-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Kolab Security Issue 02 20050727
================================

Package:	      Kolab Server
Vulnerability:        buffer overflow, remotely exploitable
Kolab Specific:       no
Dependent Packages:   none


Summary
- -------

The Clam AntiVirus package contains several buffer overflows that can be
exploited remotely.


Affected Versions
- -----------------

This affects all servers which have ClamAV 0.86.1 or earlier versions running.
Kolab Server 2.0 and previous releases of the 2.0 branch are affected.


Fixes
- -----

Upgrade to ClamAV 0.86.2.

A new ClamAV RPM is available from the Kolab download mirrors as the
file security-updates/20050727/clamav-0.86.2-20050726.src.rpm
The mirrors are listed on http://kolab.org/mirrors.html

While the mirrors are catching up, you can also get the package via rsync:
# rsync -tzv rsync://rsync.kolab.org/kolab/server/security-updates/20050727/clamav-0.86.2-20050726.src.rpm .


This package can be installed on your Kolab Server with

# /kolab/bin/openpkg rpm --rebuild clamav-0.86.2-20050726.src.rpm
# /kolab/bin/openpkg rpm \
 -Uvh /kolab/RPM/PKG/clamav-0.86.2-20050726.<ARCH>-<OS>-kolab.rpm

##optional
# /kolab/bin/freshclam


Details
- -------

http://www.securityfocus.com/bid/14359
	the vulnerabilities present themselves when 
	the ClamAV antivirus library handles malformed files. 

Details of the vulnerability can be found in
http://www.rem0te.com/public/images/clamav.pdf

	At least 4 of its file format processors contain remote security bugs.
	Specifically, during the processing of TNEF, CHM, & FSG 
	formats an attacker is able to trigger several integer overflows 

	These vulnerabilities can be reached by default 
	and triggered without user interaction 
	by sending an e-mail containing crafted data.


Timeline
- --------
    20050725 clamav vulnerability published by rem0te
    20050727 kolab update and security advisory published
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFC55W50vCiU5+ISsgRAuRRAJwPMHzzXu0FwB9GeEv6kq3WOBqvdwCeLKot
d85iJsTD7wjyY+ebkIzklQk=
=NPAR
-----END PGP SIGNATURE-----