Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
news

[Security Announce] [ MDVSA-2008:239 ] clamav

By news, in Upcoming News

Recommended Posts

news    28

news
Posted

This is a multi-part message in MIME format...

 

------------=_1228531212-14940-5197

 

 

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

_______________________________________________________________________

 

Mandriva Linux Security Advisory MDVSA-2008:239

http://www.mandriva.com/security/

_______________________________________________________________________

 

Package : clamav

Date : December 5, 2008

Affected: 2008.0, 2008.1, 2009.0, Corporate 3.0, Corporate 4.0

_______________________________________________________________________

 

Problem Description:

 

Ilja van Sprundel found that ClamAV contained a denial of service

vulnerability in how it handled processing JPEG files, due to it

not limiting the recursion depth when processing JPEG thumbnails

(CVE-2008-5314).

 

Other bugs have also been corrected in 0.94.2 which is being provided

with this update.

_______________________________________________________________________

 

References:

 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5314

_______________________________________________________________________

 

Updated Packages:

 

Mandriva Linux 2008.0:

76beab75d863d50bba121d855c9b438b 2008.0/i586/clamav-0.94.2-1.1mdv2008.0.i586.rpm

4fd30d06eaae9dd3485d1029b785b5d1 2008.0/i586/clamav-db-0.94.2-1.1mdv2008.0.i586.rpm

3293ae92542961c7aff1270321e42c64 2008.0/i586/clamd-0.94.2-1.1mdv2008.0.i586.rpm

edf97df009a6670637d9259e93e8fa4d 2008.0/i586/libclamav5-0.94.2-1.1mdv2008.0.i586.rpm

a6c8e64a377e3cffe859fa1b9c369ccf 2008.0/i586/libclamav-devel-0.94.2-1.1mdv2008.0.i586.rpm

ad2a6c0a833e798109f7dafefe845c6b 2008.0/SRPMS/clamav-0.94.2-1.1mdv2008.0.src.rpm

 

Mandriva Linux 2008.0/X86_64:

9be0855b803f6772371c94e613e609cc 2008.0/x86_64/clamav-0.94.2-1.1mdv2008.0.x86_64.rpm

d61d7b9cdc5418209da894c1d557dc2f 2008.0/x86_64/clamav-db-0.94.2-1.1mdv2008.0.x86_64.rpm

51fd1abb8528865ff3930dfbc497293f 2008.0/x86_64/clamd-0.94.2-1.1mdv2008.0.x86_64.rpm

024a6a575ca469dc3f3044e50ff82611 2008.0/x86_64/lib64clamav5-0.94.2-1.1mdv2008.0.x86_64.rpm

986d1b076adf3bed18a37fb7ffbb938b 2008.0/x86_64/lib64clamav-devel-0.94.2-1.1mdv2008.0.x86_64.rpm

ad2a6c0a833e798109f7dafefe845c6b 2008.0/SRPMS/clamav-0.94.2-1.1mdv2008.0.src.rpm

 

Mandriva Linux 2008.1:

cc37662a9b26623fbacdd49f6bd552f1 2008.1/i586/clamav-0.94.2-1.1mdv2008.1.i586.rpm

447c0735aa918d5c8ba9dc603a830e84 2008.1/i586/clamav-db-0.94.2-1.1mdv2008.1.i586.rpm

612c1311f2ec78ea72a821fcb5f69e9e 2008.1/i586/clamd-0.94.2-1.1mdv2008.1.i586.rpm

d1cda95e0b38da35f601a21adf8a83ea 2008.1/i586/libclamav5-0.94.2-1.1mdv2008.1.i586.rpm

e6debecc5127af9c9b6a1ce1b6856a14 2008.1/i586/libclamav-devel-0.94.2-1.1mdv2008.1.i586.rpm

4a85173474e49d304c0055cc4f9a50ee 2008.1/SRPMS/clamav-0.94.2-1.1mdv2008.1.src.rpm

 

Mandriva Linux 2008.1/X86_64:

666d401ee9a3e5386c39dae18b706736 2008.1/x86_64/clamav-0.94.2-1.1mdv2008.1.x86_64.rpm

f1e7e07f56c9ffa8671adc066ecd88d9 2008.1/x86_64/clamav-db-0.94.2-1.1mdv2008.1.x86_64.rpm

