lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <E1IRHud-00051Q-Jl@artemis.annvix.ca>
Date: Fri, 31 Aug 2007 19:36:35 -0600
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDKSA-2007:172 ] - Updated clamav packages vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:172
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : clamav
 Date    : August 31, 2007
 Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 A vulnerability in ClamAV was discovered that could allow remote
 attackers to cause a denial of service via a crafted RTF file or a
 crafted HTML document with a data: URI, both of which trigger a NULL
 dereference (CVE-2007-4510).
 
 A vulnerability in clamav-milter, when run in black hole mode,
 could allow remote attackers to execute arbitrary commands via shell
 metacharacters that are used in a certain popen call (CVE-2007-4560).
 
 Other bugs have also been corrected in 0.91.2 which is being provided
 with this update.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4510
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4560
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 9cc355cd4581c9e15aed5c059263f201  2007.0/i586/clamav-0.91.2-1.1mdv2007.0.i586.rpm
 cfcf00e1e77e0945c61fe88f9a47b6be  2007.0/i586/clamav-db-0.91.2-1.1mdv2007.0.i586.rpm
 c7a2df49aead6c11e6134ce35f2ff39c  2007.0/i586/clamav-milter-0.91.2-1.1mdv2007.0.i586.rpm
 f9ead23bd0d3b98b58687a02eafa3d18  2007.0/i586/clamd-0.91.2-1.1mdv2007.0.i586.rpm
 e39d94f73442dbb2e6bd0034bbc242df  2007.0/i586/clamdmon-0.91.2-1.1mdv2007.0.i586.rpm
 2c886e10cce4b366a2202c0374550d10  2007.0/i586/libclamav-devel-0.91.2-1.1mdv2007.0.i586.rpm
 4b1d3207bfc97d0e75d098e53d227fcf  2007.0/i586/libclamav2-0.91.2-1.1mdv2007.0.i586.rpm 
 46173382db18fa6776e0c11239d34727  2007.0/SRPMS/clamav-0.91.2-1.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 0004b985905afd8cd892d8565d2c6f84  2007.0/x86_64/clamav-0.91.2-1.1mdv2007.0.x86_64.rpm
 604ef50bbb41cba7a46998a872cceb5e  2007.0/x86_64/clamav-db-0.91.2-1.1mdv2007.0.x86_64.rpm
 f451326de1cda70b72f78e799702a714  2007.0/x86_64/clamav-milter-0.91.2-1.1mdv2007.0.x86_64.rpm
 d459c0ce7eb70fa26f473130b9e2aca3  2007.0/x86_64/clamd-0.91.2-1.1mdv2007.0.x86_64.rpm
 7e407178e6b31b27f28ea86a9a812b7e  2007.0/x86_64/clamdmon-0.91.2-1.1mdv2007.0.x86_64.rpm
 194efc9b8d8f454a6d40aa02311550ad  2007.0/x86_64/lib64clamav-devel-0.91.2-1.1mdv2007.0.x86_64.rpm
 7302c856810696ee9d2da5436a26a5f2  2007.0/x86_64/lib64clamav2-0.91.2-1.1mdv2007.0.x86_64.rpm 
 46173382db18fa6776e0c11239d34727  2007.0/SRPMS/clamav-0.91.2-1.1mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 b314b45eda90a4fc914f980063b08f16  2007.1/i586/clamav-0.91.2-1.1mdv2007.1.i586.rpm
 8bbddc576a178213a167285e676f6367  2007.1/i586/clamav-db-0.91.2-1.1mdv2007.1.i586.rpm
 d5fc2163cf848f73a686299866bb8e12  2007.1/i586/clamav-milter-0.91.2-1.1mdv2007.1.i586.rpm
 0da0d4bdf458feb3a8f01e590603277d  2007.1/i586/clamd-0.91.2-1.1mdv2007.1.i586.rpm
 7048492d9a19e3e8805de3838e30efcd  2007.1/i586/clamdmon-0.91.2-1.1mdv2007.1.i586.rpm
 f1a6165d185c2bc8bacc1f6a3f6f0583  2007.1/i586/libclamav-devel-0.91.2-1.1mdv2007.1.i586.rpm
 82626c97b6c4d0ede2affb6dab4bbb20  2007.1/i586/libclamav2-0.91.2-1.1mdv2007.1.i586.rpm 
 1aa3e75e6fd71c98a85671f7073eef53  2007.1/SRPMS/clamav-0.91.2-1.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 ce936aaf4aac71db278525b626f7db71  2007.1/x86_64/clamav-0.91.2-1.1mdv2007.1.x86_64.rpm
 ab831b70524ef3e7e49ad2e421965d10  2007.1/x86_64/clamav-db-0.91.2-1.1mdv2007.1.x86_64.rpm
 053f0b5017f2107edc95e33d77827854  2007.1/x86_64/clamav-milter-0.91.2-1.1mdv2007.1.x86_64.rpm
 29d1c23377beda7601da3bf160620d75  2007.1/x86_64/clamd-0.91.2-1.1mdv2007.1.x86_64.rpm
 f917158048deac5163697c6dbb5882c9  2007.1/x86_64/clamdmon-0.91.2-1.1mdv2007.1.x86_64.rpm
 b0e2b52d8d538f29ffbcfe266a540b67  2007.1/x86_64/lib64clamav-devel-0.91.2-1.1mdv2007.1.x86_64.rpm
 5e3cd3617c0e719bc7af09781e0dfcb6  2007.1/x86_64/lib64clamav2-0.91.2-1.1mdv2007.1.x86_64.rpm 
 1aa3e75e6fd71c98a85671f7073eef53  2007.1/SRPMS/clamav-0.91.2-1.1mdv2007.1.src.rpm

