lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <E1EHuZp-0005Q9-Dv@mercury.mandriva.com>
Date: Tue, 20 Sep 2005 20:43:17 -0600
From: Mandriva Security Team <security@...driva.com>
To: bugtraq@...urityfocus.com
Subject: MDKSA-2005:166 - Updated clamv packages fix vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           clamav
 Advisory ID:            MDKSA-2005:166
 Date:                   September 20th, 2005

 Affected versions:	 10.1, 10.2, Corporate 3.0
 ______________________________________________________________________

 Problem Description:

 A vulnerability was discovered in ClamAV versions prior to 0.87.  A
 buffer overflow could occure when processing malformed UPX-packed
 executables.  As well, it could be sent into an infinite loop when
 processing specially-crafted FSG-packed executables.
 
 ClamAV version 0.87 is provided with this update which isn't vulnerable
 to these issues.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2919
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2920
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.1:
 9f85320efe6a337ae46db08b53e0eaba  10.1/RPMS/clamav-0.87-0.1.101mdk.i586.rpm
 083a4c5972e960c2a47e598c4626506b  10.1/RPMS/clamav-db-0.87-0.1.101mdk.i586.rpm
 c3f10bb7176e61dcded0cee084fd2d24  10.1/RPMS/clamav-milter-0.87-0.1.101mdk.i586.rpm
 990c343c993bf7bf44046e773faa9f84  10.1/RPMS/clamd-0.87-0.1.101mdk.i586.rpm
 6c67cc650a9808ac1bd95fc7a1d4017a  10.1/RPMS/libclamav1-0.87-0.1.101mdk.i586.rpm
 213a5145796b74cf65c983a482072455  10.1/RPMS/libclamav1-devel-0.87-0.1.101mdk.i586.rpm
 2d75e236b21dbe8000a7c4b1be93217b  10.1/SRPMS/clamav-0.87-0.1.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 ef22edfa1aa4502f08000e050de5d36f  x86_64/10.1/RPMS/clamav-0.87-0.1.101mdk.x86_64.rpm
 e33da1b6f6bcd366801a5e80eeb7c723  x86_64/10.1/RPMS/clamav-db-0.87-0.1.101mdk.x86_64.rpm
 04c621676e2832c400c0dda74a498d49  x86_64/10.1/RPMS/clamav-milter-0.87-0.1.101mdk.x86_64.rpm
 da9cc77846812a4b34cb8250157d50b1  x86_64/10.1/RPMS/clamd-0.87-0.1.101mdk.x86_64.rpm
 950f3adbe1fec12c9792f6c947b7cb76  x86_64/10.1/RPMS/lib64clamav1-0.87-0.1.101mdk.x86_64.rpm
 6e53ad5c6d61a9ee3356d919b6589026  x86_64/10.1/RPMS/lib64clamav1-devel-0.87-0.1.101mdk.x86_64.rpm
 2d75e236b21dbe8000a7c4b1be93217b  x86_64/10.1/SRPMS/clamav-0.87-0.1.101mdk.src.rpm

 Mandrakelinux 10.2:
 bc2e4234b78790c9b0c5a5efcb15ba98  10.2/RPMS/clamav-0.87-0.1.102mdk.i586.rpm
 0a99f74d25235e793a6fe05a56d79f7a  10.2/RPMS/clamav-db-0.87-0.1.102mdk.i586.rpm
 b7d275ba651524cc4e3ce5cfacb842e3  10.2/RPMS/clamav-milter-0.87-0.1.102mdk.i586.rpm
 c6862f992a927151d1c4c511cb874e0a  10.2/RPMS/clamd-0.87-0.1.102mdk.i586.rpm
 303aeaa4d2a5de29f3cc5b0cdc539ab3  10.2/RPMS/libclamav1-0.87-0.1.102mdk.i586.rpm
 bcef24beead553b0b7af6a0454365384  10.2/RPMS/libclamav1-devel-0.87-0.1.102mdk.i586.rpm
 96e1ce9dffda8199bf1b583bc2d51e60  10.2/SRPMS/clamav-0.87-0.1.102mdk.src.rpm

