lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <E1IDqLW-0007HJ-3l@artemis.annvix.ca>
Date: Wed, 25 Jul 2007 17:32:46 -0600
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDKSA-2007:150 ] - Updated clamav packages fix vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:150
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : clamav
 Date    : July 25, 2007
 Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 A vulnerability in the RAR VM in ClamAV allowed user-assisted remote
 attackers to cause a crash via a crafted RAR archive which resulted
 in a NULL pointer dereference.
 
 Other bugs have also been corrected in 0.91.1 which is being provided
 with this update.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3725
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 a1d7123d64b17de98db72e05959657e0  2007.0/i586/clamav-0.91.1-1.1mdv2007.0.i586.rpm
 4e814bbff65dc4129f398f72b6d62640  2007.0/i586/clamav-db-0.91.1-1.1mdv2007.0.i586.rpm
 c6267bcae66562a2458cf9ad5d6de8f4  2007.0/i586/clamav-milter-0.91.1-1.1mdv2007.0.i586.rpm
 1f263279bf4cd5460786fe0759c0ec96  2007.0/i586/clamd-0.91.1-1.1mdv2007.0.i586.rpm
 0b14d3e33ba65c556cbea0dd4b55a51c  2007.0/i586/clamdmon-0.91.1-1.1mdv2007.0.i586.rpm
 2bd3ff262e1f1b5d261e2aa986d23ad5  2007.0/i586/libclamav2-0.91.1-1.1mdv2007.0.i586.rpm
 b9b0dac5eccf1000b8301187bcad99b2  2007.0/i586/libclamav2-devel-0.91.1-1.1mdv2007.0.i586.rpm 
 d1b697088a726c293ee54cc25b660308  2007.0/SRPMS/clamav-0.91.1-1.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 c0b6dc4ec4ab20dba0129966d42cd75e  2007.0/x86_64/clamav-0.91.1-1.1mdv2007.0.x86_64.rpm
 8c28b0917575a5b0f2306f6c30d35df8  2007.0/x86_64/clamav-db-0.91.1-1.1mdv2007.0.x86_64.rpm
 fbf470d9921d86b6cfbf0b75a8723f71  2007.0/x86_64/clamav-milter-0.91.1-1.1mdv2007.0.x86_64.rpm
 9dbff52f73edb4b10efa681b2c3b6b38  2007.0/x86_64/clamd-0.91.1-1.1mdv2007.0.x86_64.rpm
 60f9f0b6e869e4931ea6a5e1521d079b  2007.0/x86_64/clamdmon-0.91.1-1.1mdv2007.0.x86_64.rpm
 4de72c8d9cd714e0b1b7d9d1aadcb131  2007.0/x86_64/lib64clamav2-0.91.1-1.1mdv2007.0.x86_64.rpm
 63dc325ae89be61dca20128ae021a812  2007.0/x86_64/lib64clamav2-devel-0.91.1-1.1mdv2007.0.x86_64.rpm 
 d1b697088a726c293ee54cc25b660308  2007.0/SRPMS/clamav-0.91.1-1.1mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 5044c759d6cad93402ddd5350262f5fb  2007.1/i586/clamav-0.91.1-1.1mdv2007.1.i586.rpm
 9fdbb064de5d4752bf29b68edf86c9b7  2007.1/i586/clamav-db-0.91.1-1.1mdv2007.1.i586.rpm
 0bb59e9542365b9bd1faf3cdb041e1d1  2007.1/i586/clamav-milter-0.91.1-1.1mdv2007.1.i586.rpm
 2f95a4750b57cd52a8f8fe30ff62ad85  2007.1/i586/clamd-0.91.1-1.1mdv2007.1.i586.rpm
 33548bc49879899559d5700f7ec0add2  2007.1/i586/clamdmon-0.91.1-1.1mdv2007.1.i586.rpm
 4dc6d180ee9e306fa5eb3a1dfe81aa9e  2007.1/i586/libclamav2-0.91.1-1.1mdv2007.1.i586.rpm
 f2e5333e7c60c9cbc7b70f3994a867c3  2007.1/i586/libclamav2-devel-0.91.1-1.1mdv2007.1.i586.rpm 
 fdb6ea9465c87b3206051df922e509d0  2007.1/SRPMS/clamav-0.91.1-1.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 15b628de57bf9b067dfe17e4050eae06  2007.1/x86_64/clamav-0.91.1-1.1mdv2007.1.x86_64.rpm
 f53ae231e7591079b7a9f88c948527d5  2007.1/x86_64/clamav-db-0.91.1-1.1mdv2007.1.x86_64.rpm
 be2c036992c7ebd82ffdc45e4679c83c  2007.1/x86_64/clamav-milter-0.91.1-1.1mdv2007.1.x86_64.rpm
 cabcdcf73a9e49ead2db583e1a55af71  2007.1/x86_64/clamd-0.91.1-1.1mdv2007.1.x86_64.rpm
 8f8e068f16c979be31d688069c76b797  2007.1/x86_64/clamdmon-0.91.1-1.1mdv2007.1.x86_64.rpm
 c37ebfab59ca964727252852af351988  2007.1/x86_64/lib64clamav2-0.91.1-1.1mdv2007.1.x86_64.rpm
 744eaf423e847ad4ed1204cfde0bac22  2007.1/x86_64/lib64clamav2-devel-0.91.1-1.1mdv2007.1.x86_64.rpm 
 fdb6ea9465c87b3206051df922e509d0  2007.1/SRPMS/clamav-0.91.1-1.1mdv2007.1.src.rpm

