lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <E1DsAO0-00054i-83@mercury.mandriva.com>
Date: Mon, 11 Jul 2005 20:20:40 -0600
From: Mandriva Security Team <security@...driva.com>
To: bugtraq@...urityfocus.com
Subject: MDKSA-2005:113 - Updated clamav packages fix vulnerability


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           clamav
 Advisory ID:            MDKSA-2005:113
 Date:                   July 11th, 2005

 Affected versions:	 10.1, 10.2, Corporate 3.0
 ______________________________________________________________________

 Problem Description:

 Andrew Toller and Stefan Kanthak discovered that a flaw in libmspack's
 Quantum archive decompressor renders Clam AntiVirus vulnerable to a
 Denial of Service attack.
 
 The updated packages have been patched to correct the problem.
 _______________________________________________________________________

 References:

  http://sourceforge.net/project/shownotes.php?release_id=337279
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.1:
 d1a61855ca50e53018e5c65ef380d8dd  10.1/RPMS/clamav-0.81-0.3.101mdk.i586.rpm
 4a73d4428b1c8288192e1880882114f1  10.1/RPMS/clamav-db-0.81-0.3.101mdk.i586.rpm
 ead89b02938223716b68ce51047fd193  10.1/RPMS/clamav-milter-0.81-0.3.101mdk.i586.rpm
 69ab5c876524188f382cb7649949ebcf  10.1/RPMS/clamd-0.81-0.3.101mdk.i586.rpm
 f682ad9ceaab4b22deacce071f685dd7  10.1/RPMS/libclamav1-0.81-0.3.101mdk.i586.rpm
 f74afc4b092506d942bc1c33e978143a  10.1/RPMS/libclamav1-devel-0.81-0.3.101mdk.i586.rpm
 5427d070911966721a7a74e43d5115d1  10.1/SRPMS/clamav-0.81-0.3.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 cef11c2c75f3d931e2fef9018895e410  x86_64/10.1/RPMS/clamav-0.81-0.3.101mdk.x86_64.rpm
 097aa32fc592727a5355872a91f2e53e  x86_64/10.1/RPMS/clamav-db-0.81-0.3.101mdk.x86_64.rpm
 e205ca0a534f2ca20afee6c311c927f2  x86_64/10.1/RPMS/clamav-milter-0.81-0.3.101mdk.x86_64.rpm
 dd5e7b49cc8b442b3ce9285b3b065217  x86_64/10.1/RPMS/clamd-0.81-0.3.101mdk.x86_64.rpm
 1c5d18841912089a2c0788103c81fd47  x86_64/10.1/RPMS/lib64clamav1-0.81-0.3.101mdk.x86_64.rpm
 b4ed80c808515aa78c5b64a90badc208  x86_64/10.1/RPMS/lib64clamav1-devel-0.81-0.3.101mdk.x86_64.rpm
 5427d070911966721a7a74e43d5115d1  x86_64/10.1/SRPMS/clamav-0.81-0.3.101mdk.src.rpm

 Mandrakelinux 10.2:
 40ebaed7490c8c4609d175898a4524a5  10.2/RPMS/clamav-0.83-6.1.102mdk.i586.rpm
 ecba8225d04b3d56b367cd12d1b18041  10.2/RPMS/clamav-db-0.83-6.1.102mdk.i586.rpm
 4c3f83da2c21d5b438fa87c2fc9c2510  10.2/RPMS/clamav-milter-0.83-6.1.102mdk.i586.rpm
 9af96c3025518c85b71382ade35b34c2  10.2/RPMS/clamd-0.83-6.1.102mdk.i586.rpm
 617a8776560de95a5feebdb18beb2f74  10.2/RPMS/libclamav1-0.83-6.1.102mdk.i586.rpm
 bb629f7ef414de49be3bf2fff4fdd949  10.2/RPMS/libclamav1-devel-0.83-6.1.102mdk.i586.rpm
 c1aa9d888990112d8db675a67d65d612  10.2/SRPMS/clamav-0.83-6.1.102mdk.src.rpm

