Bug#578003: dependancy on libclamav5 disables AV scanning
Package: dansguardian Version: 2.9.9.4-1+lenny1+b1 Severity: important When using clamav as the AV content filter, dansguardin fails to start. Dansguardian depends on libclamav5, which is v0.94 on lenny. Security support for this has been discontinued. http://lists.debian.org/debian-security-announce/2009/msg00228.html Programs depending on clamav v0.94 have stopped working since 15 April. http://lists.clamav.net/lurker/message/20091006.143601.d27bbd20.en.html dansguardian needs to depend on libclamav6 which is v0.95 and available in volatile. This has been fixed in a later version, bug 524688, but is not in lenny. See also http://lists.debian.org/debian-release/2010/04/msg00110.html Starting dansguardian now with clamav as the AV content filter: # /etc/init.d/dansguardian restart Restarting DansGuardian: Restarting DansGuardian: :LibClamAV Warning: *** LibClamAV Warning: *** This version of the ClamAV engine is outdated. *** LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/support/faq *** LibClamAV Warning: *** LibClamAV Error: cli_hex2str(): Malformed hexstring: This ClamAV version has reached End of Life! Please upgrade to version 0.95 or later. For more information see www.clamav.net/eol-clamav-094 and www.clamav.net/download (length: 169) LibClamAV Error: Problem parsing database at line 742 LibClamAV Error: Can't load daily.ndb: Malformed database LibClamAV Error: cli_tgzload: Can't load daily.ndb LibClamAV Error: Can't load /var/lib/clamav//daily.cld: Malformed database Error loading clamav db: Malformed database Content scanner plugin init returned error value: -1 Error loading CS plugins Error parsing the dansguardian.conf file or other DansGuardian configuration files failed! Disabling the av content filter allows dansguardian to start. Regards, Jim -- System Information: Debian Release: 5.0.4 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.26-2-686 (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ISO-8859-1) (ignored: LC_ALL set to en_AU) Shell: /bin/sh linked to /bin/bash Versions of packages dansguardian depends on: ii adduser 3.110 add and remove users and groups ii clamav 0.95.3+dfsg-1~volatile1 anti-virus utility for Unix - comm ii libbz2-1.0 1.0.5-1 high-quality block-sorting file co ii libc62.7-18lenny2GNU C Library: Shared libraries ii libclamav5 0.94.dfsg.2-1lenny2 anti-virus utility for Unix - libr ii libgcc1 1:4.3.2-1.1 GCC support library ii libgmp3c22:4.2.2+dfsg-3 Multiprecision arithmetic library ii libpcre3 7.6-2.1 Perl 5 Compatible Regular Expressi ii libstdc++6 4.3.2-1.1 The GNU Standard C++ Library v3 ii perl 5.10.0-19lenny2 Larry Wall's Practical Extraction ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime dansguardian recommends no packages. Versions of packages dansguardian suggests: ii clamav-freshclam 0.95.3+dfsg-1~volatile1 anti-virus utility for Unix - viru ii squid2.7.STABLE3-4.1lenny1 Internet object cache (WWW proxy c -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#574182: apache-overflows.conf filter does not catch an exploit attempt
Package: fail2ban Version: 0.8.3-2sid1 Severity: normal I have been getting entries like these in /var/log/apache2/error.log: [Tue Mar 16 15:39:29 2010] [error] [client 58.179.109.179] Invalid URI in request \xf9h\xa9\xf3\x88\x8cXKj \xbf-l*4\x87n\xe4\xfe\xd4\x1d\x06\x8c\xf8m\\rS\xf6n\xeb\x8 [Mon Mar 15 15:44:47 2010] [error] [client 121.222.2.133] Invalid URI in request n\xed*\xbe*\xab\xefd\x80\xb5\xae\xf6\x01\x10M?\xf2\xce\x13\x9c\xd7\xa0N\xa7\xdb%0\xde\xe0\xfc\xd2\xa0\xfe\xe9w\xee\xc4`v\x9b[{\x0c:\xcb\x93\xc6\xa0\x93\x9c`l\\\x8d\xc9 They would be caught if filter.d/apache-overflows.conf was altered, e.g.: --- apache-overflows.conf 2010-03-17 09:01:48.0 +1100 +++ apache-overflows.conf.new 2010-03-17 09:02:36.0 +1100 @@ -11,7 +11,7 @@ # Notes.: Regexp to catch Apache overflow attempts. # Values: TEXT # -failregex = [[]client []] (Invalid method in request|request failed: URI too long|erroneous characters after protocol string) +failregex = [[]client []] (Invalid (method|URI) in request|request failed: URI too long|erroneous characters after protocol string) # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. I'm not sure if this would lead to false positives, but this attack is active. Entries that do not have shellcode in them: [Mon Jan 11 03:52:47 2010] [error] [client 219.80.23.234] Invalid URI in request GET HTTP/1.1 HTTP/1.1 [Mon Feb 15 00:21:11 2010] [error] [client 113.240.255.158] Invalid URI in request GET HTTP/1.1 Regards, Jim -- System Information: Debian Release: 5.0.4 APT prefers stable APT policy: (990, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.26-2-686 (SMP w/1 CPU core) Locale: LANG=C, LC_CTYPE=C (charmap=ISO-8859-1) (ignored: LC_ALL set to en_AU) Shell: /bin/sh linked to /bin/bash Versions of packages fail2ban depends on: ii lsb-base 3.2-20 Linux Standard Base 3.2 init scrip ii python2.5.2-3An interactive high-level object-o ii python-central0.6.8 register and build utility for Pyt Versions of packages fail2ban recommends: ii iptables 1.4.2-6administration tools for packet fi ii whois 4.7.30 an intelligent whois client Versions of packages fail2ban suggests: ii bsd-mailx [mailx] 8.1.2-0.20071201cvs-3 A simple mail user agent ii mailx 1:20071201-3 Transitional package for mailx ren pn python-gamin (no description available) -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#484464: glibc detected double free or corruption
