-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Kolab Security Issue 03 20050921 ================================ Package: Kolab Server Vulnerability: buffer overflow, DOS, remotely exploitable Kolab Specific: no Dependent Packages: none Summary - ------- The Clam AntiVirus package contains a boundary condition error and fails to handle exceptional conditions, which can be exploited remotely. Affected Versions - ----------------- This affects all servers which have ClamAV 0.86.2 or earlier versions running. Kolab Server 2.0.1 and previous releases of the 2.0 branch are affected. Fixes - ----- Upgrade to ClamAV 0.87. A new ClamAV RPM is available from the Kolab download mirrors as security-updates/20050921/clamav-0.87-20050916.src.rpm A binary RPM for Debian woody (ix86) is available as security-updates/20050921/clamav-0.87-20050916.ix86-debian3.0-kolab.rpm The mirrors are listed on http://kolab.org/mirrors.html While the mirrors are catching up, you can also get the package via rsync: # rsync -tzv rsync://rsync.kolab.org/kolab/server/security-updates/20050921/clamav-0.87-20050916.src.rpm . This package can be installed on your Kolab Server with # /kolab/bin/openpkg rpm --rebuild clamav-0.87-20050916.src.rpm # /kolab/bin/openpkg rpm \ -Uvh /kolab/RPM/PKG/clamav-0.87-20050916.--kolab.rpm A new /kolab/etc/clamav/clamav.conf will probably be written, remove the clamav.conf.rpmsave file, run kolabconf and make sure clamav starts: # rm /kolab/etc/clamav/clamav.conf # /kolab/sbin/kolabconf # /kolab/etc/rc clamav start ##optional # /kolab/bin/freshclam Details - ------- http://www.securityfocus.com/bid/14866 ClamAV UPX Compressed Executable Buffer Overflow Vulnerability http://www.securityfocus.com/bid/14867 ClamAV FSG Compressed Executable Infinite Loop DOS Vulnerability Timeline - -------- 20050916 clamav vendor released combined security and functional update 20050921 kolab update and security advisory published -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDMYl6W7P1GVgWeRoRAo6iAJ0ZndefDteZzd7ttmDXNQKLe/G3wgCgjjHN evPGzFN7HEX+9fuLWreb2rU= =IiNI -----END PGP SIGNATURE-----