lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1KdHs1-0007XP-CZ@titan.mandriva.com>
Date: Tue, 09 Sep 2008 23:04:01 -0600
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2008:189 ] clamav


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2008:189
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : clamav
 Date    : September 9, 2008
 Affected: 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities were discovered in ClamAV and corrected with
 the 0.94 release, including:
 
 A vulnerability in ClamAV's chm-parser allowed remote attackers to
 cause a denial of service (application crash) via a malformed CHM file
 (CVE-2008-1389).
 
 A vulnerability in libclamav would allow attackers to cause a
 denial of service via vectors related to an out-of-memory condition
 (CVE-2008-3912).
 
 Multiple memory leaks were found in ClamAV that could possibly allow
 attackers to cause a denial of service via excessive memory consumption
 (CVE-2008-3913).
 
 A number of unspecified vulnerabilities in ClamAV were reported that
 have an unknown impact and attack vectors related to file descriptor
 leaks (CVE-2008-3914).
 
 Other bugs have also been corrected in 0.94 which is being provided
 with this update.  Because this new version has increased the major
 of the libclamav library, updated dependent packages are also being
 provided.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1389
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3912
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3913
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3914
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2007.1:
 5a59d6fe5e4fc3dfeffa930bf1bfbade  2007.1/i586/clamav-0.94-1.1mdv2007.1.i586.rpm
 6699ae8d7a278a4546bd16b8edd92b80  2007.1/i586/clamav-db-0.94-1.1mdv2007.1.i586.rpm
 369affe714278781d07748aa9aa3282d  2007.1/i586/clamav-milter-0.94-1.1mdv2007.1.i586.rpm
 a34884b3416c7039bfe0307329a75469  2007.1/i586/clamd-0.94-1.1mdv2007.1.i586.rpm
 326099a42cc04963de5a4e6c32d9295e  2007.1/i586/klamav-0.44-1.1mdv2007.1.i586.rpm
 3dac3a08b8077d6367ca22bf9b8b5731  2007.1/i586/libclamav5-0.94-1.1mdv2007.1.i586.rpm
 329b46ef055ea610b9baa0a364cce0b0  2007.1/i586/libclamav-devel-0.94-1.1mdv2007.1.i586.rpm 
 685aea74c200241fdf8ef9fc6f4e4e7b  2007.1/SRPMS/clamav-0.94-1.1mdv2007.1.src.rpm
 25b939eb3abfe70374edf4f314f7d2bc  2007.1/SRPMS/klamav-0.44-1.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 19b119eeae8187c820a56681ec003bd2  2007.1/x86_64/clamav-0.94-1.1mdv2007.1.x86_64.rpm
 44f1c6f2729a154a4d5b92b9b0185b37  2007.1/x86_64/clamav-db-0.94-1.1mdv2007.1.x86_64.rpm
 c4a07f4bd14120db422b196f32c491fe  2007.1/x86_64/clamav-milter-0.94-1.1mdv2007.1.x86_64.rpm
 4ac4af22079d824c87f83224bb0a5e0a  2007.1/x86_64/clamd-0.94-1.1mdv2007.1.x86_64.rpm
 577fa90a30d5b2f47fbd730bf6abcd1f  2007.1/x86_64/klamav-0.44-1.1mdv2007.1.x86_64.rpm
 7bcfa45a9c5b60eb9a1a6eac3a9e475c  2007.1/x86_64/lib64clamav5-0.94-1.1mdv2007.1.x86_64.rpm
 f2aaa85f2e0504a380dec20f644efecc  2007.1/x86_64/lib64clamav-devel-0.94-1.1mdv2007.1.x86_64.rpm 
 685aea74c200241fdf8ef9fc6f4e4e7b  2007.1/SRPMS/clamav-0.94-1.1mdv2007.1.src.rpm
 25b939eb3abfe70374edf4f314f7d2bc  2007.1/SRPMS/klamav-0.44-1.1mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 07c42704f9eb9c8030f801f229304b3e  2008.0/i586/clamav-0.94-1.1mdv2008.0.i586.rpm
 5103d15263284af283399e0eeb71296a  2008.0/i586/clamav-db-0.94-1.1mdv2008.0.i586.rpm
 2cf2f1d21d5428c8a26a80d6a70e8a34  2008.0/i586/clamav-milter-0.94-1.1mdv2008.0.i586.rpm
 fc53823cb1b73eb75c008a3ebc21193a  2008.0/i586/clamd-0.94-1.1mdv2008.0.i586.rpm
 67b1edd4b40dbc10e3594e79a9016f0e  2008.0/i586/klamav-0.44-1.1mdv2008.0.i586.rpm
 779bd44fb23ab3d7c38a0ebef3382938  2008.0/i586/libclamav5-0.94-1.1mdv2008.0.i586.rpm
 2ec3fb577dc1da56af0481f197e2000d  2008.0/i586/libclamav-devel-0.94-1.1mdv2008.0.i586.rpm 
 fff2dc6701ea1a7e458e0c7305d7c4b4  2008.0/SRPMS/clamav-0.94-1.1mdv2008.0.src.rpm
 790d1fafeb9d594a4ef8b0815f3262b2  2008.0/SRPMS/klamav-0.44-1.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 19a38a3e0dd4b8110978001c9e00983c  2008.0/x86_64/clamav-0.94-1.1mdv2008.0.x86_64.rpm
 7d656ec44f2bb5ff2b0fec6bafa7df70  2008.0/x86_64/clamav-db-0.94-1.1mdv2008.0.x86_64.rpm
 836b5f5b80d43e8deccc568c4ab13d29  2008.0/x86_64/clamav-milter-0.94-1.1mdv2008.0.x86_64.rpm
 3fcf6e4b59d7b7478f54293fcd2ee645  2008.0/x86_64/clamd-0.94-1.1mdv2008.0.x86_64.rpm
 2ce435e797aff93eaa669bddd07c80f5  2008.0/x86_64/klamav-0.44-1.1mdv2008.0.x86_64.rpm
 24e564b09aa2da8b990341faaaed48e7  2008.0/x86_64/lib64clamav5-0.94-1.1mdv2008.0.x86_64.rpm
 f3aad5e06843c9b3e2d02ad200061e0e  2008.0/x86_64/lib64clamav-devel-0.94-1.1mdv2008.0.x86_64.rpm 
 fff2dc6701ea1a7e458e0c7305d7c4b4  2008.0/SRPMS/clamav-0.94-1.1mdv2008.0.src.rpm
 790d1fafeb9d594a4ef8b0815f3262b2  2008.0/SRPMS/klamav-0.44-1.1mdv2008.0.src.rpm

