lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <E1JCVCj-0001s8-4z@artemis.annvix.ca>
Date: Wed, 09 Jan 2008 00:18:25 -0700
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2008:003 ] - Updated clamav packages fix multiple
 vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDVSA-2008:003
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : clamav
 Date    : January 8, 2008
 Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 An integer overflow vulnerability was reported by iDefense with clamav
 when parsing Portable Executable (PE) files packed in he MEW format.
 This could be exploited to cause a heap-based buffer overflow
 (CVE-2007-6335).
 
 Toeroek Edwin reported an off-by-one error when decompressing MS-ZIP
 compressed CAB files (CVE-2007-6336).
 
 As well, an unspecified vulnerability related to the bzip2
 decompression algorithm was also discovered (CVE-2007-6337).
 
 Other bugs have also been corrected in 0.92 which is being provided
 with this update.  Because this new version has increased the major
 of the libclamav library, updated dependent packages are also being
 provided.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6335
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6336
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6337
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 fc1ed2d6d7e2fa61e004fd494422e22f  2007.0/i586/clamav-0.92-1.2mdv2007.0.i586.rpm
 0a7dfdfcdc80018d86f8bae73765eb92  2007.0/i586/clamav-db-0.92-1.2mdv2007.0.i586.rpm
 ab2486ddadf2802c9e78430abb4e58fb  2007.0/i586/clamav-milter-0.92-1.2mdv2007.0.i586.rpm
 d2194bbac627a8acafd970db80e20412  2007.0/i586/clamd-0.92-1.2mdv2007.0.i586.rpm
 399a07092d1d78854d632dbe9817d6a5  2007.0/i586/clamdmon-0.92-1.2mdv2007.0.i586.rpm
 47decdf9abd2202411c491e894c79929  2007.0/i586/klamav-0.41-1.2mdv2007.0.i586.rpm
 1d943cf9dee68ffa180a71d858a70380  2007.0/i586/libclamav-devel-0.92-1.2mdv2007.0.i586.rpm
 d989f8d8b42469a13a6d5fc2688bc9b2  2007.0/i586/libclamav3-0.92-1.2mdv2007.0.i586.rpm 
 62bfa2e660093513501a33789363d460  2007.0/SRPMS/clamav-0.92-1.2mdv2007.0.src.rpm
 55e28787b08fb04beff3116e7f8d6493  2007.0/SRPMS/klamav-0.41-1.2mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 95f5232dc3753516030e8535729ab255  2007.0/x86_64/clamav-0.92-1.2mdv2007.0.x86_64.rpm
 e7cebecea23dd203d52d179bf4d134cf  2007.0/x86_64/clamav-db-0.92-1.2mdv2007.0.x86_64.rpm
 ef628aa8fe5942d46aa744732506deed  2007.0/x86_64/clamav-milter-0.92-1.2mdv2007.0.x86_64.rpm
 183e54911edb0cc44973a8fd536637b0  2007.0/x86_64/clamd-0.92-1.2mdv2007.0.x86_64.rpm
 b4518d6bb8613c99a790fe7f38b137c8  2007.0/x86_64/clamdmon-0.92-1.2mdv2007.0.x86_64.rpm
 42f54d20f5532e816129b31cf60413a9  2007.0/x86_64/klamav-0.41-1.2mdv2007.0.x86_64.rpm
 a50b759ceb63183e37f5763b4d1bd717  2007.0/x86_64/lib64clamav-devel-0.92-1.2mdv2007.0.x86_64.rpm