 Corporate 3.0:
 3d676fd4f9e9ded80498b13ee9703447  corporate/3.0/i586/clamav-0.91.1-0.1.C30mdk.i586.rpm
 b9b12ef53061ccf1f695c2fffe6a04bb  corporate/3.0/i586/clamav-db-0.91.1-0.1.C30mdk.i586.rpm
 24da7dc91cbe989c78c7bdf6dba9e900  corporate/3.0/i586/clamav-milter-0.91.1-0.1.C30mdk.i586.rpm
 bc9fdfa2c9a6c356f7f14f186d2e57d9  corporate/3.0/i586/clamd-0.91.1-0.1.C30mdk.i586.rpm
 3e930ebd2759f14da53b0f2f4d8cf7da  corporate/3.0/i586/clamdmon-0.91.1-0.1.C30mdk.i586.rpm
 5897ace4abdc86cff7c7f9b073c4a046  corporate/3.0/i586/libclamav2-0.91.1-0.1.C30mdk.i586.rpm
 56909a444cdc2b2c60f4c07d8d829034  corporate/3.0/i586/libclamav2-devel-0.91.1-0.1.C30mdk.i586.rpm 
 b1c34cc12fb36c73c469dcfbf4bcaa4e  corporate/3.0/SRPMS/clamav-0.91.1-0.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 1d9868884be1e6222e4161458bb66c26  corporate/3.0/x86_64/clamav-0.91.1-0.1.C30mdk.x86_64.rpm
 7cfa0abb1592069c41b7a9e413c9c087  corporate/3.0/x86_64/clamav-db-0.91.1-0.1.C30mdk.x86_64.rpm
 eebc3cadf53dd91a4ce07e24f52dc769  corporate/3.0/x86_64/clamav-milter-0.91.1-0.1.C30mdk.x86_64.rpm
 51c2d25c6a9daaf22e4de6664f59214b  corporate/3.0/x86_64/clamd-0.91.1-0.1.C30mdk.x86_64.rpm
 7204fe1ba0c6bf928e5acf49be41162f  corporate/3.0/x86_64/clamdmon-0.91.1-0.1.C30mdk.x86_64.rpm
 0a35b0352337135ef77792872c1b2f3c  corporate/3.0/x86_64/lib64clamav2-0.91.1-0.1.C30mdk.x86_64.rpm
 ac762dda202af6e7c334aeb4281478c8  corporate/3.0/x86_64/lib64clamav2-devel-0.91.1-0.1.C30mdk.x86_64.rpm 
 b1c34cc12fb36c73c469dcfbf4bcaa4e  corporate/3.0/SRPMS/clamav-0.91.1-0.1.C30mdk.src.rpm

 Corporate 4.0:
 07b49366a22bd05a2a2bb04301e4f7ea  corporate/4.0/i586/clamav-0.91.1-0.1.20060mlcs4.i586.rpm
 ef63aaea4109ca3a3f1fd2faafef6cc7  corporate/4.0/i586/clamav-db-0.91.1-0.1.20060mlcs4.i586.rpm
 b05e11e5f7ede181d6160976f52c8fb0  corporate/4.0/i586/clamav-milter-0.91.1-0.1.20060mlcs4.i586.rpm
 153c8daee5528351b1dc9488d462f39d  corporate/4.0/i586/clamd-0.91.1-0.1.20060mlcs4.i586.rpm
 51b0ece4e3aea78fc412595687817edf  corporate/4.0/i586/clamdmon-0.91.1-0.1.20060mlcs4.i586.rpm
 8fbd33f837d05be535798d580105d4d8  corporate/4.0/i586/libclamav2-0.91.1-0.1.20060mlcs4.i586.rpm
 ad7330c0fdfc2a372d462991701c3462  corporate/4.0/i586/libclamav2-devel-0.91.1-0.1.20060mlcs4.i586.rpm 
 3e04440a073f6c606289c90280cf3c7c  corporate/4.0/SRPMS/clamav-0.91.1-0.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 c4bbd2429700fbe41ae69d9926b40569  corporate/4.0/x86_64/clamav-0.91.1-0.1.20060mlcs4.x86_64.rpm
 4bba7834c9a14cf2098f3993389d78af  corporate/4.0/x86_64/clamav-db-0.91.1-0.1.20060mlcs4.x86_64.rpm
 b185a885f6c1038fcc6332a0d4edd5bb  corporate/4.0/x86_64/clamav-milter-0.91.1-0.1.20060mlcs4.x86_64.rpm
 a3a66b6dcd5834b765339d4e821608dd  corporate/4.0/x86_64/clamd-0.91.1-0.1.20060mlcs4.x86_64.rpm
 9f2edd76e48cd6c77e8fd847beb8710d  corporate/4.0/x86_64/clamdmon-0.91.1-0.1.20060mlcs4.x86_64.rpm
 b446eebd29ba07eaea893bb68c9932ba  corporate/4.0/x86_64/lib64clamav2-0.91.1-0.1.20060mlcs4.x86_64.rpm
 f4735af15e3e15bc26bc188743c3856e  corporate/4.0/x86_64/lib64clamav2-devel-0.91.1-0.1.20060mlcs4.x86_64.rpm 
 3e04440a073f6c606289c90280cf3c7c  corporate/4.0/SRPMS/clamav-0.91.1-0.1.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGp7IGmqjQ0CJFipgRAhriAKC+4jhYAgFtzMrinpv0xgx9iGYYFgCdFSQW
TQG7/bzoIJGeWikzMQr+KsA=
=kAPB
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