Bug#578003: dependancy on libclamav5 disables AV scanning

2010-04-15 Thread Jim Thomas 
Package: dansguardian
Version: 2.9.9.4-1+lenny1+b1
Severity: important

When using clamav as the AV content filter, dansguardin fails to start.

Dansguardian depends on libclamav5, which is v0.94 on lenny.
Security support for this has been discontinued.
  http://lists.debian.org/debian-security-announce/2009/msg00228.html

Programs depending on clamav v0.94 have stopped working since 15 April.
  http://lists.clamav.net/lurker/message/20091006.143601.d27bbd20.en.html

dansguardian needs to depend on libclamav6 which is v0.95
and available in volatile.

This has been fixed in a later version, bug 524688, but is not in lenny.

See also http://lists.debian.org/debian-release/2010/04/msg00110.html

Starting dansguardian now with clamav as the AV content filter:

  # /etc/init.d/dansguardian restart
  Restarting DansGuardian: Restarting DansGuardian: :LibClamAV Warning: 
***
  LibClamAV Warning: ***  This version of the ClamAV engine is outdated. ***
  LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/support/faq ***
  LibClamAV Warning: ***
  LibClamAV Error: cli_hex2str(): Malformed hexstring: This ClamAV version has 
reached End of Life! Please upgrade to version 0.95 or later. For more 
information see  www.clamav.net/eol-clamav-094 and www.clamav.net/download 
(length: 169)
  LibClamAV Error: Problem parsing database at line 742
  LibClamAV Error: Can't load daily.ndb: Malformed database
  LibClamAV Error: cli_tgzload: Can't load daily.ndb
  LibClamAV Error: Can't load /var/lib/clamav//daily.cld: Malformed database
  Error loading clamav db: Malformed database
  Content scanner plugin init returned error value: -1
  Error loading CS plugins
  Error parsing the dansguardian.conf file or other DansGuardian configuration 
files
   failed!

Disabling the av content filter allows dansguardian to start.

Regards, Jim

-- System Information:
Debian Release: 5.0.4
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-2-686 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ISO-8859-1) (ignored: LC_ALL set to en_AU)
Shell: /bin/sh linked to /bin/bash

Versions of packages dansguardian depends on:
ii  adduser  3.110   add and remove users and groups
ii  clamav   0.95.3+dfsg-1~volatile1 anti-virus utility for Unix - comm
ii  libbz2-1.0   1.0.5-1 high-quality block-sorting file co
ii  libc62.7-18lenny2GNU C Library: Shared libraries
ii  libclamav5   0.94.dfsg.2-1lenny2 anti-virus utility for Unix - libr
ii  libgcc1  1:4.3.2-1.1 GCC support library
ii  libgmp3c22:4.2.2+dfsg-3  Multiprecision arithmetic library
ii  libpcre3 7.6-2.1 Perl 5 Compatible Regular Expressi
ii  libstdc++6   4.3.2-1.1   The GNU Standard C++ Library v3
ii  perl 5.10.0-19lenny2 Larry Wall's Practical Extraction 
ii  zlib1g   1:1.2.3.3.dfsg-12   compression library - runtime

dansguardian recommends no packages.

Versions of packages dansguardian suggests:
ii  clamav-freshclam 0.95.3+dfsg-1~volatile1 anti-virus utility for Unix - viru
ii  squid2.7.STABLE3-4.1lenny1   Internet object cache (WWW proxy c

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#574182: apache-overflows.conf filter does not catch an exploit attempt

2010-03-16 Thread Jim Thomas 
Package: fail2ban
Version: 0.8.3-2sid1
Severity: normal

I have been getting entries like these in /var/log/apache2/error.log:

