulnerable.
Previous releases are affected.


Fix
~~~

Upgrade to ClamAV 0.88.4 
or to Kolab Server 2.0.4 which includes the new ClamAV.

The ClamAV RPM is available from the Kolab download mirrors as
security-updates/20060810/clamav-0.88.4-20060809.src.rpm

The mirrors are listed on http://kolab.org/mirrors.html
While the mirrors are catching up, you can also get the package via rsync:
# rsync -tvP rsync://rsync.kolab.org/kolab/server/security-updates/20060810/clamav-0.88.4-20060809.src.rpm .

MD5 sums:
943f2f4da69cb949a060e6ba102b4e44  clamav-0.88.4-20060809.src.rpm

The package can be installed on your Kolab Server with

# /kolab/bin/openpkg rpm --rebuild clamav-0.88.4-20060809.src.rpm
# /kolab/bin/openpkg rpm \
  -Uvh /kolab/RPM/PKG/clamav-0.88.4-20060809.<ARCH>-<OS>-kolab.rpm

The installation process might leave a freshclam.conf.rpmsave or
clamd.conf.rpmsave in /kolab/etc/clamav/.  Since freshclam.conf and
clamd.conf are generated files, remove the rpmsave files, run kolabconf
and make sure clamav starts.  E.g.

# rm /kolab/etc/clamav/clamd.conf.rpmsave
# /kolab/sbin/kolabconf
# /kolab/etc/rc clamav start

Optionally update the virus signature files manually right away as test:
# /kolab/bin/freshclam


Details
~~~~~~~

http://www.clamav.net/security/0.88.4.html
	ClamAV 0.88.4 security advisory.


Timeline
~~~~~~~~
    20060807 ClamAV security release 0.88.4.
    20060809 OpenPKG 0.88.4 package release in section CUR/SRC/PLUS.
    20060810 Kolab Server security advisory published.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.kolab.org/pipermail/announce/attachments/20060810/5b353918/attachment.sig>


More information about the announce mailing list