Package: xsane Version: 0.995-3 Severity: normal Backend epkowa:libusb from libsane-extras v1.0.19.7 after several scans, towards the end of a scanning session, possibly at exit, the following message was emitted by xsane: *** glibc detected *** xsane: double free or corruption (!prev): 0x0818ea30 *** xsane: browser.c:703: avahi_service_browser_free: Assertion `*_head ==_item' failed. Different backends: Backend epson:libusb, after one scan on exit is this messsage: xsane: browser.c:703: avahi_service_browser_free: Assertion `*_head ==_item' failed. Backend epson2:libusb, after one scan on exit is this messsage: Segmentation fault Apart from this, scanning is functioning as expected. I am reporting this as a found memory allocation bug can be useful. Please let me know if you would like me to do any extra tests or give more information. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (990, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.24.7 (SMP w/2 CPU cores; PREEMPT) Locale: LANG=en_AU, LC_CTYPE=en_AU (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/bash Versions of packages xsane depends on: ii libatk1.0-01.22.0-1 The ATK accessibility toolkit ii libc6 2.7-11GNU C Library: Shared libraries ii libcairo2 1.6.4-3 The Cairo 2D vector graphics libra ii libgimp2.0 2.4.5-1+b2Libraries for the GNU Image Manipu ii libglib2.0-0 2.16.3-2 The GLib library of C routines ii libgtk2.0-02.12.9-4 The GTK+ graphical user interface ii libjpeg62 6b-14 The Independent JPEG Group's JPEG ii liblcms1 1.16-10 Color management library ii libpango1.0-0 1.20.2-2 Layout and rendering of internatio ii libpng12-0 1.2.27-1 PNG library - runtime ii libsane1.0.19-10 API library for scanners ii libtiff4 3.8.2-8 Tag Image File Format (TIFF) libra ii xsane-common 0.995-3 featureful graphical frontend for ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime Versions of packages xsane recommends: ii elinks [www-browser] 0.11.3-8advanced text-mode WWW browser ii iceape-browser [www- 1.1.9-5 Iceape Navigator (Internet browser ii iceweasel [www-brows 2.0.0.14-2 lightweight web browser based on M ii konqueror [www-brows 4:3.5.9.dfsg.1-2+b1 KDE's advanced file manager, web b ii lynx [www-browser] 2.8.6-2 Text-mode WWW Browser -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#434598: op-panel: Cannot be uninstalled
I have reproduced the problem consistently. Remove asterisk, destar, op-panel. Edited transcript follows. # aptitude install destar The following NEW packages will be automatically installed: asterisk asterisk-config asterisk-sounds-main libct3 libiksemel3 libpri1.0 libradiusclient-ng2 libtonezone1 op-panel python-medusa python-pychart python-pysqlite2 python-quixote1 ... # aptitude remove destar The following packages are unused and will be REMOVED: asterisk asterisk-config asterisk-sounds-main libct3 libiksemel3 libpri1.0 libradiusclient-ng2 libtonezone1 op-panel python-medusa python-pychart python-pysqlite2 python-quixote1 The following packages will be REMOVED: destar ... Removing libtonezone1 ... Removing op-panel ... No alternatives for op-panel. dpkg: error processing op-panel (--remove): subprocess pre-removal script returned error exit status 1 Starting Flash Operator Panel: op-panelprocess already running. . Removing python-medusa ... ... Errors were encountered while processing: op-panel E: Sub-process /usr/bin/dpkg returned an error code (1) A package failed to install. Trying to recover: ... # vi /var/lib/dpkg/info/op-panel.prerm [comment out update-alternatives] # aptitude remove destar [works fine] If you need the full transcript please let me know. Regards, Jim -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#434598: op-panel: Cannot be uninstalled
The problem is with the update-alternatives --remove-all op-panel line in /var/lib/dpkg/info/op-panel.prerm "set -x" added to /var/lib/dpkg/info/op-panel.prerm: # aptitude remove op-panel [snip] The following packages will be REMOVED: op-panel 0 packages upgraded, 0 newly installed, 1 to remove and 0 not upgraded. Need to get 0B of archives. After unpacking 1143kB will be freed. Writing extended state information... Done (Reading database ... 236843 files and directories currently installed.) Removing op-panel ... + case "$1" in + update-alternatives --remove-all op-panel No alternatives for op-panel. dpkg: error processing op-panel (--remove): subprocess pre-removal script returned error exit status 1 Commenting out "update-alternatives --remove-all op-panel" allowed package removal. Installing and subsequently removing op-panel is now ok. Possibly that line needs modification. Regards, Jim -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#434598: op-panel: Cannot be uninstalled