 Mandriva Linux 2008.1:
 d14bdc1a6449db5cc1503bd4d333e8a2  2008.1/i586/clamav-0.94-1.1mdv2008.1.i586.rpm
 f95700d3c9261ad949057511d3b39387  2008.1/i586/clamav-db-0.94-1.1mdv2008.1.i586.rpm
 8cab4ed20a974f34a94072792c453abf  2008.1/i586/clamav-milter-0.94-1.1mdv2008.1.i586.rpm
 ff0295e9d76ee583ea0c0fb89b40ba6a  2008.1/i586/clamd-0.94-1.1mdv2008.1.i586.rpm
 4cfb25dc61c3d00d16d443ac8d71c052  2008.1/i586/klamav-0.44-1.1mdv2008.1.i586.rpm
 9abb23ad9e2ec08d6b6148061e7b3e24  2008.1/i586/libclamav5-0.94-1.1mdv2008.1.i586.rpm
 20e9761482e5765c383342ddb643dfb9  2008.1/i586/libclamav-devel-0.94-1.1mdv2008.1.i586.rpm 
 23368e250d024f656f712f5a0b5bc3bc  2008.1/SRPMS/clamav-0.94-1.1mdv2008.1.src.rpm
 51eb63fc4854a6c46825a39402147437  2008.1/SRPMS/klamav-0.44-1.1mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 d88cf6080b3a47b047eaf3e827be42b1  2008.1/x86_64/clamav-0.94-1.1mdv2008.1.x86_64.rpm
 c321391a081c4984d8d1d4af58fbffbf  2008.1/x86_64/clamav-db-0.94-1.1mdv2008.1.x86_64.rpm
 70de3af2a8328433a6f4d72f61a660f5  2008.1/x86_64/clamav-milter-0.94-1.1mdv2008.1.x86_64.rpm
 4fe6e4e61ed33e410c42a4fdcb2777da  2008.1/x86_64/clamd-0.94-1.1mdv2008.1.x86_64.rpm
 358502ecc7472c604ddf3866babed94c  2008.1/x86_64/klamav-0.44-1.1mdv2008.1.x86_64.rpm
 1bb70d6027a0dcaafe8c912da2564c01  2008.1/x86_64/lib64clamav5-0.94-1.1mdv2008.1.x86_64.rpm
 72a395c410a865baf22039dd818cfb5d  2008.1/x86_64/lib64clamav-devel-0.94-1.1mdv2008.1.x86_64.rpm 
 23368e250d024f656f712f5a0b5bc3bc  2008.1/SRPMS/clamav-0.94-1.1mdv2008.1.src.rpm
 51eb63fc4854a6c46825a39402147437  2008.1/SRPMS/klamav-0.44-1.1mdv2008.1.src.rpm

