'[Kolab-announce] Security Advisory 06 for Kolab Server'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kolab-announce
Subject:    [Kolab-announce] Security Advisory 06 for Kolab Server
From:       Bernhard Herzog <bh () intevation ! de>
Date:       2005-11-04 19:35:25
Message-ID: 200511042035.29582.bh () intevation ! de
[Download RAW message or body]


Kolab Security Issue 06 20051104
================================

Package:              Kolab Server
Vulnerability:        buffer overflow, DOS, remotely exploitable
Kolab Specific:       no
Dependent Packages:   none


Summary
-------

The Clam AntiVirus package contains a boundary condition error and fails
to handle exceptional conditions, which can be exploited remotely.


Affected Versions
-----------------

This affects all servers which have ClamAV 0.87 or earlier versions running.
Kolab Server 2.0.1 and previous releases of the 2.0 branch are affected.


Fixes
-----

Upgrade to ClamAV 0.87.1

A new ClamAV RPM is available from the Kolab download mirrors as
security-updates/20051104/clamav-0.87.1-20051104.src.rpm

A binary RPM for Debian woody (ix86) is available as
security-updates/clamav-0.87.1-20051104.ix86-debian3.0-kolab.rpm

The mirrors are listed on http://kolab.org/mirrors.html

While the mirrors are catching up, you can also get the package via rsync:
# rsync -tzv rsync://rsync.kolab.org/kolab/server/security-updates/20051104/clamav-0.87.1-20051104.src.rpm \
.


MD5 sums:
474c7e68feeec520fb2b0b95cb084482  clamav-0.87.1-20051104.ix86-debian3.0-kolab.rpm
13be516211e28fd9d861de051a3d0c17  clamav-0.87.1-20051104.src.rpm



This package can be installed on your Kolab Server with

# /kolab/bin/openpkg rpm --rebuild clamav-0.87.1-20051104.src.rpm
# /kolab/bin/openpkg rpm \
  -Uvh /kolab/RPM/PKG/clamav-0.87.1-20051104.<ARCH>-<OS>-kolab.rpm

The installation process will likely leave a freshclam.conf.rpmsave or
clamav.conf.rpmsave in /kolab/etc/clamav/.  Since freshclam.conf and
clamav.conf are generated files, remove the rpmsave files, run kolabconf
and make sure clamav starts.  E.g.

# rm /kolab/etc/clamav/clamav.conf.rpmsave
# /kolab/sbin/kolabconf
# /kolab/etc/rc clamav start

##optional
# /kolab/bin/freshclam


Details
-------

http://sourceforge.net/project/shownotes.php?release_id=368319
	ClamAV 0.87.1 release notes


Timeline
--------
    20051103 clamav vendor released combined security and functional update
    20051104 kolab update and security advisory published


[Attachment #3 (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic