Kolab Security Issue 19 20080218 (clamav)

Thomas Arendsen Hein thomas at intevation.de
Mon Feb 18 18:28:30 CET 2008


Kolab Security Issue 19 20080218
================================

Package:              Kolab Server, ClamAV
Vulnerability:        various
Kolab Specific:       no
Dependent Packages:   none


Summary
~~~~~~~

CVE-2007-6595

    ClamAV 0.92 allows local users to overwrite arbitrary files via a symlink
    attack on (1) temporary files in the cli_gentempfd function in
    libclamav/others.c or on (2) .ascii files in sigtool, when utf16-decode is
    enabled.

CVE-2008-0318

    Integer overflow in libclamav in ClamAV before 0.92.1, as used in clamd,
    allows remote attackers to cause a denial of service and possibly execute
    arbitrary code via a crafted Petite packed PE file, which triggers a
    heap-based buffer overflow.

CVE-2008-0728

    libclamav/mew.c in libclamav in ClamAV before 0.92.1 has unknown impact
    and attack vectors that trigger "heap corruption."


Affected Versions
~~~~~~~~~~~~~~~~~

This affects versions of ClamAV up to version 0.92.
Kolab Server 2.1.0 and previous releases of the 2.1 branch are affected.
Kolab Server 2.0.4 and previous releases of the 2.0 branch are affected.
Kolab Server 2.2-rc1 and previous prereleases are affected.


Fix
~~~

Upgrade to ClamAV 0.92.1.

The ClamAV source RPM patched to be compilable with Kolab Server 2.1 and 2.0
is available from the Kolab download mirrors as:
security-updates/20080218/clamav-0.92.1-20080213_kolab.src.rpm

A binary RPM for Kolab Server 2.1.0 (ix86 Debian GNU/Linux Sarge) is available:
security-updates/20080218/clamav-0.92.1-20080213_kolab.ix86-debian3.1-kolab.rpm

All other server versions: Please build from the src.rpm.
For Kolab Server 2.2-rc1 the unmodified OpenPKG rpm can be used:
security-updates/20080218/clamav-0.92.1-20080213.src.rpm


The mirrors are listed on http://kolab.org/mirrors.html
While the mirrors are catching up, you can also get the package via rsync:
# rsync -tvP rsync://rsync.kolab.org/kolab/server/security-updates/20080218/clamav-0.92.1-20080213_kolab.src.rpm .
# rsync -tvP rsync://rsync.kolab.org/kolab/server/security-updates/20080218/clamav-0.92.1-20080213_kolab.ix86-debian3.1-kolab.rpm .
# rsync -tvP rsync://rsync.kolab.org/kolab/server/security-updates/20080218/clamav-0.92.1-20080213.src.rpm .

MD5 sums:
272ecc840ac8c322aa845e70b44917d6  clamav-0.92.1-20080213.src.rpm
1d787aa112cebf1788b1965ae22d5d30  clamav-0.92.1-20080213_kolab.ix86-debian3.1-kolab.rpm
09cb2442abbb333371874d9f60c0e439  clamav-0.92.1-20080213_kolab.src.rpm


The package can be installed on your Kolab Server with

# /kolab/bin/openpkg rpm --rebuild clamav-0.92.1-20080213_kolab.src.rpm
# /kolab/bin/openpkg rpm \
  -Uvh /kolab/RPM/PKG/clamav-0.92.1-20080213_kolab.<ARCH>-<OS>-kolab.rpm
# rm /kolab/etc/clamav/*.rpmsave
# /kolab/bin/openpkg rc clamav stop
# /kolab/bin/openpkg rc clamav start
# su - kolab-r
$ freshclam

For Kolab Server 2.0.4 you have to copy the new /kolab/etc/clamav/clamd.conf
to /kolab/etc/kolab/templates/clamd.conf.template so it will not be
overwritten by kolabconf. Do NOT copy this file with Kolab Server 2.1 or 2.2!


Details
~~~~~~~

http://sourceforge.net/project/shownotes.php?group_id=86638&release_id=575703
	ClamAV 0.92.1 release notes

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6595
	CVE-2007-6595

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0318
	CVE-2008-0318

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0728
	CVE-2008-0728


Timeline
~~~~~~~~
    20080211 ClamAV release 0.92.1.
    20080213 OpenPKG 0.92.1 package release.
    20080218 Kolab Server security advisory published.

-- 
thomas at intevation.de - http://intevation.de/~thomas/ - OpenPGP key: 0x5816791A
Intevation GmbH, Osnabrueck - Register: Amtsgericht Osnabrueck, HR B 18998
Geschaeftsfuehrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://lists.kolab.org/pipermail/users/attachments/20080218/ff9d10ee/attachment.sig>


More information about the users mailing list