[Tue Mar 16 15:39:29 2010] [error] [client 58.179.109.179] Invalid URI in 
request \xf9h\xa9\xf3\x88\x8cXKj 
\xbf-l*4\x87n\xe4\xfe\xd4\x1d\x06\x8c\xf8m\\rS\xf6n\xeb\x8
[Mon Mar 15 15:44:47 2010] [error] [client 121.222.2.133] Invalid URI in 
request 
n\xed*\xbe*\xab\xefd\x80\xb5\xae\xf6\x01\x10M?\xf2\xce\x13\x9c\xd7\xa0N\xa7\xdb%0\xde\xe0\xfc\xd2\xa0\xfe\xe9w\xee\xc4`v\x9b[{\x0c:\xcb\x93\xc6\xa0\x93\x9c`l\\\x8d\xc9

They would be caught if filter.d/apache-overflows.conf was altered, e.g.:

--- apache-overflows.conf   2010-03-17 09:01:48.0 +1100
+++ apache-overflows.conf.new   2010-03-17 09:02:36.0 +1100
@@ -11,7 +11,7 @@
 # Notes.:  Regexp to catch Apache overflow attempts.
 # Values:  TEXT
 #
-failregex = [[]client []] (Invalid method in request|request failed: URI 
too long|erroneous characters after protocol string)
+failregex = [[]client []] (Invalid (method|URI) in request|request 
failed: URI too long|erroneous characters after protocol string)
 
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.


I'm not sure if this would lead to false positives, but this attack is active.

Entries that do not have shellcode in them:
[Mon Jan 11 03:52:47 2010] [error] [client 219.80.23.234] Invalid URI in 
request GET HTTP/1.1 HTTP/1.1
[Mon Feb 15 00:21:11 2010] [error] [client 113.240.255.158] Invalid URI in 
request GET  HTTP/1.1

Regards, Jim

-- System Information:
Debian Release: 5.0.4
  APT prefers stable
  APT policy: (990, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-2-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C (charmap=ISO-8859-1) (ignored: LC_ALL set to en_AU)
Shell: /bin/sh linked to /bin/bash

Versions of packages fail2ban depends on:
ii  lsb-base  3.2-20 Linux Standard Base 3.2 init scrip
ii  python2.5.2-3An interactive high-level object-o
ii  python-central0.6.8  register and build utility for Pyt

Versions of packages fail2ban recommends:
ii  iptables  1.4.2-6administration tools for packet fi
ii  whois 4.7.30 an intelligent whois client

Versions of packages fail2ban suggests:
ii  bsd-mailx [mailx]  8.1.2-0.20071201cvs-3 A simple mail user agent
ii  mailx  1:20071201-3  Transitional package for mailx ren
pn  python-gamin   (no description available)

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#484464: glibc detected double free or corruption

2008-06-04 Thread Jim Thomas 
Package: xsane
Version: 0.995-3
Severity: normal


Backend epkowa:libusb from libsane-extras v1.0.19.7 after several scans,
towards the end of a scanning session, possibly at exit, the following
message was emitted by xsane:

  *** glibc detected *** xsane: double free or corruption (!prev): 0x0818ea30 
***
  xsane: browser.c:703: avahi_service_browser_free: Assertion `*_head ==_item' 
failed.


Different backends: 

Backend epson:libusb, after one scan on exit is this messsage:
  xsane: browser.c:703: avahi_service_browser_free: Assertion `*_head ==_item' 
failed.

Backend epson2:libusb, after one scan on exit is this messsage:
  Segmentation fault

Apart from this, scanning is functioning as expected.  I am reporting
this as a found memory allocation bug can be useful.

Please let me know if you would like me to do any extra tests or give
more information.

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 
'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.24.7 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=en_AU, LC_CTYPE=en_AU (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash

Versions of packages xsane depends on:
ii  libatk1.0-01.22.0-1  The ATK accessibility toolkit
ii  libc6  2.7-11GNU C Library: Shared libraries
ii  libcairo2  1.6.4-3   The Cairo 2D vector graphics libra
ii  libgimp2.0 2.4.5-1+b2Libraries for the GNU Image Manipu
ii  libglib2.0-0   2.16.3-2  The GLib library of C routines
ii  libgtk2.0-02.12.9-4  The GTK+ graphical user interface 
ii  libjpeg62  6b-14 The Independent JPEG Group's JPEG 
ii  liblcms1   1.16-10   Color management library
ii  libpango1.0-0  1.20.2-2  Layout and rendering of internatio
ii  libpng12-0 1.2.27-1  PNG library - runtime
ii  libsane1.0.19-10 API library for scanners
ii  libtiff4   3.8.2-8   Tag Image File Format (TIFF) libra
ii  xsane-common   0.995-3   featureful graphical frontend for 
ii  zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime

Versions of packages xsane recommends:
ii  elinks [www-browser] 0.11.3-8advanced text-mode WWW browser
ii  iceape-browser [www- 1.1.9-5 Iceape Navigator (Internet browser
ii  iceweasel [www-brows 2.0.0.14-2  lightweight web browser based on M
ii  konqueror [www-brows 4:3.5.9.dfsg.1-2+b1 KDE's advanced file manager, web b
ii  lynx [www-browser]   2.8.6-2 Text-mode WWW Browser

-- no debconf information



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#434598: op-panel: Cannot be uninstalled

2007-08-31 Thread Jim Thomas 
I have reproduced the problem consistently.  

Remove asterisk, destar, op-panel.  Edited transcript follows.

# aptitude install destar
The following NEW packages will be automatically installed:
  asterisk asterisk-config asterisk-sounds-main libct3 libiksemel3
  libpri1.0 libradiusclient-ng2 libtonezone1 op-panel python-medusa
  python-pychart python-pysqlite2 python-quixote1
...

# aptitude remove destar
The following packages are unused and will be REMOVED:
  asterisk asterisk-config asterisk-sounds-main libct3 libiksemel3
  libpri1.0 libradiusclient-ng2 libtonezone1 op-panel python-medusa
  python-pychart python-pysqlite2 python-quixote1
The following packages will be REMOVED:
  destar
...
Removing libtonezone1 ...
Removing op-panel ...
No alternatives for op-panel.
dpkg: error processing op-panel (--remove):
 subprocess pre-removal script returned error exit status 1
Starting Flash Operator Panel: op-panelprocess already running.
.
Removing python-medusa ...
...
Errors were encountered while processing:
 op-panel
E: Sub-process /usr/bin/dpkg returned an error code (1)
A package failed to install.  Trying to recover:
...

# vi /var/lib/dpkg/info/op-panel.prerm
  [comment out update-alternatives]

# aptitude remove destar
[works fine]

If you need the full transcript please let me know.

Regards, Jim


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#434598: op-panel: Cannot be uninstalled

2007-08-30 Thread Jim Thomas 
The problem is with the 
  update-alternatives --remove-all op-panel
line in /var/lib/dpkg/info/op-panel.prerm

"set -x" added to /var/lib/dpkg/info/op-panel.prerm:

  # aptitude remove op-panel
  [snip]
  The following packages will be REMOVED:
op-panel 
  0 packages upgraded, 0 newly installed, 1 to remove and 0 not upgraded.
  Need to get 0B of archives. After unpacking 1143kB will be freed.
  Writing extended state information... Done
  (Reading database ... 236843 files and directories currently
  installed.)
  Removing op-panel ...
  + case "$1" in
  + update-alternatives --remove-all op-panel
  No alternatives for op-panel.
  dpkg: error processing op-panel (--remove):
   subprocess pre-removal script returned error exit status 1

Commenting out "update-alternatives --remove-all op-panel" allowed
package removal.

Installing and subsequently removing op-panel is now ok.

Possibly that line needs modification.

Regards, Jim


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#434598: op-panel: Cannot be uninstalled

2007-08-09 Thread Jim Thomas 
This is happening here too.  op-panel 0.27.dfsg-1, unstable dist.
I installed asterisk and destar to experiment, then removed them.
op-panel will not uninistall.