 Corporate 3.0:
 e93f24829e71cbb4c6973212a4cb5c1d  corporate/3.0/i586/clamav-0.94-0.1.C30mdk.i586.rpm
 01110930b9a011ec3c2b869fd530ca85  corporate/3.0/i586/clamav-db-0.94-0.1.C30mdk.i586.rpm
 8b324ab6f153cd7759970419835c5ba1  corporate/3.0/i586/clamav-milter-0.94-0.1.C30mdk.i586.rpm
 da5919de6d6af23a15f01d2c10395816  corporate/3.0/i586/clamd-0.94-0.1.C30mdk.i586.rpm
 a4744ab31ab50dd4a6d59ef8e2210577  corporate/3.0/i586/libclamav5-0.94-0.1.C30mdk.i586.rpm
 2006ba6b8290823b02845ccca756bda5  corporate/3.0/i586/libclamav-devel-0.94-0.1.C30mdk.i586.rpm 
 df19860c88af93ae2275e4b527bda574  corporate/3.0/SRPMS/clamav-0.94-0.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 061e89b360cb74b9698f0b666b01343e  corporate/3.0/x86_64/clamav-0.94-0.1.C30mdk.x86_64.rpm
 7ec8f85eb723e4b9bd2dca8d5795e126  corporate/3.0/x86_64/clamav-db-0.94-0.1.C30mdk.x86_64.rpm
 f63a221901108574637658fed82f57cf  corporate/3.0/x86_64/clamav-milter-0.94-0.1.C30mdk.x86_64.rpm
 c4c56997738d082e962e861a7405c210  corporate/3.0/x86_64/clamd-0.94-0.1.C30mdk.x86_64.rpm
 c471da2ab426a2577f3888da6bf77df9  corporate/3.0/x86_64/lib64clamav5-0.94-0.1.C30mdk.x86_64.rpm
 041c58953f77a64e20b9edeb1221c73c  corporate/3.0/x86_64/lib64clamav-devel-0.94-0.1.C30mdk.x86_64.rpm 
 df19860c88af93ae2275e4b527bda574  corporate/3.0/SRPMS/clamav-0.94-0.1.C30mdk.src.rpm