 dafdf9a64ead071f9f04bdf2d4a58e6e  2007.0/x86_64/lib64clamav3-0.92-1.2mdv2007.0.x86_64.rpm 
 62bfa2e660093513501a33789363d460  2007.0/SRPMS/clamav-0.92-1.2mdv2007.0.src.rpm
 55e28787b08fb04beff3116e7f8d6493  2007.0/SRPMS/klamav-0.41-1.2mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 98d49b30e7a6b938af5aaef9a472a25c  2007.1/i586/clamav-0.92-1.2mdv2007.1.i586.rpm
 9bfdaad1a14b3565be36864193ce9840  2007.1/i586/clamav-db-0.92-1.2mdv2007.1.i586.rpm
 4ad6c52459606908986826259d17fa4e  2007.1/i586/clamav-milter-0.92-1.2mdv2007.1.i586.rpm
 bfe81d6d31909889f4a1f9822c6f3c87  2007.1/i586/clamd-0.92-1.2mdv2007.1.i586.rpm
 77591c75d6176061fa120ad5b5329846  2007.1/i586/clamdmon-0.92-1.2mdv2007.1.i586.rpm
 66939dc58639cc283cd4809719379100  2007.1/i586/klamav-0.41-2.1mdv2007.1.i586.rpm
 cf7e4f222f7b1992174c52fc9fa5e5e2  2007.1/i586/libclamav-devel-0.92-1.2mdv2007.1.i586.rpm
 405f62a1609dc6c8ea527bf2479030c1  2007.1/i586/libclamav3-0.92-1.2mdv2007.1.i586.rpm 
 b07c73a90d19f1a9d4c34cb586a51d0b  2007.1/SRPMS/clamav-0.92-1.2mdv2007.1.src.rpm
 45f42d28eb80611716a514aeed60b147  2007.1/SRPMS/klamav-0.41-2.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 0ce7b6c2cc03b1a06812eaa8666a69d7  2007.1/x86_64/clamav-0.92-1.2mdv2007.1.x86_64.rpm
 1d5785bb027b8f554d736b6b480755c2  2007.1/x86_64/clamav-db-0.92-1.2mdv2007.1.x86_64.rpm
 721eeabf6bc31ac026af9a8971a010ee  2007.1/x86_64/clamav-milter-0.92-1.2mdv2007.1.x86_64.rpm
 9d275b05f19ab0fbf8a294345aaf2d46  2007.1/x86_64/clamd-0.92-1.2mdv2007.1.x86_64.rpm
 a20c0c41cdd1fb2a68e157eb7b9c6c37  2007.1/x86_64/clamdmon-0.92-1.2mdv2007.1.x86_64.rpm
 18d5c2a141e17b054b87d98534c18820  2007.1/x86_64/klamav-0.41-2.1mdv2007.1.x86_64.rpm
 bfc5e7ef4a1445d2f529dbd57aec9440  2007.1/x86_64/lib64clamav-devel-0.92-1.2mdv2007.1.x86_64.rpm
 1284fd4541adfb80164a40a17bd367c4  2007.1/x86_64/lib64clamav3-0.92-1.2mdv2007.1.x86_64.rpm 
 b07c73a90d19f1a9d4c34cb586a51d0b  2007.1/SRPMS/clamav-0.92-1.2mdv2007.1.src.rpm
 45f42d28eb80611716a514aeed60b147  2007.1/SRPMS/klamav-0.41-2.1mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 6845c3727edd9c4cd40ab453433b23de  2008.0/i586/clamav-0.92-1.2mdv2008.0.i586.rpm
 be3ee6e6a5507432295ab884b28dd963  2008.0/i586/clamav-db-0.92-1.2mdv2008.0.i586.rpm
 b75df65dda486cbff50a07dfc5f67053  2008.0/i586/clamav-milter-0.92-1.2mdv2008.0.i586.rpm
 d6c5d54b74df8ad54c8c0166a5dfca5a  2008.0/i586/clamd-0.92-1.2mdv2008.0.i586.rpm
 99690d8f46e628ced3d7511c3961d8c8  2008.0/i586/clamdmon-0.92-1.2mdv2008.0.i586.rpm
 a761c21b0b0132567e45e005f4b46d59  2008.0/i586/klamav-0.41.1-2.1mdv2008.0.i586.rpm
 1eca36b7674292f957de5c7809ef7c8f  2008.0/i586/libclamav-devel-0.92-1.2mdv2008.0.i586.rpm
 3b593a73a49128450d7dd0b55d379c87  2008.0/i586/libclamav3-0.92-1.2mdv2008.0.i586.rpm 
 51dc9ab3b42c323547d03de5db226a84  2008.0/SRPMS/clamav-0.92-1.2mdv2008.0.src.rpm