 Mandrakelinux 10.2/X86_64:
 fc09b5328e536f426f6edaac04453ca2  x86_64/10.2/RPMS/clamav-0.87-0.1.102mdk.x86_64.rpm
 f27bc62247ff84975019f8ed3d6ea5b1  x86_64/10.2/RPMS/clamav-db-0.87-0.1.102mdk.x86_64.rpm
 c9fb726280f84da9dd32e30542c29fcd  x86_64/10.2/RPMS/clamav-milter-0.87-0.1.102mdk.x86_64.rpm
 193644891c29c2973931c01a56e68d60  x86_64/10.2/RPMS/clamd-0.87-0.1.102mdk.x86_64.rpm
 9568649a618f654600d78b71027174c9  x86_64/10.2/RPMS/lib64clamav1-0.87-0.1.102mdk.x86_64.rpm
 6b54a7ac2e8d743e067bfdaa7638d90f  x86_64/10.2/RPMS/lib64clamav1-devel-0.87-0.1.102mdk.x86_64.rpm
 96e1ce9dffda8199bf1b583bc2d51e60  x86_64/10.2/SRPMS/clamav-0.87-0.1.102mdk.src.rpm

 Corporate 3.0:
 f86de5b6055236c9cd1ff173bc6c1d98  corporate/3.0/RPMS/clamav-0.87-0.1.C30mdk.i586.rpm
 07071df1c078079e4b7d55f5fa13c7c8  corporate/3.0/RPMS/clamav-db-0.87-0.1.C30mdk.i586.rpm
 c96f4eb3cfd2ffb9060961e39c109204  corporate/3.0/RPMS/clamav-milter-0.87-0.1.C30mdk.i586.rpm
 2445d80ee9c39b337da36554315b9ac1  corporate/3.0/RPMS/clamd-0.87-0.1.C30mdk.i586.rpm
 196a1254be8dce937e17d4b731c5ec19  corporate/3.0/RPMS/libclamav1-0.87-0.1.C30mdk.i586.rpm
 a40bfe3465fcdceec2c8d9bfd52ba2b0  corporate/3.0/RPMS/libclamav1-devel-0.87-0.1.C30mdk.i586.rpm
 3ff54d614c61c446d645f8a5c8458abb  corporate/3.0/SRPMS/clamav-0.87-0.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 9d8b35a818da8a63bbbb6e435b9aeca7  x86_64/corporate/3.0/RPMS/clamav-0.87-0.1.C30mdk.x86_64.rpm
 b5e2a4dcbce2882b73c8a561574a4d24  x86_64/corporate/3.0/RPMS/clamav-db-0.87-0.1.C30mdk.x86_64.rpm
 cd2da84bd6fe14cfc7822acdbbfb51da  x86_64/corporate/3.0/RPMS/clamav-milter-0.87-0.1.C30mdk.x86_64.rpm
 cf5b819b5c911ece25afa929124bbbcf  x86_64/corporate/3.0/RPMS/clamd-0.87-0.1.C30mdk.x86_64.rpm
 7ba558d19e757c2a624e495055e0c218  x86_64/corporate/3.0/RPMS/lib64clamav1-0.87-0.1.C30mdk.x86_64.rpm
 ba046627c72dbe187eca48e5e1ae188c  x86_64/corporate/3.0/RPMS/lib64clamav1-devel-0.87-0.1.C30mdk.x86_64.rpm
 3ff54d614c61c446d645f8a5c8458abb  x86_64/corporate/3.0/SRPMS/clamav-0.87-0.1.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDMMjFmqjQ0CJFipgRAi4mAKDi+IhpoZJipa7FHsDsjLS7AmbR+QCgivM1
H8i2PXchCVYAqWKnsG4ADSY=
=8Yn2
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