 Corporate 4.0:
 84f0a6d8c90804b06c8074cb9a7ab621  corporate/4.0/i586/c-icap-client-210205-5.4.20060mlcs4.i586.rpm
 23afb1e453c7077a251b661d5dea808a  corporate/4.0/i586/c-icap-modules-210205-5.4.20060mlcs4.i586.rpm
 a75af557cae299cd1f8a278edbc9d64d  corporate/4.0/i586/c-icap-server-210205-5.4.20060mlcs4.i586.rpm
 a8edffaa0508064336ee47ea3b7d99be  corporate/4.0/i586/clamav-0.94-0.1.20060mlcs4.i586.rpm
 30dc5ee939826f645dab35982c73573a  corporate/4.0/i586/clamav-db-0.94-0.1.20060mlcs4.i586.rpm
 fd93ef196d826ef6f25cbc6a03b57a19  corporate/4.0/i586/clamav-milter-0.94-0.1.20060mlcs4.i586.rpm
 6e47ad078994176a38981d4f74bd9287  corporate/4.0/i586/clamd-0.94-0.1.20060mlcs4.i586.rpm
 d50fdc2cb0cf4164f285f5ef95765181  corporate/4.0/i586/libc-icap0-210205-5.4.20060mlcs4.i586.rpm
 95c97459c5f13eba7abfc1c596c38b80  corporate/4.0/i586/libc-icap0-devel-210205-5.4.20060mlcs4.i586.rpm
 1c99feb33772166e3df3b75c4df89e1c  corporate/4.0/i586/libclamav5-0.94-0.1.20060mlcs4.i586.rpm
 dd88b657b21629ad8fe1c771342e33ef  corporate/4.0/i586/libclamav-devel-0.94-0.1.20060mlcs4.i586.rpm
 b159933a3ce58f7b391a19ebdf75942b  corporate/4.0/i586/php-clamav-0.12a-8.4.20060mlcs4.i586.rpm 
 62d716a3300fb873d47434d641f4f7ad  corporate/4.0/SRPMS/c-icap-210205-5.4.20060mlcs4.src.rpm
 dd77e56abc4257fb59763d82d3117298  corporate/4.0/SRPMS/clamav-0.94-0.1.20060mlcs4.src.rpm
 bd5a8bd48df696c6418005569e4d1507  corporate/4.0/SRPMS/php-clamav-0.12a-8.4.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 6e8ff3ecc2727cb734bcf68180a3fb4c  corporate/4.0/x86_64/c-icap-client-210205-5.4.20060mlcs4.x86_64.rpm
 f3d8f2f3bd1042d689270bf00ef3f252  corporate/4.0/x86_64/c-icap-modules-210205-5.4.20060mlcs4.x86_64.rpm
 f5a52f8c00b6d80f69f93ec0fe87de26  corporate/4.0/x86_64/c-icap-server-210205-5.4.20060mlcs4.x86_64.rpm
 276bb5c9a8aec3e352c355afa0481c72  corporate/4.0/x86_64/clamav-0.94-0.1.20060mlcs4.x86_64.rpm
 f4f71f69e34638e62b1c04697dc05bac  corporate/4.0/x86_64/clamav-db-0.94-0.1.20060mlcs4.x86_64.rpm
 6dc12eff63f75ea48f2451f59698fba1  corporate/4.0/x86_64/clamav-milter-0.94-0.1.20060mlcs4.x86_64.rpm
 3cd934074f8d9154f7056e89ba431fde  corporate/4.0/x86_64/clamd-0.94-0.1.20060mlcs4.x86_64.rpm
 4e5bd806c6d28ccf575041515c39b3bd  corporate/4.0/x86_64/lib64c-icap0-210205-5.4.20060mlcs4.x86_64.rpm
 5f81b7013bc43fca8d9d3a3e9f7373c9  corporate/4.0/x86_64/lib64c-icap0-devel-210205-5.4.20060mlcs4.x86_64.rpm
 fa45fbd491723c28d3a431d75d98391b  corporate/4.0/x86_64/lib64clamav5-0.94-0.1.20060mlcs4.x86_64.rpm
 199b59888f0db12c05a669d0d9f12688  corporate/4.0/x86_64/lib64clamav-devel-0.94-0.1.20060mlcs4.x86_64.rpm
 dc9a2900fa35e6eed3b65fead293b161  corporate/4.0/x86_64/php-clamav-0.12a-8.4.20060mlcs4.x86_64.rpm 
 62d716a3300fb873d47434d641f4f7ad  corporate/4.0/SRPMS/c-icap-210205-5.4.20060mlcs4.src.rpm
 dd77e56abc4257fb59763d82d3117298  corporate/4.0/SRPMS/clamav-0.94-0.1.20060mlcs4.src.rpm
 bd5a8bd48df696c6418005569e4d1507  corporate/4.0/SRPMS/php-clamav-0.12a-8.4.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIxyZYmqjQ0CJFipgRAjkUAJ4qLTbQKMwCijUO8yt3hZeKPIZxsQCfQuKL
s8pgnFPooN4iKraqvbGh3cA=
=TNvu
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