 4257ab503f00c056db9e2d2ec5be92d7  2008.0/SRPMS/klamav-0.41.1-2.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 cde28a6c10e4e649fdc2e76a3c058190  2008.0/x86_64/clamav-0.92-1.2mdv2008.0.x86_64.rpm
 cddc66f6bf586632b3b6372a55dd01d9  2008.0/x86_64/clamav-db-0.92-1.2mdv2008.0.x86_64.rpm
 0f55d2cd2560725241a599eaf4473b16  2008.0/x86_64/clamav-milter-0.92-1.2mdv2008.0.x86_64.rpm
 91c0c8d9a951437a31dce3de060e948e  2008.0/x86_64/clamd-0.92-1.2mdv2008.0.x86_64.rpm
 835e414799fd885acb37697e7a94a0ac  2008.0/x86_64/clamdmon-0.92-1.2mdv2008.0.x86_64.rpm
 c4bb62543906bd0685ef3dedbd1d1eed  2008.0/x86_64/klamav-0.41.1-2.1mdv2008.0.x86_64.rpm
 013062a449726abcdb0e6ac69c0932d1  2008.0/x86_64/lib64clamav-devel-0.92-1.2mdv2008.0.x86_64.rpm
 f6b532ea61bf4213123804b00b7e0d40  2008.0/x86_64/lib64clamav3-0.92-1.2mdv2008.0.x86_64.rpm 
 51dc9ab3b42c323547d03de5db226a84  2008.0/SRPMS/clamav-0.92-1.2mdv2008.0.src.rpm
 4257ab503f00c056db9e2d2ec5be92d7  2008.0/SRPMS/klamav-0.41.1-2.1mdv2008.0.src.rpm

 Corporate 3.0:
 3f2a48e871c6c4a3b0a57d0eaa622a37  corporate/3.0/i586/clamav-0.92-0.2.C30mdk.i586.rpm
 ce3f09c9cbbd81bd2f5b035bf29a5b46  corporate/3.0/i586/clamav-db-0.92-0.2.C30mdk.i586.rpm
 e60f7417cdeddb012eb8b1f5713d63a3  corporate/3.0/i586/clamav-milter-0.92-0.2.C30mdk.i586.rpm
 74f1aee20b5031b0ac067d188f7168fb  corporate/3.0/i586/clamd-0.92-0.2.C30mdk.i586.rpm
 3bb0b303bef626dc9543310c6fb25696  corporate/3.0/i586/clamdmon-0.92-0.2.C30mdk.i586.rpm
 9f6845a740d65133e4ddfc4b3f97c11a  corporate/3.0/i586/libclamav-devel-0.92-0.2.C30mdk.i586.rpm
 5364bdfc013ade1199cd9e95f1587b20  corporate/3.0/i586/libclamav3-0.92-0.2.C30mdk.i586.rpm 
 3706e74c9205d888150c74a5310741e0  corporate/3.0/SRPMS/clamav-0.92-0.2.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 c07a6b3b930907d623ac66abb1b3a599  corporate/3.0/x86_64/clamav-0.92-0.2.C30mdk.x86_64.rpm
 dc5a98c4378b9fd58e9c4dcc149d9708  corporate/3.0/x86_64/clamav-db-0.92-0.2.C30mdk.x86_64.rpm
 93bc3c83d173c8fa6b5f8fba96df8847  corporate/3.0/x86_64/clamav-milter-0.92-0.2.C30mdk.x86_64.rpm
 3038d4e399a7ee4dd07739e91a10a675  corporate/3.0/x86_64/clamd-0.92-0.2.C30mdk.x86_64.rpm
 ed758355a6d8b53bf3a5a5d84124c789  corporate/3.0/x86_64/clamdmon-0.92-0.2.C30mdk.x86_64.rpm
 9546306ca59838c1b35fac61a12297b3  corporate/3.0/x86_64/lib64clamav-devel-0.92-0.2.C30mdk.x86_64.rpm
 5817803ca6185e173127889ae7640589  corporate/3.0/x86_64/lib64clamav3-0.92-0.2.C30mdk.x86_64.rpm 
 3706e74c9205d888150c74a5310741e0  corporate/3.0/SRPMS/clamav-0.92-0.2.C30mdk.src.rpm

 Corporate 4.0:
 09bc97f6d0c3a507537dd5df5d5a2e9e  corporate/4.0/i586/c-icap-client-210205-5.2.20060mlcs4.i586.rpm
 c162b402dd359cef918fca6a4ee55dc4  corporate/4.0/i586/c-icap-modules-210205-5.2.20060mlcs4.i586.rpm
 4ef1e16aa796f03a35e4fde3b2e73c29  corporate/4.0/i586/c-icap-server-210205-5.2.20060mlcs4.i586.rpm
 b300a7fc384f7425c10b5498c703f2c9  corporate/4.0/i586/clamav-0.92-0.2.20060mlcs4.i586.rpm
 2445d34f9632fa547ae0a1884152e7f2  corporate/4.0/i586/clamav-db-0.92-0.2.20060mlcs4.i586.rpm
