bh: doc/www/src/security kolab-vendor-notice-06.txt,NONE,1.1
cvs at intevation.de
cvs at intevation.de
Fri Nov 4 20:31:43 CET 2005
Author: bh
Update of /kolabrepository/doc/www/src/security
In directory doto:/tmp/cvs-serv30963/www/src/security
Added Files:
kolab-vendor-notice-06.txt
Log Message:
Add kolab security advisory 06 for clamav 0.87
--- NEW FILE: kolab-vendor-notice-06.txt ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Kolab Security Issue 06 20051104
================================
Package: Kolab Server
Vulnerability: buffer overflow, DOS, remotely exploitable
Kolab Specific: no
Dependent Packages: none
Summary
- -------
The Clam AntiVirus package contains a boundary condition error and fails
to handle exceptional conditions, which can be exploited remotely.
Affected Versions
- -----------------
This affects all servers which have ClamAV 0.87 or earlier versions running.
Kolab Server 2.0.1 and previous releases of the 2.0 branch are affected.
Fixes
- -----
Upgrade to ClamAV 0.87.1
A new ClamAV RPM is available from the Kolab download mirrors as
security-updates/20051104/clamav-0.87.1-20051104.src.rpm
A binary RPM for Debian woody (ix86) is available as
security-updates/clamav-0.87.1-20051104.ix86-debian3.0-kolab.rpm
The mirrors are listed on http://kolab.org/mirrors.html
While the mirrors are catching up, you can also get the package via rsync:
# rsync -tzv rsync://rsync.kolab.org/kolab/server/security-updates/20051104/clamav-0.87.1-20051104.src.rpm .
MD5 sums:
474c7e68feeec520fb2b0b95cb084482 clamav-0.87.1-20051104.ix86-debian3.0-kolab.rpm
13be516211e28fd9d861de051a3d0c17 clamav-0.87.1-20051104.src.rpm
This package can be installed on your Kolab Server with
# /kolab/bin/openpkg rpm --rebuild clamav-0.87.1-20051104.src.rpm
# /kolab/bin/openpkg rpm \
-Uvh /kolab/RPM/PKG/clamav-0.87.1-20051104.<ARCH>-<OS>-kolab.rpm
The installation process will likely leave a freshclam.conf.rpmsave or
clamav.conf.rpmsave in /kolab/etc/clamav/. Since freshclam.conf and
clamav.conf are generated files, remove the rpmsave files, run kolabconf
and make sure clamav starts. E.g.
# rm /kolab/etc/clamav/clamav.conf.rpmsave
# /kolab/sbin/kolabconf
# /kolab/etc/rc clamav start
##optional
# /kolab/bin/freshclam
Details
- -------
http://sourceforge.net/project/shownotes.php?release_id=368319
ClamAV 0.87.1 release notes
Timeline
- --------
20051103 clamav vendor released combined security and functional update
20051104 kolab update and security advisory published
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDa7UV0vCiU5+ISsgRAvJrAJsH3Qa65zY4OWyE9XzoqpOPh5v0hwCg99xi
jDaxQoFu/Z1k2o+h/M7RwSk=
=sMaW
-----END PGP SIGNATURE-----
More information about the commits
mailing list