Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
news

[Security Announce] [ MDVSA-2008:122 ] - Updated clamav packages fix vulnerability

By news, in Upcoming News

Recommended Posts

news    28

news
Posted

This is a multi-part message in MIME format...

 

------------=_1214335308-11275-6641

 

 

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

_______________________________________________________________________

 

Mandriva Linux Security Advisory MDVSA-2008:122

http://www.mandriva.com/security/

_______________________________________________________________________

 

Package : clamav

Date : June 24, 2008

Affected: 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0

_______________________________________________________________________

 

Problem Description:

 

A vulnerability was discovered in ClamAV and corrected with the

0.93.1 release:

 

libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers

to cause a denial of service via a crafted Petite file that triggers

an out-of-bounds read. (CVE-2008-2713)

 

Other bugs have also been corrected in 0.93.1 which is being provided

with this update.

_______________________________________________________________________

 

References:

 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2713

_______________________________________________________________________

 

Updated Packages:

 

Mandriva Linux 2007.1:

d6e6d5fd080ce50027ef69af38f44a50 2007.1/i586/clamav-0.93.1-1.1mdv2007.1.i586.rpm

91e412d5f2b30b49fddb09104ddf6bad 2007.1/i586/clamav-db-0.93.1-1.1mdv2007.1.i586.rpm

c396b6cced87ba57938da86a79e63469 2007.1/i586/clamav-milter-0.93.1-1.1mdv2007.1.i586.rpm

d79020b041aa6a7956348c799f0e0f8b 2007.1/i586/clamd-0.93.1-1.1mdv2007.1.i586.rpm

b4c74f702d97e569c4ac3350b5216246 2007.1/i586/libclamav4-0.93.1-1.1mdv2007.1.i586.rpm

9481877bd226e02ea263df47535d685f 2007.1/i586/libclamav-devel-0.93.1-1.1mdv2007.1.i586.rpm

bfeb68ce738cc1c44c89e2e84774a7f6 2007.1/SRPMS/clamav-0.93.1-1.1mdv2007.1.src.rpm

 

Mandriva Linux 2007.1/X86_64:

dc70398b743d54094b2c9307686de01d 2007.1/x86_64/clamav-0.93.1-1.1mdv2007.1.x86_64.rpm

5860690f58edb1c7f0a78a46fbb881ed 2007.1/x86_64/clamav-db-0.93.1-1.1mdv2007.1.x86_64.rpm

a23d6ad5a58dab98d12c93e95d1fdfe9 2007.1/x86_64/clamav-milter-0.93.1-1.1mdv2007.1.x86_64.rpm

e3be58ba2ce45b05274471a177ef2c6b 2007.1/x86_64/clamd-0.93.1-1.1mdv2007.1.x86_64.rpm

0f747e4fe79afc573c739cfc4fba3604 2007.1/x86_64/lib64clamav4-0.93.1-1.1mdv2007.1.x86_64.rpm

d7e202d2f083f1a7672380486eddb63f 2007.1/x86_64/lib64clamav-devel-0.93.1-1.1mdv2007.1.x86_64.rpm

bfeb68ce738cc1c44c89e2e84774a7f6 2007.1/SRPMS/clamav-0.93.1-1.1mdv2007.1.src.rpm

 

Mandriva Linux 2008.0:

58ebbfd98e8a588581fe00ecb872fc27 2008.0/i586/clamav-0.93.1-1.1mdv2008.0.i586.rpm

33b0fdde3505f6a3e64790ae8d49c131 2008.0/i586/clamav-db-0.93.1-1.1mdv2008.0.i586.rpm

318c705eadeb8d0ae72fb997b1b652d9 2008.0/i586/clamav-milter-0.93.1-1.1mdv2008.0.i586.rpm

a5bcba636bc5a0abb93a6bb62f9666dc 2008.0/i586/clamd-0.93.1-1.1mdv2008.0.i586.rpm

36fe2a64f4dd63b6787587cee1d2f6d7 2008.0/i586/libclamav4-0.93.1-1.1mdv2008.0.i586.rpm

64e7f239d476d967e744ec98e8bbaaaf 2008.0/i586/libclamav-devel-0.93.1-1.1mdv2008.0.i586.rpm

31794216eeb43c8acde7f66c3c90a407 2008.0/SRPMS/clamav-0.93.1-1.1mdv2008.0.src.rpm

 

Mandriva Linux 2008.0/X86_64:

841b6933ced6c1bcb4d8df1fe09d9e30 2008.0/x86_64/clamav-0.93.1-1.1mdv2008.0.x86_64.rpm

773e720c69159676e8187f132c447a51 2008.0/x86_64/clamav-db-0.93.1-1.1mdv2008.0.x86_64.rpm