 4fbf33fa8581f1e9149064bf98286d76  corporate/4.0/i586/clamav-milter-0.92-0.2.20060mlcs4.i586.rpm
 d7975bcedccf63ad68fa1003c39ea38f  corporate/4.0/i586/clamd-0.92-0.2.20060mlcs4.i586.rpm
 1a36e1a5f049193ebc4183116b0efba1  corporate/4.0/i586/clamdmon-0.92-0.2.20060mlcs4.i586.rpm
 d65e1dc78894367ec8778cdd4b3dcaab  corporate/4.0/i586/libc-icap0-210205-5.2.20060mlcs4.i586.rpm
 557e71c20126d3e8e2b3761d618e81b2  corporate/4.0/i586/libc-icap0-devel-210205-5.2.20060mlcs4.i586.rpm
 7547cb16781ef5864049bdbe3be066ca  corporate/4.0/i586/libclamav-devel-0.92-0.2.20060mlcs4.i586.rpm
 8670164705db11dab33cf01aecee05b5  corporate/4.0/i586/libclamav3-0.92-0.2.20060mlcs4.i586.rpm
 4bdc08d830df3e0b8ddc2eada232a83d  corporate/4.0/i586/php-clamav-0.12a-8.2.20060mlcs4.i586.rpm 
 ab588a94a6ae104f6a379dd164fdbb9b  corporate/4.0/SRPMS/c-icap-210205-5.2.20060mlcs4.src.rpm
 f62afc45435fb35b7a24b5a1a9827099  corporate/4.0/SRPMS/clamav-0.92-0.2.20060mlcs4.src.rpm
 1fdbb8cab6b50d1648dcc162f1e9aad8  corporate/4.0/SRPMS/php-clamav-0.12a-8.2.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 f84c1bd0a6e0794991262915dd73682c  corporate/4.0/x86_64/c-icap-client-210205-5.2.20060mlcs4.x86_64.rpm
 1a4cea375f8278d8fa74e578e05b99f8  corporate/4.0/x86_64/c-icap-modules-210205-5.2.20060mlcs4.x86_64.rpm
 c86cf3a99cb02b60686cfafebdabc427  corporate/4.0/x86_64/c-icap-server-210205-5.2.20060mlcs4.x86_64.rpm
 ac36226fb9c603e53c6b8ae0cc834106  corporate/4.0/x86_64/clamav-0.92-0.2.20060mlcs4.x86_64.rpm
 8b6b8043edb52c9510e634a6f5549ffc  corporate/4.0/x86_64/clamav-db-0.92-0.2.20060mlcs4.x86_64.rpm
 80313735603168fa6d4d1cee550b4461  corporate/4.0/x86_64/clamav-milter-0.92-0.2.20060mlcs4.x86_64.rpm
 5edc55a2746cdbfbc9dab0c138cd7904  corporate/4.0/x86_64/clamd-0.92-0.2.20060mlcs4.x86_64.rpm
 bf4df46b323a4184726b02b8551fbb74  corporate/4.0/x86_64/clamdmon-0.92-0.2.20060mlcs4.x86_64.rpm
 3bd7ab884f9e1dce5d127ded6b81cddc  corporate/4.0/x86_64/lib64c-icap0-210205-5.2.20060mlcs4.x86_64.rpm
 6f688ee2b22016964b46dc81c8a075a0  corporate/4.0/x86_64/lib64c-icap0-devel-210205-5.2.20060mlcs4.x86_64.rpm
 a8f718d57e5533e8df7c47cd26f5b2a4  corporate/4.0/x86_64/lib64clamav-devel-0.92-0.2.20060mlcs4.x86_64.rpm
 a7e2bca01fdf9ec52bb277b85260a6f4  corporate/4.0/x86_64/lib64clamav3-0.92-0.2.20060mlcs4.x86_64.rpm
 a0eff3d2addb10828672f26d1ef9aebf  corporate/4.0/x86_64/php-clamav-0.12a-8.2.20060mlcs4.x86_64.rpm 
 ab588a94a6ae104f6a379dd164fdbb9b  corporate/4.0/SRPMS/c-icap-210205-5.2.20060mlcs4.src.rpm
 f62afc45435fb35b7a24b5a1a9827099  corporate/4.0/SRPMS/clamav-0.92-0.2.20060mlcs4.src.rpm
 1fdbb8cab6b50d1648dcc162f1e9aad8  corporate/4.0/SRPMS/php-clamav-0.12a-8.2.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)

iD8DBQFHhEmcmqjQ0CJFipgRAvVeAJ45qzu/QLzIfZj6gtC30oXmGzl8/wCePF5A
vIfEl5eWay4ZlBdo5q23Y4M=
=9O4q
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