68831cc7365c47c630df5edb1838206d 2008.1/x86_64/clamd-0.94.2-1.1mdv2008.1.x86_64.rpm

23a274e8c5f558ae53a306bd00fee12e 2008.1/x86_64/lib64clamav5-0.94.2-1.1mdv2008.1.x86_64.rpm

79196d7b4f6c0e7df71d2d6430be21ab 2008.1/x86_64/lib64clamav-devel-0.94.2-1.1mdv2008.1.x86_64.rpm

4a85173474e49d304c0055cc4f9a50ee 2008.1/SRPMS/clamav-0.94.2-1.1mdv2008.1.src.rpm

 

Mandriva Linux 2009.0:

e3bb00e5435ee0bc4e3ba34377cee784 2009.0/i586/clamav-0.94.2-1.1mdv2009.0.i586.rpm

a2cd7d757a336f34058a55098dc600e8 2009.0/i586/clamav-db-0.94.2-1.1mdv2009.0.i586.rpm

6904d7d8f7a35d2a65a4cfe40ef48bfa 2009.0/i586/clamd-0.94.2-1.1mdv2009.0.i586.rpm

36c1e37a32f65cb96d24fd8b0db5f7e5 2009.0/i586/libclamav5-0.94.2-1.1mdv2009.0.i586.rpm

f4f89d2acb7237ba6135ba54dccacaf9 2009.0/i586/libclamav-devel-0.94.2-1.1mdv2009.0.i586.rpm

d9954bb8eac45821b9f13e655fb7839e 2009.0/SRPMS/clamav-0.94.2-1.1mdv2009.0.src.rpm

 

Mandriva Linux 2009.0/X86_64:

2355d0d75b0199682e71657db724e295 2009.0/x86_64/clamav-0.94.2-1.1mdv2009.0.x86_64.rpm

3432b677b2a72802432cc96d92014f5b 2009.0/x86_64/clamav-db-0.94.2-1.1mdv2009.0.x86_64.rpm

7bebc82ca05fecdc1768892dbd812c17 2009.0/x86_64/clamd-0.94.2-1.1mdv2009.0.x86_64.rpm

ba9fdd676bb4ce545072a14e8e96f86c 2009.0/x86_64/lib64clamav5-0.94.2-1.1mdv2009.0.x86_64.rpm

6e1c88a5a086126ea6df74fa0642e45f 2009.0/x86_64/lib64clamav-devel-0.94.2-1.1mdv2009.0.x86_64.rpm

d9954bb8eac45821b9f13e655fb7839e 2009.0/SRPMS/clamav-0.94.2-1.1mdv2009.0.src.rpm

 

Corporate 3.0:

0de774b0b919eaf9269bff1f9dbcc502 corporate/3.0/i586/clamav-0.94.2-0.1.C30mdk.i586.rpm

79b305aa810908fa3e30b32a9ddc0a9a corporate/3.0/i586/clamav-db-0.94.2-0.1.C30mdk.i586.rpm

bcb7357561fb229201fa415dbbe1ba10 corporate/3.0/i586/clamd-0.94.2-0.1.C30mdk.i586.rpm

a889cd1fa54443ed7f84b03a599b5dd7 corporate/3.0/i586/libclamav5-0.94.2-0.1.C30mdk.i586.rpm

04895e0ca3f5f112562b3352bdd4e522 corporate/3.0/i586/libclamav-devel-0.94.2-0.1.C30mdk.i586.rpm

a307df060dcaa0c7d93c7cbd9f58e842 corporate/3.0/SRPMS/clamav-0.94.2-0.1.C30mdk.src.rpm

 

Corporate 3.0/X86_64:

a56708d3e7bf8c6111a1f1b4b44d2571 corporate/3.0/x86_64/clamav-0.94.2-0.1.C30mdk.x86_64.rpm

095bd1aa2b2295d555ca13c36f5778b4 corporate/3.0/x86_64/clamav-db-0.94.2-0.1.C30mdk.x86_64.rpm

