Security Advisory 05 for Kolab Server
Thomas Arendsen Hein
thomas at intevation.de
Thu Oct 20 18:34:56 CEST 2005
Kolab Security Issue 05 20051020
================================
Package: clamav
Vulnerability: buffer overflow, DOS, remotely exploitable
Kolab Specific: yes
Dependent Packages: none
Summary
-------
Thorsten Schnebeck informed us on the kolab-users mailing list that the
obmtool.conf file distributed with Kolab Security Issue 04 20051014 may
cause a downgrade of clamav to a vulnerable version.
Affected Versions
-----------------
ClamAV-0.86.2 or earlier are affected.
You can check the installed version with:
/kolab/bin/openpkg rpm -q clamav
Fixes
-----
Upgrade to ClamAV 0.87 again by following the instructions from
Kolab Security Issue 03 20050921, included here for convenience:
A new ClamAV RPM is available from the Kolab download mirrors as
security-updates/20050921/clamav-0.87-20050916.src.rpm
A binary RPM for Debian woody (ix86) is available as
security-updates/20050921/clamav-0.87-20050916.ix86-debian3.0-kolab.rpm
The mirrors are listed on http://kolab.org/mirrors.html
Details
-------
http://kolab.org/security/kolab-vendor-notice-03.txt
Kolab Security Issue 03 20050921
http://kolab.org/security/kolab-vendor-notice-04.txt
Kolab Security Issue 04 20051014
http://kolab.org/pipermail/kolab-users/2005-October/003582.html
Thorsten Schnebeck published the problem on kolab-users
Timeline
--------
20051014 Kolab Security Issue 04 published with incorrect obmtool.conf
20051020 Problem published on kolab-users mailing list
20051020 Problem confirmed and updated security advisory published
--
Email: thomas at intevation.de
http://intevation.de/~thomas/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.kolab.org/pipermail/users/attachments/20051020/358dfd6c/attachment.sig>
More information about the users
mailing list