-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Kolab Security Issue 05 20051020
================================

Package:              clamav
Vulnerability:        buffer overflow, DOS, remotely exploitable
Kolab Specific:       yes
Dependent Packages:   none


Summary
- -------

Thorsten Schnebeck informed us on the kolab-users mailing list that the
obmtool.conf file distributed with Kolab Security Issue 04 20051014 may
cause a downgrade of clamav to a vulnerable version.


Affected Versions
- -----------------

ClamAV-0.86.2 or earlier are affected.

You can check the installed version with:
/kolab/bin/openpkg rpm -q clamav


Fixes
- -----

Upgrade to ClamAV 0.87 again by following the instructions from
Kolab Security Issue 03 20050921, included here for convenience:

A new ClamAV RPM is available from the Kolab download mirrors as
security-updates/20050921/clamav-0.87-20050916.src.rpm

A binary RPM for Debian woody (ix86) is available as
security-updates/20050921/clamav-0.87-20050916.ix86-debian3.0-kolab.rpm

The mirrors are listed on http://kolab.org/mirrors.html


Details
- -------

http://kolab.org/security/kolab-vendor-notice-03.txt
	Kolab Security Issue 03 20050921

http://kolab.org/security/kolab-vendor-notice-04.txt
	Kolab Security Issue 04 20051014

http://kolab.org/pipermail/kolab-users/2005-October/003582.html
	Thorsten Schnebeck published the problem on kolab-users


Timeline
- --------
    20051014 Kolab Security Issue 04 published with incorrect obmtool.conf
    20051020 Problem published on kolab-users mailing list
    20051020 Problem confirmed and updated security advisory published

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDV8XDW7P1GVgWeRoRAprBAJ9dPi5lrXnOOawDv87dO4Cj6HWShQCffJAH
qz0Y+tXVu7KqTfhPstdTc6I=
=Pth1
-----END PGP SIGNATURE-----