lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <E1DxwJG-0003wZ-Tg@mercury.mandriva.com>
Date: Wed, 27 Jul 2005 18:31:38 -0600
From: Mandriva Security Team <security@...driva.com>
To: bugtraq@...urityfocus.com
Subject: MDKSA-2005:125 - Updated clamav packages fix more vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           clamav
 Advisory ID:            MDKSA-2005:125
 Date:                   July 27th, 2005

 Affected versions:	 10.1, 10.2, Corporate 3.0
 ______________________________________________________________________

 Problem Description:

 Neel Mehta and Alex Wheeler discovered integer overflow vulnerabilites
 in Clam AntiVirus when handling the TNEF, CHM, and FSG file formats.
 By sending a specially-crafted file, an attacker could execute
 arbitrary code with the permissions of the user running Clam AV.
 
 This update provides clamav 0.86.2 which is not vulnerable to these
 issues.
 _______________________________________________________________________

 References:

  http://sourceforge.net/project/shownotes.php?release_id=344514
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.1:
 3aff45c0ae423b192f01753464b6cfbc  10.1/RPMS/clamav-0.86.2-0.1.101mdk.i586.rpm
 0d299b50297ac175acdb7531f84f55ab  10.1/RPMS/clamav-db-0.86.2-0.1.101mdk.i586.rpm
 dffea206daadeab2d90a8b68ca4f7fea  10.1/RPMS/clamav-milter-0.86.2-0.1.101mdk.i586.rpm
 f3f09c0d2d575b3156cf323ffbbb94db  10.1/RPMS/clamd-0.86.2-0.1.101mdk.i586.rpm
 d1b9984b610cce82fcab6d9c4c5a97ca  10.1/RPMS/libclamav1-0.86.2-0.1.101mdk.i586.rpm
 46b3844d26743b67e9496052933d705f  10.1/RPMS/libclamav1-devel-0.86.2-0.1.101mdk.i586.rpm
 c42e349d54742b783c3003557e3c30cb  10.1/SRPMS/clamav-0.86.2-0.1.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 a423b14654e6942ab17739990dcfae6e  x86_64/10.1/RPMS/clamav-0.86.2-0.1.101mdk.x86_64.rpm
 aa1b3a15c662321fe2991e1aeeaae68a  x86_64/10.1/RPMS/clamav-db-0.86.2-0.1.101mdk.x86_64.rpm
 01b1199b3ba12d6feaa5ff1d921fe0e7  x86_64/10.1/RPMS/clamav-milter-0.86.2-0.1.101mdk.x86_64.rpm
 60a72c063eab410c282e8ee9d0a362fe  x86_64/10.1/RPMS/clamd-0.86.2-0.1.101mdk.x86_64.rpm
 02acc55a71e3af52323b8aa340f5521f  x86_64/10.1/RPMS/lib64clamav1-0.86.2-0.1.101mdk.x86_64.rpm
 9f24abc7804efab4b00799745983e3f1  x86_64/10.1/RPMS/lib64clamav1-devel-0.86.2-0.1.101mdk.x86_64.rpm
 c42e349d54742b783c3003557e3c30cb  x86_64/10.1/SRPMS/clamav-0.86.2-0.1.101mdk.src.rpm

 Mandrakelinux 10.2:
 5547710e07946868106e106ef69db7be  10.2/RPMS/clamav-0.86.2-0.1.102mdk.i586.rpm
 5ef48f506ceeae734d446482cc301474  10.2/RPMS/clamav-db-0.86.2-0.1.102mdk.i586.rpm
 4f64fcc53200e73828959577eafe7035  10.2/RPMS/clamav-milter-0.86.2-0.1.102mdk.i586.rpm
 6a7a2f0e4d02ea303617351af05a5770  10.2/RPMS/clamd-0.86.2-0.1.102mdk.i586.rpm
 956ecafdf4be2be4da8e9f2f0ea7d9c3  10.2/RPMS/libclamav1-0.86.2-0.1.102mdk.i586.rpm
 b51aec4894ad6d5a950188bc5ec7a8c3  10.2/RPMS/libclamav1-devel-0.86.2-0.1.102mdk.i586.rpm
 be8dccab0884da69dd52c62abbab35fd  10.2/SRPMS/clamav-0.86.2-0.1.102mdk.src.rpm