This is happening here too. op-panel 0.27.dfsg-1, unstable dist. I installed asterisk and destar to experiment, then removed them. op-panel will not uninistall. # aptitude remove op-panel Reading package lists... Done Building dependency tree Reading state information... Done Reading extended state information Initializing package states... Done Building tag database... Done The following packages will be REMOVED: op-panel 0 packages upgraded, 0 newly installed, 1 to remove and 0 not upgraded. Need to get 0B of archives. After unpacking 1143kB will be freed. Writing extended state information... Done (Reading database ... 228474 files and directories currently installed.) Removing op-panel ... No alternatives for op-panel. dpkg: error processing op-panel (--remove): subprocess pre-removal script returned error exit status 1 Starting Flash Operator Panel: op-panel. Errors were encountered while processing: op-panel E: Sub-process /usr/bin/dpkg returned an error code (1) A package failed to install. Trying to recover: Reading package lists... Done Building dependency tree Reading state information... Done Reading extended state information Initializing package states... Done Building tag database... Done (aptitude install op-panel) # dpkg --purge op-panel (Reading database ... 228474 files and directories currently installed.) Removing op-panel ... No alternatives for op-panel. dpkg: error processing op-panel (--purge): subprocess pre-removal script returned error exit status 1 Starting Flash Operator Panel: op-panel. Errors were encountered while processing: op-panel Regards, Jim -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#329442: segfault with imap host completion
On Mon, Jan 29, 2007 at 06:38:27PM +0100, Christoph Berg wrote: > Hi Nico, hi Jim, > > #329442 is marked as still present in unstable. Mutt doesn't crash > here, but then I don't use IMAP regularly (yet). Could you please try > this again and tell me if the tab completion now works? Hi Christoph, I do not get a segfault with the version that I have installed. (mutt 1.5.13-1.1) I don't' use it for imap now, so I am not sure how well it works for tab completion, but it doesn't crash the way it did then. Regards, Jim -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#329442: fixed in mutt 1.5.11-1
Package: mutt Version: 1.5.11-2 On Sun, Sep 25, 2005 at 02:32:12PM -0700, Adeodato Simó wrote: > Source: mutt > Source-Version: 1.5.11-1 > > We believe that the bug you reported is fixed in the latest version of > mutt, which is due to be installed in the Debian FTP archive: > > ... > > Thank you for reporting the bug, which will now be closed. If you > have further comments please address them to [EMAIL PROTECTED], > and the maintainer will reopen the bug report if appropriate. > > ... > > + does not segfault with IMAP folder completion. (Closes: #329442) I am not sure if this is a regression, I get this with mutt 1.5.11-2: Index mode, changing folder: [c]imap://host.name/[tab]Segmentation fault problem occurs: - before an imap connection is established or after - with no network activity generated apart from tearing down the connection on exit if it was up - every time - on different machines with the same software versions - with imap:// and imaps:// - with no .muttrc Please let me know if you want me to do any work on the core file or anything else. If this is a separate bug let me know and I will file a separate bug report. Cheers, Jim - details -- kernel: 2.6.13.1 unpatched Installed package versions (unstable) ii mutt 1.5.11-2 Text-based mailreader supporting MIME, GPG, depends ii libc6 2.3.5-6GNU C Library: Shared libraries and Timezone ii libdb4.3 4.3.28-3 Berkeley v4.3 Database Libraries [runtime] ii libgnutls121.2.6-1the GNU TLS library - runtime library ii libidn11 0.5.18-1 GNU libidn library, implementation of IETF I ii libncursesw5 5.4-9 Shared libraries for terminal handling (wide ii libsasl2 2.1.19-1.6 Authentication abstraction library suggests ii ca-certificate 20050804 Common CA Certificates PEM files ii gnupg 1.4.2-2GNU privacy guard - a free PGP replacement ii ispell 3.1.20.0-4 International Ispell (an interactive spellin ii openssl0.9.8-2Secure Socket Layer (SSL) binary and related recommends ii locales2.3.5-6GNU C Library: National Language (locale) da ii mime-support 3.35-1 MIME files 'mime.types' & 'mailcap', and sup