LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page ClamAV users - if you are running < 0.95 it will be disabled next week
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 04-09-2010, 02:49 AM   #1
spampig
Member
 
Registered: Feb 2010
Location: /Earth/UK/England/Hampshire
Distribution: Debian, Ubuntu, CentOS, Slackware
Posts: 262
Blog Entries: 2

Rep: Reputation: 56
Exclamation ClamAV users - if you are running < 0.95 it will be disabled next week

http://lurker.clamav.net/message/201...7c287b.en.html

Quote:
Dear ClamAV users,

this is a reminder that starting from 15 April 2010 our CVD will contain
a special signature which disables all clamd installations older than
0.95 - that is to say older than 1 year.

We would like to keep on supporting all old versions of our engine, but
unfortunately this is no longer possible without causing a disservice to
people running a recent release of ClamAV.

For more information please refer to the original announcement:

http://lists.clamav.net/lurker/messa...7bbd20.en.html

Regards,
HTH anyone who is using an older engine to avoid the carnage of not updating next week :-)
 
Old 04-09-2010, 02:57 AM   #2
spampig
Member
 
Registered: Feb 2010
Location: /Earth/UK/England/Hampshire
Distribution: Debian, Ubuntu, CentOS, Slackware
Posts: 262

Original Poster
Blog Entries: 2

Rep: Reputation: 56
Just adding to that - there is a S/A out on Clam for Ubuntu users:

Quote:
===========================================================
Ubuntu Security Notice USN-926-1 April 08, 2010
clamav vulnerabilities
CVE-2010-0098
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.10:
libclamav6 0.95.3+dfsg-1ubuntu0.09.04~intrepid3

Ubuntu 9.04:
libclamav6 0.95.3+dfsg-1ubuntu0.09.04.1

Ubuntu 9.10:
libclamav6 0.95.3+dfsg-1ubuntu0.09.10.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that ClamAV did not properly verify its input when
processing CAB files. A remote attacker could send a specially crafted
CAB file to evade malware detection. (CVE-2010-0098)

It was discovered that ClamAV did not properly verify its input when
processing CAB files. A remote attacker could send a specially crafted
CAB file and cause a denial of service via application crash.
 
Old 04-09-2010, 08:35 AM   #3
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Thanks, I'll sticky this for a while to help get the word out.
 
Old 04-14-2010, 11:44 PM   #4
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Well, EOL should have been reached by now, so I'm unstickying this.
 
Old 04-16-2010, 05:46 AM   #5
Fredde87
Member
 
Registered: Aug 2005
Posts: 158

Rep: Reputation: 30
This came as a nice nasty surprise today! I am not too angry at Clam, I am more upset at Debian for not moving 0.95 into the stable repository before this date!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
is suid disabled from running all scripts or just from running them as root monsteriname Programming 2 09-05-2009 02:57 AM
Why clamav is running by itself ? frenchn00b Linux - General 2 04-16-2008 01:06 PM
Running Mailscanner with sendmail, spamassassin and ClamAV the_gripmaster Linux - Software 0 07-19-2007 10:05 AM
LXer: Open Letter: How the FOSS Community May Help Disabled Users LXer Syndicated Linux News 0 04-22-2006 06:21 PM
clamav users: virusdbase update help ic_torres Linux - Software 2 01-15-2006 11:07 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:21 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration