Clam Anti-Virus ClamAV TNEF File Handling Denial Of Service Vulnerability

Clam Anti-Virus ClamAV TNEF File Handling Denial Of Service Vulnerability

Solution:
Gentoo has released advisory GLSA 200511-04 to address this issue. Gentoo updates may be applied by running the following commands as the superuser:

emerge --sync
emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.87.1"

Debian GNU/Linux has released advisory DSA 887-1 to address this, and other issues in ClamAV. Please see the referenced advisory for further information.

Mandriva Linux has released security advisory MDKSA-2005:205 with fixes addressing this and other issues. Users are advised to see the referenced advisory for details on obtaining and applying the appropriate updates.

Conectiva Linux has released security advisory CLSA-2005:1044 addressing this issue. Please see the referenced advisory for details on obtaining and applying the appropriate updates.

The vendor has released version 0.87.1 of ClamAV to address this issue:

Clam Anti-Virus ClamAV 0.51

Clam Anti-Virus clamav-0.87.1.tar.gz
http://prdownloads.sourceforge.net/clamav/clamav-0.87.1.tar.gz?downloa d

Clam Anti-Virus ClamAV 0.52

Clam Anti-Virus clamav-0.87.1.tar.gz
http://prdownloads.sourceforge.net/clamav/clamav-0.87.1.tar.gz?downloa d

Clam Anti-Virus ClamAV 0.53

Clam Anti-Virus clamav-0.87.1.tar.gz
http://prdownloads.sourceforge.net/clamav/clamav-0.87.1.tar.gz?downloa d

Clam Anti-Virus ClamAV 0.54

Clam Anti-Virus clamav-0.87.1.tar.gz
http://prdownloads.sourceforge.net/clamav/clamav-0.87.1.tar.gz?downloa d

Clam Anti-Virus ClamAV 0.60

Clam Anti-Virus clamav-0.87.1.tar.gz
http://prdownloads.sourceforge.net/clamav/clamav-0.87.1.tar.gz?downloa d

Clam Anti-Virus ClamAV 0.65

Clam Anti-Virus clamav-0.87.1.tar.gz
http://prdownloads.sourceforge.net/clamav/clamav-0.87.1.tar.gz?downloa d

Clam Anti-Virus ClamAV 0.67

Clam Anti-Virus clamav-0.87.1.tar.gz
http://prdownloads.sourceforge.net/clamav/clamav-0.87.1.tar.gz?downloa d

Clam Anti-Virus ClamAV 0.68

Clam Anti-Virus clamav-0.87.1.tar.gz
http://prdownloads.sourceforge.net/clamav/clamav-0.87.1.tar.gz?downloa d

Clam Anti-Virus ClamAV 0.68 -1

Clam Anti-Virus clamav-0.87.1.tar.gz
http://prdownloads.sourceforge.net/clamav/clamav-0.87.1.tar.gz?downloa d

Clam Anti-Virus ClamAV 0.70

Clam Anti-Virus clamav-0.87.1.tar.gz
http://prdownloads.sourceforge.net/clamav/clamav-0.87.1.tar.gz?downloa d

Clam Anti-Virus ClamAV 0.75.1

Clam Anti-Virus clamav-0.87.1.tar.gz
http://prdownloads.sourceforge.net/clamav/clamav-0.87.1.tar.gz?downloa d

Mandriva clamav-0.87.1-0.1.101mdk.i586.rpm
Mandriva Linux 10.1:
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva clamav-0.87.1-0.1.101mdk.x86_64.rpm
Mandriva Linux 10.1/X86_64:
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva clamav-db-0.87.1-0.1.101mdk.i586.rpm
Mandriva Linux 10.1:
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva clamav-db-0.87.1-0.1.101mdk.x86_64.rpm
Mandriva Linux 10.1/X86_64:
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva clamav-milter-0.87.1-0.1.101mdk.i586.rpm
Mandriva Linux 10.1:
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva clamav-milter-0.87.1-0.1.101mdk.x86_64.rpm
Mandriva Linux 10.1/X86_64:
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva clamd-0.87.1-0.1.101mdk.i586.rpm
Mandriva Linux 10.1:
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva clamd-0.87.1-0.1.101mdk.x86_64.rpm
Mandriva Linux 10.1/X86_64:
http://www1.mandrivalinux.com/en/ftp.php3

Clam Anti-Virus ClamAV 0.80 rc4

Clam Anti-Virus clamav-0.87.1.tar.gz
http://prdownloads.sourceforge.net/clamav/clamav-0.87.1.tar.gz?downloa d

Clam Anti-Virus ClamAV 0.80

Clam Anti-Virus clamav-0.87.1.tar.gz
http://prdownloads.sourceforge.net/clamav/clamav-0.87.1.tar.gz?downloa d

Clam Anti-Virus ClamAV 0.80 rc3

Clam Anti-Virus clamav-0.87.1.tar.gz
http://prdownloads.sourceforge.net/clamav/clamav-0.87.1.tar.gz?downloa d

Clam Anti-Virus ClamAV 0.80 rc1

Clam Anti-Virus clamav-0.87.1.tar.gz
http://prdownloads.sourceforge.net/clamav/clamav-0.87.1.tar.gz?downloa d

Clam Anti-Virus ClamAV 0.80 rc2

Clam Anti-Virus clamav-0.87.1.tar.gz
http://prdownloads.sourceforge.net/clamav/clamav-0.87.1.tar.gz?downloa d

Clam Anti-Virus ClamAV 0.81

Clam Anti-Virus clamav-0.87.1.tar.gz
http://prdownloads.sourceforge.net/clamav/clamav-0.87.1.tar.gz?downloa d

Clam Anti-Virus ClamAV 0.82

Clam Anti-Virus clamav-0.87.1.tar.gz
http://prdownloads.sourceforge.net/clamav/clamav-0.87.1.tar.gz?downloa d

Clam Anti-Virus ClamAV 0.83

Clam Anti-Virus clamav-0.87.1.tar.gz
http://prdownloads.sourceforge.net/clamav/clamav-0.87.1.tar.gz?downloa d

Mandriva clamav-0.87.1-0.1.102mdk.i586.rpm
Mandriva Linux 10.2:
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva clamav-0.87.1-0.1.102mdk.x86_64.rpm
Mandriva Linux 10.2/X86_64:
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva clamav-db-0.87.1-0.1.102mdk.i586.rpm
Mandriva Linux 10.2:
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva clamav-db-0.87.1-0.1.102mdk.x86_64.rpm
Mandriva Linux 10.2/X86_64:
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva clamav-milter-0.87.1-0.1.102mdk.i586.rpm
Mandriva Linux 10.2:
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva clamav-milter-0.87.1-0.1.102mdk.x86_64.rpm
Mandriva Linux 10.2/X86_64:
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva clamd-0.87.1-0.1.102mdk.i586.rpm
Mandriva Linux 10.2:
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva clamd-0.87.1-0.1.102mdk.x86_64.rpm
Mandriva Linux 10.2/X86_64:
http://www1.mandrivalinux.com/en/ftp.php3

Clam Anti-Virus ClamAV 0.84

Clam Anti-Virus clamav-0.87.1.tar.gz
http://prdownloads.sourceforge.net/clamav/clamav-0.87.1.tar.gz?downloa d

Debian clamav-base_0.84-2.sarge.6_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.84 -2.sarge.6_all.deb

Debian clamav-daemon_0.84-2.sarge.6_alpha.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0. 84-2.sarge.6_alpha.deb

Debian clamav-daemon_0.84-2.sarge.6_arm.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0. 84-2.sarge.6_arm.deb

Debian clamav-daemon_0.84-2.sarge.6_hppa.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0. 84-2.sarge.6_hppa.deb

Debian clamav-daemon_0.84-2.sarge.6_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0. 84-2.sarge.6_i386.deb

Debian clamav-daemon_0.84-2.sarge.6_ia64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0. 84-2.sarge.6_ia64.deb

Debian clamav-daemon_0.84-2.sarge.6_m68k.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0. 84-2.sarge.6_m68k.deb

Debian clamav-daemon_0.84-2.sarge.6_mips.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0. 84-2.sarge.6_mips.deb

Debian clamav-daemon_0.84-2.sarge.6_mipsel.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0. 84-2.sarge.6_mipsel.deb

Debian clamav-daemon_0.84-2.sarge.6_powerpc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0. 84-2.sarge.6_powerpc.deb

Debian clamav-daemon_0.84-2.sarge.6_s390.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0. 84-2.sarge.6_s390.deb

Debian clamav-daemon_0.84-2.sarge.6_sparc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0. 84-2.sarge.6_sparc.deb

Debian clamav-freshclam_0.84-2.sarge.6_alpha.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam _0.84-2.sarge.6_alpha.deb

Debian clamav-freshclam_0.84-2.sarge.6_amd64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam _0.84-2.sarge.6_amd64.deb

Debian clamav-freshclam_0.84-2.sarge.6_arm.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam _0.84-2.sarge.6_arm.deb

Debian clamav-freshclam_0.84-2.sarge.6_hppa.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam _0.84-2.sarge.6_hppa.deb

Debian clamav-freshclam_0.84-2.sarge.6_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam _0.84-2.sarge.6_i386.deb

Debian clamav-freshclam_0.84-2.sarge.6_ia64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam _0.84-2.sarge.6_ia64.deb

Debian clamav-freshclam_0.84-2.sarge.6_m68k.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam _0.84-2.sarge.6_m68k.deb

Debian clamav-freshclam_0.84-2.sarge.6_mips.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam _0.84-2.sarge.6_mips.deb

Debian clamav-freshclam_0.84-2.sarge.6_mipsel.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam _0.84-2.sarge.6_mipsel.deb

Debian clamav-freshclam_0.84-2.sarge.6_powerpc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam _0.84-2.sarge.6_powerpc.deb

Debian clamav-freshclam_0.84-2.sarge.6_s390.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam _0.84-2.sarge.6_s390.deb

Debian clamav-freshclam_0.84-2.sarge.6_sparc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam _0.84-2.sarge.6_sparc.deb

Debian clamav-milter_0.84-2.sarge.6_amd64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0. 84-2.sarge.6_amd64.deb

Debian clamav-milter_0.84-2.sarge.6_arm.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0. 84-2.sarge.6_arm.deb

Debian clamav-milter_0.84-2.sarge.6_hppa.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0. 84-2.sarge.6_hppa.deb

Debian clamav-milter_0.84-2.sarge.6_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0. 84-2.sarge.6_i386.deb

Debian clamav-milter_0.84-2.sarge.6_ia64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0. 84-2.sarge.6_ia64.deb

Debian clamav-milter_0.84-2.sarge.6_m68k.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0. 84-2.sarge.6_m68k.deb

Debian clamav-milter_0.84-2.sarge.6_mips.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0. 84-2.sarge.6_mips.deb

Debian clamav-milter_0.84-2.sarge.6_mipsel.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0. 84-2.sarge.6_mipsel.deb

Debian clamav-milter_0.84-2.sarge.6_powerpc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0. 84-2.sarge.6_powerpc.deb

Debian clamav-milter_0.84-2.sarge.6_s390.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0. 84-2.sarge.6_s390.deb

Debian clamav-milter_0.84-2.sarge.6_sparc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0. 84-2.sarge.6_sparc.deb

Debian clamav_0.84-2.sarge.6_alpha.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sa rge.6_alpha.deb

Debian clamav_0.84-2.sarge.6_amd64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sa rge.6_amd64.deb

Debian clamav_0.84-2.sarge.6_arm.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sa rge.6_arm.deb

Debian clamav_0.84-2.sarge.6_hppa.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sa rge.6_hppa.deb

Debian clamav_0.84-2.sarge.6_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sa rge.6_i386.deb

Debian clamav_0.84-2.sarge.6_ia64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sa rge.6_ia64.deb

Debian clamav_0.84-2.sarge.6_m68k.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sa rge.6_m68k.deb

Debian clamav_0.84-2.sarge.6_mips.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sa rge.6_mips.deb

Debian clamav_0.84-2.sarge.6_mipsel.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sa rge.6_mipsel.deb

Debian clamav_0.84-2.sarge.6_powerpc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sa rge.6_powerpc.deb

Debian clamav_0.84-2.sarge.6_s390.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sa rge.6_s390.deb

Debian clamav_0.84-2.sarge.6_sparc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sa rge.6_sparc.deb

Clam Anti-Virus ClamAV 0.84 rc1

Clam Anti-Virus clamav-0.87.1.tar.gz
http://prdownloads.sourceforge.net/clamav/clamav-0.87.1.tar.gz?downloa d

Clam Anti-Virus ClamAV 0.84 rc2

Clam Anti-Virus clamav-0.87.1.tar.gz
http://prdownloads.sourceforge.net/clamav/clamav-0.87.1.tar.gz?downloa d

Debian clamav-docs_0.84-2.sarge.6_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.84 -2.sarge.6_all.deb

Debian clamav-milter_0.84-2.sarge.6_alpha.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0. 84-2.sarge.6_alpha.deb

Debian clamav-testfiles_0.84-2.sarge.6_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles _0.84-2.sarge.6_all.deb

Clam Anti-Virus ClamAV 0.85

Clam Anti-Virus clamav-0.87.1.tar.gz
http://prdownloads.sourceforge.net/clamav/clamav-0.87.1.tar.gz?downloa d

Clam Anti-Virus ClamAV 0.85.1

Clam Anti-Virus clamav-0.87.1.tar.gz
http://prdownloads.sourceforge.net/clamav/clamav-0.87.1.tar.gz?downloa d

Conectiva clamav-0.87.1-70136U10_12cl.i386.rpm
Conectiva 10.0
ftp://atualizacoes.conectiva.com.br/10/RPMS/clamav-0.87.1-70136U10_12c l.i386.rpm

Conectiva clamav-database-0.87.1.20050625-70136U10_12cl.i386.rpm
Conectiva 10.0
ftp://atualizacoes.conectiva.com.br/10/RPMS/clamav-database-0.87.1.200 50625-70136U10_12cl.i386.rpm

Conectiva libclamav-devel-0.87.1-70136U10_12cl.i386.rpm
Conectiva 10.0
ftp://atualizacoes.conectiva.com.br/10/RPMS/libclamav-devel-0.87.1-701 36U10_12cl.i386.rpm

Conectiva libclamav-devel-static-0.87.1-70136U10_12cl.i386.rpm
Conectiva 10.0
ftp://atualizacoes.conectiva.com.br/10/RPMS/libclamav-devel-static-0.8 7.1-70136U10_12cl.i386.rpm

Conectiva libclamav1-0.87.1-70136U10_12cl.i386.rpm
Conectiva 10.0
ftp://atualizacoes.conectiva.com.br/10/RPMS/libclamav1-0.87.1-70136U10 _12cl.i386.rpm

Clam Anti-Virus ClamAV 0.86 .1

Clam Anti-Virus clamav-0.87.1.tar.gz
http://prdownloads.sourceforge.net/clamav/clamav-0.87.1.tar.gz?downloa d

Clam Anti-Virus ClamAV 0.86

Clam Anti-Virus clamav-0.87.1.tar.gz
http://prdownloads.sourceforge.net/clamav/clamav-0.87.1.tar.gz?downloa d

Clam Anti-Virus ClamAV 0.86.2

Clam Anti-Virus clamav-0.87.1.tar.gz
http://prdownloads.sourceforge.net/clamav/clamav-0.87.1.tar.gz?downloa d

Clam Anti-Virus ClamAV 0.87

Clam Anti-Virus clamav-0.87.1.tar.gz
http://prdownloads.sourceforge.net/clamav/clamav-0.87.1.tar.gz?downloa d

Mandriva clamav-0.87.1-0.1.20060mdk.i586.rpm
Mandriva Linux 2006.0:
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva clamav-0.87.1-0.1.20060mdk.x86_64.rpm
Mandriva Linux 2006.0/X86_64:
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva clamav-db-0.87.1-0.1.20060mdk.i586.rpm
Mandriva Linux 2006.0:
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva clamav-db-0.87.1-0.1.20060mdk.x86_64.rpm
Mandriva Linux 2006.0/X86_64:
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva clamav-milter-0.87.1-0.1.20060mdk.i586.rpm
Mandriva Linux 2006.0:
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva clamav-milter-0.87.1-0.1.20060mdk.x86_64.rpm
Mandriva Linux 2006.0/X86_64:
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva clamd-0.87.1-0.1.20060mdk.i586.rpm
Mandriva Linux 2006.0:
http://www1.mandrivalinux.com/en/ftp.php3

Mandriva clamd-0.87.1-0.1.20060mdk.x86_64.rpm
Mandriva Linux 2006.0/X86_64:
http://www1.mandrivalinux.com/en/ftp.php3