-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Kolab Security Issue 16 20070724
================================
Package: Kolab Server, ClamAV
Vulnerability: denial of service
Kolab Specific: no
Dependent Packages: none
Summary
~~~~~~~
CVE-2007-3725
Metaeye Security Group discovered that ClamAV crashes
due to processing of
standard filters in RAR VM, while processing a corrupted
RAR file.
Kolab servers use the clamd daemon for filtering. While
Kolab Server 2.0
passes following mails without being scanned by ClamAV,
Kolab Server 2.1
falls back to using the command line clamscan utility
which significantly
increases processing overhead.
Affected Versions
~~~~~~~~~~~~~~~~~
This affects versions of ClamAV up to version 0.90.3.
Kolab Server 2.1.0 and previous releases of the 2.1 branch
are affected.
Kolab Server 2.0.4 and previous releases of the 2.0 branch
are affected.
Kolab Server 2.2-beta1 is affected.
Fix
~~~
Upgrade to ClamAV 0.91.1.
The ClamAV source RPM is available from the Kolab download
mirrors as:
security-updates/20070724/clamav-0.91.1-20070718_kolab.src.r
pm
A binary RPM for Kolab Server 2.1.0 (ix86 Debian GNU/Linux
Sarge) is available:
security-updates/20070724/clamav-0.91.1-20070718_kolab.ix86-
debian3.1-kolab.rpm
All other server versions: Please build from the src.rpm.
The mirrors are listed on http://kolab.org/mirror
s.html
While the mirrors are catching up, you can also get the
package via rsync:
# rsync -tvP
rsync://rsync.kolab.org/kolab/server/security-updates/200707
24/clamav-0.91.1-20070718_kolab.src.rpm .
# rsync -tvP
rsync://rsync.kolab.org/kolab/server/security-updates/200707
24/clamav-0.91.1-20070718_kolab.ix86-debian3.1-kolab.rpm .
MD5 sums:
4ed62987a0871b0d6ab7520e85fc3a25
clamav-0.91.1-20070718_kolab.src.rpm
aebbcde54deb366b0f7966f4c947b1de
clamav-0.91.1-20070718_kolab.ix86-debian3.1-kolab.rpm
The package can be installed on your Kolab Server with
# /kolab/bin/openpkg rpm --rebuild
clamav-0.91.1-20070718_kolab.src.rpm
# /kolab/bin/openpkg rpm
-Uvh
/kolab/RPM/PKG/clamav-0.91.1-20070718_kolab.<ARCH>-<
;OS>-kolab.rpm
# rm /kolab/etc/clamav/clamd.conf.rpmsave
# /kolab/bin/openpkg rc clamav restart
# su - kolab-r
$ freshclam
For Kolab Server 2.0.4 you have to copy the new
/kolab/etc/clamav/clamd.conf
to /kolab/etc/kolab/templates/clamd.conf.template so it will
not be
overwritten by kolabconf. Do NOT copy this file with Kolab
Server 2.1 or 2.2!
Details
~~~~~~~
http://sourceforge.net/project/shownotes.php?relea
se_id=522414
ClamAV 0.91 release notes
http://sourceforge.net/project/shownotes.php?relea
se_id=523634
ClamAV 0.91.1 release notes
http://www.sec
urityfocus.com/bid/24866
Multiple Vendors RAR Handling Remote Null Pointer
Dereference Vulnerability
(CVE-2007-3725)
http://www.metae
ye.org/advisories/54
Metaeye Security Group: Advisory and proof of concept
file.
Timeline
~~~~~~~~
20070711 ClamAV release 0.91.
20070711 OpenPKG 0.91 package release.
20070716 ClamAV release 0.91.1.
20070718 OpenPKG 0.91.1 package release.
20070724 Kolab Server security advisory published.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFGpd1eW7P1GVgWeRoRAtQ8AJ4i1X2oP3n7uLY2IjOftP3/XEWuVwCg
mJeI
2IFz/NljqvK4Xq/6JShCiAQ=
=okQi
-----END PGP SIGNATURE-----
--
thomas intevation.de - http://intevation.de/~t
homas/ - OpenPGP key: 0x5816791A
Intevation GmbH, Osnabrueck - Register: Amtsgericht
Osnabrueck, HR B 18998
Geschaeftsfuehrer: Frank Koormann, Bernhard Reiter, Dr.
Jan-Oliver Wagner
_______________________________________________
Kolab-users mailing list
Kolab-userskolab.org
https:
//kolab.org/mailman/listinfo/kolab-users
|