 Mandrakelinux 10.2/X86_64:
 73b4b991f4b44ff648f4f9730608988c  x86_64/10.2/RPMS/clamav-0.83-6.1.102mdk.x86_64.rpm
 78da41faaaf4a67ecebb2155d20681b8  x86_64/10.2/RPMS/clamav-db-0.83-6.1.102mdk.x86_64.rpm
 104687d7dcd6258e5737e90c6814a0c0  x86_64/10.2/RPMS/clamav-milter-0.83-6.1.102mdk.x86_64.rpm
 afc85c501b6a9aed7f967ed35f2e4540  x86_64/10.2/RPMS/clamd-0.83-6.1.102mdk.x86_64.rpm
 9f831708f8a44ccba75bd0cafc926e0d  x86_64/10.2/RPMS/lib64clamav1-0.83-6.1.102mdk.x86_64.rpm
 f76da72a62e0d94451c5bcfdd4a5ff56  x86_64/10.2/RPMS/lib64clamav1-devel-0.83-6.1.102mdk.x86_64.rpm
 c1aa9d888990112d8db675a67d65d612  x86_64/10.2/SRPMS/clamav-0.83-6.1.102mdk.src.rpm

 Corporate 3.0:
 154457f3913dc4bfcd349e8d7f3d9ed1  corporate/3.0/RPMS/clamav-0.81-0.3.C30mdk.i586.rpm
 aa6d83e73d03464aee591658721017db  corporate/3.0/RPMS/clamav-db-0.81-0.3.C30mdk.i586.rpm
 79ffb7195506c5b0914e10dda8eac35a  corporate/3.0/RPMS/clamav-milter-0.81-0.3.C30mdk.i586.rpm
 1232f43b5272369f1c11ed6c4c173091  corporate/3.0/RPMS/clamd-0.81-0.3.C30mdk.i586.rpm
 05d298da13d32180fcc1c20344b5b8d1  corporate/3.0/RPMS/libclamav1-0.81-0.3.C30mdk.i586.rpm
 f7035cc164562e19743d7be91d6d1a43  corporate/3.0/RPMS/libclamav1-devel-0.81-0.3.C30mdk.i586.rpm
 86bc352ab413fa6232a997d57adf1d1d  corporate/3.0/SRPMS/clamav-0.81-0.3.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 934b40e521ea1419a9ff4d886feddbf7  x86_64/corporate/3.0/RPMS/clamav-0.81-0.3.C30mdk.x86_64.rpm
 3e133b0bbe1135ef2e3e8092b1a2b499  x86_64/corporate/3.0/RPMS/clamav-db-0.81-0.3.C30mdk.x86_64.rpm
 c8a51fa7450234d845e5b278b13e1eb7  x86_64/corporate/3.0/RPMS/clamav-milter-0.81-0.3.C30mdk.x86_64.rpm
 dc4500f7c4b0bf29d8cb9ca41688965c  x86_64/corporate/3.0/RPMS/clamd-0.81-0.3.C30mdk.x86_64.rpm
 d1e99a1f9accbfc1702c0c3dc1a8dd4c  x86_64/corporate/3.0/RPMS/lib64clamav1-0.81-0.3.C30mdk.x86_64.rpm
 050a0ee0bf1511f62e59b2f42893c580  x86_64/corporate/3.0/RPMS/lib64clamav1-devel-0.81-0.3.C30mdk.x86_64.rpm
 86bc352ab413fa6232a997d57adf1d1d  x86_64/corporate/3.0/SRPMS/clamav-0.81-0.3.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFC0yj4mqjQ0CJFipgRAsQJAJ48ZmIrft5xWvKAPpTW9s4nQosTdACgxCvo
WE7YDPVHivWiOHBM/N9SI4Q=
=zQDg
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