 Corporate 3.0:
 3f54f8a01c5926fe7b5285e1aa5bd8a0  corporate/3.0/i586/clamav-0.91.2-0.1.C30mdk.i586.rpm
 e4f84e94bb49ae6a30db55c0eb3e1f37  corporate/3.0/i586/clamav-db-0.91.2-0.1.C30mdk.i586.rpm
 62b32759d1ef5100c7a9d4df5662df4e  corporate/3.0/i586/clamav-milter-0.91.2-0.1.C30mdk.i586.rpm
 da52811fa2422350fb10aa66b82e7345  corporate/3.0/i586/clamd-0.91.2-0.1.C30mdk.i586.rpm
 5b479b2416b7b2a3185a1ea1444e871d  corporate/3.0/i586/clamdmon-0.91.2-0.1.C30mdk.i586.rpm
 9dac547edcaadc6d91e049dfcfd4c8ef  corporate/3.0/i586/libclamav-devel-0.91.2-0.1.C30mdk.i586.rpm
 549d6c10620fb7440dbf28df5c8a21de  corporate/3.0/i586/libclamav2-0.91.2-0.1.C30mdk.i586.rpm 
 161aad73d855e835420c4e2cc4d37867  corporate/3.0/SRPMS/clamav-0.91.2-0.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 8558b7b8084cd0b0c3d23c1289830947  corporate/3.0/x86_64/clamav-0.91.2-0.1.C30mdk.x86_64.rpm
 62376f79cde45931384e81f267205b54  corporate/3.0/x86_64/clamav-db-0.91.2-0.1.C30mdk.x86_64.rpm
 57d93dd2c249d800de1fa22324b4b688  corporate/3.0/x86_64/clamav-milter-0.91.2-0.1.C30mdk.x86_64.rpm
 5f7cc43fc89623177e3864194d86dd62  corporate/3.0/x86_64/clamd-0.91.2-0.1.C30mdk.x86_64.rpm
 dafb5a003f164d742bcfc2775b1a72ec  corporate/3.0/x86_64/clamdmon-0.91.2-0.1.C30mdk.x86_64.rpm
 29c3fc98485a4912179438b66be722dc  corporate/3.0/x86_64/lib64clamav-devel-0.91.2-0.1.C30mdk.x86_64.rpm
 4a49f8d6b1e652a58216d6f20f9d11e8  corporate/3.0/x86_64/lib64clamav2-0.91.2-0.1.C30mdk.x86_64.rpm 
 161aad73d855e835420c4e2cc4d37867  corporate/3.0/SRPMS/clamav-0.91.2-0.1.C30mdk.src.rpm

 Corporate 4.0:
 77469fc267c49b8727e9c8d7dfbe1dbe  corporate/4.0/i586/clamav-0.91.2-0.1.20060mlcs4.i586.rpm
 524a97ee0a548a61503a3d2805148adb  corporate/4.0/i586/clamav-db-0.91.2-0.1.20060mlcs4.i586.rpm
 b30b5e2ecc63f527a270df87fb236235  corporate/4.0/i586/clamav-milter-0.91.2-0.1.20060mlcs4.i586.rpm
 6fdb3fb5e172ac5142cf668013e18f2a  corporate/4.0/i586/clamd-0.91.2-0.1.20060mlcs4.i586.rpm
 63862acdb343759ad132eb7851de094f  corporate/4.0/i586/clamdmon-0.91.2-0.1.20060mlcs4.i586.rpm
 d8410aeca30a43ef80dba02181eab604  corporate/4.0/i586/libclamav-devel-0.91.2-0.1.20060mlcs4.i586.rpm
 28c9e2d2058116c19230b46686f211af  corporate/4.0/i586/libclamav2-0.91.2-0.1.20060mlcs4.i586.rpm 
 e28ad7b384a7df0d3a457b9cab2e45a5  corporate/4.0/SRPMS/clamav-0.91.2-0.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 23813b996a2fde23ffb7d34c50464576  corporate/4.0/x86_64/clamav-0.91.2-0.1.20060mlcs4.x86_64.rpm
 9de86112dede4437ec8de4792602c697  corporate/4.0/x86_64/clamav-db-0.91.2-0.1.20060mlcs4.x86_64.rpm
 d7c4ca09b53acf38161206b9b0288f50  corporate/4.0/x86_64/clamav-milter-0.91.2-0.1.20060mlcs4.x86_64.rpm
 cc043effd109ea56c076ade68e642007  corporate/4.0/x86_64/clamd-0.91.2-0.1.20060mlcs4.x86_64.rpm
 d84d812febc122043602a7cbef4025f7  corporate/4.0/x86_64/clamdmon-0.91.2-0.1.20060mlcs4.x86_64.rpm
 7d64c08753f48cd26932b0a047a841c6  corporate/4.0/x86_64/lib64clamav-devel-0.91.2-0.1.20060mlcs4.x86_64.rpm
 4c33eb78a714a00844e918c18179ce27  corporate/4.0/x86_64/lib64clamav2-0.91.2-0.1.20060mlcs4.x86_64.rpm 
 e28ad7b384a7df0d3a457b9cab2e45a5  corporate/4.0/SRPMS/clamav-0.91.2-0.1.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFG2JaAmqjQ0CJFipgRAnI0AJ9fgAIDhVfdbipB/oUayk0fVNyMJQCgq/Do
qkx9vOAIP/sETiOBojGnhkQ=
=6TkG
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