1473b1bd46f2d266b9b426cc08c3bd11 2008.0/x86_64/clamav-milter-0.93.1-1.1mdv2008.0.x86_64.rpm

67665907f1716da0c3d4e31728d2a26d 2008.0/x86_64/clamd-0.93.1-1.1mdv2008.0.x86_64.rpm

5706994b50ed7b5703b1b455b91d1ee1 2008.0/x86_64/lib64clamav4-0.93.1-1.1mdv2008.0.x86_64.rpm

cfa7bd1e44c43ecdece379b08baa42d5 2008.0/x86_64/lib64clamav-devel-0.93.1-1.1mdv2008.0.x86_64.rpm

31794216eeb43c8acde7f66c3c90a407 2008.0/SRPMS/clamav-0.93.1-1.1mdv2008.0.src.rpm

 

Mandriva Linux 2008.1:

bfb1edc3b761c6d630fb1e4bc5a21684 2008.1/i586/clamav-0.93.1-1.1mdv2008.1.i586.rpm

0b2bde219f099d8ee612b6ba3578b729 2008.1/i586/clamav-db-0.93.1-1.1mdv2008.1.i586.rpm

c7a28b464db932b55ee6ea2b37ffa801 2008.1/i586/clamav-milter-0.93.1-1.1mdv2008.1.i586.rpm

f5516462a89259bb2720872cbff8a773 2008.1/i586/clamd-0.93.1-1.1mdv2008.1.i586.rpm

4075f7b927cc5a2782170fa189d4061c 2008.1/i586/libclamav4-0.93.1-1.1mdv2008.1.i586.rpm

b2cac58aa4c6fa30f51f253a1d76d73c 2008.1/i586/libclamav-devel-0.93.1-1.1mdv2008.1.i586.rpm

bbcef70312d273a5d64396f547a1b267 2008.1/SRPMS/clamav-0.93.1-1.1mdv2008.1.src.rpm

 

Mandriva Linux 2008.1/X86_64:

25954d96b34972f1eff9f8d5d6131070 2008.1/x86_64/clamav-0.93.1-1.1mdv2008.1.x86_64.rpm

7f80d7579e298971e218a2b7c55fadd1 2008.1/x86_64/clamav-db-0.93.1-1.1mdv2008.1.x86_64.rpm

d7b71a1ac5d4776175f54085843e86ff 2008.1/x86_64/clamav-milter-0.93.1-1.1mdv2008.1.x86_64.rpm

417cc63a86c768f3746c61c6ac2ec756 2008.1/x86_64/clamd-0.93.1-1.1mdv2008.1.x86_64.rpm

897c52373d843fd8d6913b190008755d 2008.1/x86_64/lib64clamav4-0.93.1-1.1mdv2008.1.x86_64.rpm

53498a5bcac565ef5bde747fb777a02f 2008.1/x86_64/lib64clamav-devel-0.93.1-1.1mdv2008.1.x86_64.rpm

bbcef70312d273a5d64396f547a1b267 2008.1/SRPMS/clamav-0.93.1-1.1mdv2008.1.src.rpm

 

Corporate 3.0:

f0dba56ce30fe45c3182fef7aabeb78a corporate/3.0/i586/clamav-0.93.1-0.1.C30mdk.i586.rpm

b2b6b6e8115fb26f1dcbf5d91c964c43 corporate/3.0/i586/clamav-db-0.93.1-0.1.C30mdk.i586.rpm

8d9abd25a8a10f1a997371773643baae corporate/3.0/i586/clamav-milter-0.93.1-0.1.C30mdk.i586.rpm

19180f2835b6fc0d45bc141a71c16f5e corporate/3.0/i586/clamd-0.93.1-0.1.C30mdk.i586.rpm

f5fd464df26d56eef9871e389e303961 corporate/3.0/i586/libclamav4-0.93.1-0.1.C30mdk.i586.rpm

45018ae43f0ae03f792c92ff9a461063 corporate/3.0/i586/libclamav-devel-0.93.1-0.1.C30mdk.i586.rpm

c04af720f4cd7977ce56fd8df74aa760 corporate/3.0/SRPMS/clamav-0.93.1-0.1.C30mdk.src.rpm

 

Corporate 3.0/X86_64:

7c90dbfd62be67c5b80a66851c850115 corporate/3.0/x86_64/clamav-0.93.1-0.1.C30mdk.x86_64.rpm

9de87454215778b01cf19d28c7f12455 corporate/3.0/x86_64/clamav-db-0.93.1-0.1.C30mdk.x86_64.rpm