0c80591bfdccc63fe3818583b5fcb829 corporate/3.0/x86_64/clamd-0.94.2-0.1.C30mdk.x86_64.rpm

1311da34900cd15ce38c14ff16b2c0dc corporate/3.0/x86_64/lib64clamav5-0.94.2-0.1.C30mdk.x86_64.rpm

fe66fd2f698a27b014b1c68e2bd019d8 corporate/3.0/x86_64/lib64clamav-devel-0.94.2-0.1.C30mdk.x86_64.rpm

a307df060dcaa0c7d93c7cbd9f58e842 corporate/3.0/SRPMS/clamav-0.94.2-0.1.C30mdk.src.rpm

 

Corporate 4.0:

392911d388217b1d55cf31a7bb2586ab corporate/4.0/i586/clamav-0.94.2-0.1.20060mlcs4.i586.rpm

77d8232d30d440220faf79d979fae533 corporate/4.0/i586/clamav-db-0.94.2-0.1.20060mlcs4.i586.rpm

866326eaf820b549877f2c3126cdf2ba corporate/4.0/i586/clamd-0.94.2-0.1.20060mlcs4.i586.rpm

f2ba2c12b43ec1979424cddf8bb6c475 corporate/4.0/i586/libclamav5-0.94.2-0.1.20060mlcs4.i586.rpm

6557632e03d2a4863326b49404dbdcd7 corporate/4.0/i586/libclamav-devel-0.94.2-0.1.20060mlcs4.i586.rpm

54d43f922df6e0ece09ec3c3ece7364a corporate/4.0/SRPMS/clamav-0.94.2-0.1.20060mlcs4.src.rpm

 

Corporate 4.0/X86_64:

72f5f30c460683914b27d257e2125688 corporate/4.0/x86_64/clamav-0.94.2-0.1.20060mlcs4.x86_64.rpm

169f086d64243420757efd885c931a99 corporate/4.0/x86_64/clamav-db-0.94.2-0.1.20060mlcs4.x86_64.rpm

cd2ac76205e5a866a0083a8aa741a052 corporate/4.0/x86_64/clamd-0.94.2-0.1.20060mlcs4.x86_64.rpm

5b2ec74d5d3b07f0546d7e4c76072bb4 corporate/4.0/x86_64/lib64clamav5-0.94.2-0.1.20060mlcs4.x86_64.rpm

c506b06df4cb84b77d626525d5c05025 corporate/4.0/x86_64/lib64clamav-devel-0.94.2-0.1.20060mlcs4.x86_64.rpm

54d43f922df6e0ece09ec3c3ece7364a corporate/4.0/SRPMS/clamav-0.94.2-0.1.20060mlcs4.src.rpm

_______________________________________________________________________

 

To upgrade automatically use MandrivaUpdate or urpmi. The verification

of md5 checksums and GPG signatures is performed automatically for you.

 

All packages are signed by Mandriva for security. You can obtain the

GPG public key of the Mandriva Security Team by executing:

 

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 

You can view other update advisories for Mandriva Linux at:

 

http://www.mandriva.com/security/advisories

 

If you want to report vulnerabilities, please contact

 

security_(at)_mandriva.com

_______________________________________________________________________

 

Type Bits/KeyID Date User ID

pub 1024D/22458A98 2000-07-10 Mandriva Security Team

 

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.9 (GNU/Linux)

 

iD8DBQFJObfTmqjQ0CJFipgRAtM0AKCJYtlHyOIaSKU/vTnqy6euklannwCg4o9r

kxD6kNYfUfrH+9OQcCbhks0=

=HAZR

-----END PGP SIGNATURE-----

 

 

------------=_1228531212-14940-5197

Content-Type: text/plain; name="message-footer.txt"

Content-Disposition: inline; filename="message-footer.txt"

Content-Transfer-Encoding: 8bit

 

To unsubscribe, send a email to sympa ( -at -) mandrivalinux.org

with this subject : unsubscribe security-announce

_______________________________________________________

Want to buy your Pack or Services from Mandriva?

Go to http://www.mandrivastore.com

Join the Club : http://www.mandrivaclub.com

_______________________________________________________

 

------------=_1228531212-14940-5197--

 

 

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Upcoming News
×