 Mandrakelinux 10.2/X86_64:
 7b22b558e2e0e48cb3f8e137c74982b8  x86_64/10.2/RPMS/clamav-0.86.2-0.1.102mdk.x86_64.rpm
 3e0f6b63b114ffeb10b5f2ac2e5be66f  x86_64/10.2/RPMS/clamav-db-0.86.2-0.1.102mdk.x86_64.rpm
 4a68fe06f2c665135d979a2d385079ab  x86_64/10.2/RPMS/clamav-milter-0.86.2-0.1.102mdk.x86_64.rpm
 1b580f573bf00a934c7a7702815776e8  x86_64/10.2/RPMS/clamd-0.86.2-0.1.102mdk.x86_64.rpm
 6a30cc951870872319cd85ae597859f1  x86_64/10.2/RPMS/lib64clamav1-0.86.2-0.1.102mdk.x86_64.rpm
 7ecb12fa41abe3154ab70bdeb19e07c2  x86_64/10.2/RPMS/lib64clamav1-devel-0.86.2-0.1.102mdk.x86_64.rpm
 be8dccab0884da69dd52c62abbab35fd  x86_64/10.2/SRPMS/clamav-0.86.2-0.1.102mdk.src.rpm

 Corporate 3.0:
 6f0a3bb18f7d61a16417a98fa69cdacb  corporate/3.0/RPMS/clamav-0.86.2-0.1.C30mdk.i586.rpm
 69588b59e762b1d03ac5a3cf9dbfa8b0  corporate/3.0/RPMS/clamav-db-0.86.2-0.1.C30mdk.i586.rpm
 1eafaa2b6137d98c8cf194f2f58bc3d0  corporate/3.0/RPMS/clamav-milter-0.86.2-0.1.C30mdk.i586.rpm
 3a267af54b0eeabd001c3451986ed15c  corporate/3.0/RPMS/clamd-0.86.2-0.1.C30mdk.i586.rpm
 1f76c41366fc33e3af89dd78accb1274  corporate/3.0/RPMS/libclamav1-0.86.2-0.1.C30mdk.i586.rpm
 4bde87b4bcbf9d10930ad0e2eaba4098  corporate/3.0/RPMS/libclamav1-devel-0.86.2-0.1.C30mdk.i586.rpm
 55acc738815c806b4432771588499a8e  corporate/3.0/SRPMS/clamav-0.86.2-0.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 a22408fe6beb9b8bda8ff23afe644192  x86_64/corporate/3.0/RPMS/clamav-0.86.2-0.1.C30mdk.x86_64.rpm
 8b4166f392d03770be85d515ed3ba380  x86_64/corporate/3.0/RPMS/clamav-db-0.86.2-0.1.C30mdk.x86_64.rpm
 2521821041564175cea3baf9f7b87694  x86_64/corporate/3.0/RPMS/clamav-milter-0.86.2-0.1.C30mdk.x86_64.rpm
 fd479aa012e2fd92b18cdf57adaba9e6  x86_64/corporate/3.0/RPMS/clamd-0.86.2-0.1.C30mdk.x86_64.rpm
 4bdf0fa5cb4e8cb179038fd35340ca14  x86_64/corporate/3.0/RPMS/lib64clamav1-0.86.2-0.1.C30mdk.x86_64.rpm
 d7141c38c4c01ce2fd9c7a7f361bca72  x86_64/corporate/3.0/RPMS/lib64clamav1-devel-0.86.2-0.1.C30mdk.x86_64.rpm
 55acc738815c806b4432771588499a8e  x86_64/corporate/3.0/SRPMS/clamav-0.86.2-0.1.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFC6CdqmqjQ0CJFipgRAtdvAKDjWIZoDFM7vgBBirtrKzZ5gtav+QCgrhDY
0XoqT2+UgWbVLQ3tVwSKS8U=
=9Qeu
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