44fa657f08f4002c57a6e285a707fe9a corporate/3.0/x86_64/clamav-milter-0.93.1-0.1.C30mdk.x86_64.rpm

dc400142582e2a71c457b5ebc0910d7d corporate/3.0/x86_64/clamd-0.93.1-0.1.C30mdk.x86_64.rpm

6b1b886bc76a5d74bbce14b940cfc041 corporate/3.0/x86_64/lib64clamav4-0.93.1-0.1.C30mdk.x86_64.rpm

38209d7e42fee1ed11b546d3051e9469 corporate/3.0/x86_64/lib64clamav-devel-0.93.1-0.1.C30mdk.x86_64.rpm

c04af720f4cd7977ce56fd8df74aa760 corporate/3.0/SRPMS/clamav-0.93.1-0.1.C30mdk.src.rpm

 

Corporate 4.0:

60f05b344ae9cce445e0dca85ab2c81e corporate/4.0/i586/clamav-0.93.1-0.1.20060mlcs4.i586.rpm

bf703aa241b7f4b6bb6d8c7c3ebe3ea1 corporate/4.0/i586/clamav-db-0.93.1-0.1.20060mlcs4.i586.rpm

380accf13269177a90345c43f5747493 corporate/4.0/i586/clamav-milter-0.93.1-0.1.20060mlcs4.i586.rpm

f07c62afc0fae6bef7b70c1a8ff41bff corporate/4.0/i586/clamd-0.93.1-0.1.20060mlcs4.i586.rpm

c320f5224c4c58a7cbc4e089c6ccd23c corporate/4.0/i586/libclamav4-0.93.1-0.1.20060mlcs4.i586.rpm

85bf45fcda26e4604c805dda06525949 corporate/4.0/i586/libclamav-devel-0.93.1-0.1.20060mlcs4.i586.rpm

4aed1ebe1a76e5ab5b82f7a473089f16 corporate/4.0/SRPMS/clamav-0.93.1-0.1.20060mlcs4.src.rpm

 

Corporate 4.0/X86_64:

4ec940e0deecd0ee8e1d40e6e3677f7e corporate/4.0/x86_64/clamav-0.93.1-0.1.20060mlcs4.x86_64.rpm

93b41555ee924c7d121e2c1bf45cd197 corporate/4.0/x86_64/clamav-db-0.93.1-0.1.20060mlcs4.x86_64.rpm

704f979eb6e9685ea75e3b4f68006cd9 corporate/4.0/x86_64/clamav-milter-0.93.1-0.1.20060mlcs4.x86_64.rpm

6d77b053863261b147cfbba7a769cedc corporate/4.0/x86_64/clamd-0.93.1-0.1.20060mlcs4.x86_64.rpm

6920e123961a36b004938ba3356a3875 corporate/4.0/x86_64/lib64clamav4-0.93.1-0.1.20060mlcs4.x86_64.rpm

a63edc2a6f9e36bdfb372baa0c2eab99 corporate/4.0/x86_64/lib64clamav-devel-0.93.1-0.1.20060mlcs4.x86_64.rpm

4aed1ebe1a76e5ab5b82f7a473089f16 corporate/4.0/SRPMS/clamav-0.93.1-0.1.20060mlcs4.src.rpm

_______________________________________________________________________

 

To upgrade automatically use MandrivaUpdate or urpmi. The verification

of md5 checksums and GPG signatures is performed automatically for you.

 

All packages are signed by Mandriva for security. You can obtain the

GPG public key of the Mandriva Security Team by executing:

 

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 

You can view other update advisories for Mandriva Linux at:

 

http://www.mandriva.com/security/advisories

 

If you want to report vulnerabilities, please contact

 

security_(at)_mandriva.com

_______________________________________________________________________

 

Type Bits/KeyID Date User ID

pub 1024D/22458A98 2000-07-10 Mandriva Security Team

 

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.9 (GNU/Linux)

 

iD8DBQFIYRxRmqjQ0CJFipgRAu/IAJ0dVKtK+0T0C9izy9ZwAoNNqnqm0QCeL0Yz

+ycX4AzT0q2FQrJAj70RJbU=

=/9gL

-----END PGP SIGNATURE-----

 

 

------------=_1214335308-11275-6641

Content-Type: text/plain; name="message-footer.txt"

Content-Disposition: inline; filename="message-footer.txt"

Content-Transfer-Encoding: 8bit

 

To unsubscribe, send a email to sympa ( -at -) mandrivalinux.org

with this subject : unsubscribe security-announce

_______________________________________________________

Want to buy your Pack or Services from Mandriva?

Go to http://www.mandrivastore.com

Join the Club : http://www.mandrivaclub.com

_______________________________________________________

 

------------=_1214335308-11275-6641--

 

 

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Upcoming News
×