# aptitude remove op-panel
Reading package lists... Done
Building dependency tree   
Reading state information... Done
Reading extended state information   
Initializing package states... Done
Building tag database... Done  
The following packages will be REMOVED:
  op-panel 
0 packages upgraded, 0 newly installed, 1 to remove and 0 not upgraded.
Need to get 0B of archives. After unpacking 1143kB will be freed.
Writing extended state information... Done
(Reading database ... 228474 files and directories currently installed.)
Removing op-panel ...
No alternatives for op-panel.
dpkg: error processing op-panel (--remove):
 subprocess pre-removal script returned error exit status 1
Starting Flash Operator Panel: op-panel.
Errors were encountered while processing:
 op-panel
E: Sub-process /usr/bin/dpkg returned an error code (1)
A package failed to install.  Trying to recover:
Reading package lists... Done 
Building dependency tree   
Reading state information... Done
Reading extended state information   
Initializing package states... Done
Building tag database... Done  

(aptitude install op-panel)

# dpkg --purge op-panel
(Reading database ... 228474 files and directories currently installed.)
Removing op-panel ...
No alternatives for op-panel.
dpkg: error processing op-panel (--purge):
 subprocess pre-removal script returned error exit status 1
Starting Flash Operator Panel: op-panel.
Errors were encountered while processing:
 op-panel

Regards, Jim


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#329442: segfault with imap host completion

2007-02-07 Thread Jim Thomas 
On Mon, Jan 29, 2007 at 06:38:27PM +0100, Christoph Berg wrote:
> Hi Nico, hi Jim,
> 
> #329442 is marked as still present in unstable. Mutt doesn't crash
> here, but then I don't use IMAP regularly (yet). Could you please try
> this again and tell me if the tab completion now works?

Hi Christoph,

I do not get a segfault with the version that I have installed.
(mutt 1.5.13-1.1)

I don't' use it for imap now, so I am not sure how well it works for tab
completion, but it doesn't crash the way it did then.

Regards, Jim


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#329442: fixed in mutt 1.5.11-1

2005-10-18 Thread Jim Thomas 
Package: mutt
Version: 1.5.11-2

On Sun, Sep 25, 2005 at 02:32:12PM -0700, Adeodato Simó wrote:
> Source: mutt
> Source-Version: 1.5.11-1
> 
> We believe that the bug you reported is fixed in the latest version of
> mutt, which is due to be installed in the Debian FTP archive:
> 
> ...
>
> Thank you for reporting the bug, which will now be closed.  If you
> have further comments please address them to [EMAIL PROTECTED],
> and the maintainer will reopen the bug report if appropriate.
> 
> ...
>
>  + does not segfault with IMAP folder completion. (Closes: #329442)

I am not sure if this is a regression, I get this with mutt 1.5.11-2:

Index mode, changing folder:

  [c]imap://host.name/[tab]Segmentation fault

problem occurs:
- before an imap connection is established or after
- with no network activity generated apart from tearing down the 
  connection on exit if it was up
- every time
- on different machines with the same software versions
- with imap:// and imaps://
- with no .muttrc

Please let me know if you want me to do any work on the core file or
anything else.  If this is a separate bug let me know and I will file
a separate bug report.

Cheers, Jim

- details --
kernel: 2.6.13.1 unpatched

Installed package versions (unstable)
ii  mutt   1.5.11-2   Text-based mailreader supporting MIME, GPG, 

depends
ii  libc6  2.3.5-6GNU C Library: Shared libraries and Timezone
ii  libdb4.3   4.3.28-3   Berkeley v4.3 Database Libraries [runtime]
ii  libgnutls121.2.6-1the GNU TLS library - runtime library
ii  libidn11   0.5.18-1   GNU libidn library, implementation of IETF I
ii  libncursesw5   5.4-9  Shared libraries for terminal handling (wide
ii  libsasl2   2.1.19-1.6 Authentication abstraction library

suggests 
ii  ca-certificate 20050804   Common CA Certificates PEM files
ii  gnupg  1.4.2-2GNU privacy guard - a free PGP replacement
ii  ispell 3.1.20.0-4 International Ispell (an interactive spellin
ii  openssl0.9.8-2Secure Socket Layer (SSL) binary and related

recommends
ii  locales2.3.5-6GNU C Library: National Language (locale) da
ii  mime-support   3.35-1 MIME files 'mime.types' & 'mailcap', and sup