lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1GZxOm-00076M-U8@mercury.mandriva.com>
Date: Tue, 17 Oct 2006 16:27:00 -0600
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDKSA-2006:184 ] - Updated clamav packages fix
	vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:184
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : clamav
 Date    : October 17, 2006
 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 An integer overflow in previous versions of ClamAV could allow a remote
 attacker to cause a Denial of Service (scanning service crash) and
 execute arbitrary code via a Portable Executable (PE) file
 (CVE-2006-4182).

 Another vulnerability could allow a remote attacker to cause a DoS via
 a crafted compressed HTML (CHM) file that causes ClamAV to read an
 invalid memory location (CVE-2006-5295).

 These issues are corrected in ClamAV 0.88.5 which is provided with this
 update.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4182
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5295
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 7257c6d81308efe7ef181575b87ec174  2006.0/i586/clamav-0.88.5-0.1.20060mdk.i586.rpm
 d0d67d3e7532642e12f6cea52ec8e363  2006.0/i586/clamav-db-0.88.5-0.1.20060mdk.i586.rpm
 d304e0ffb807bb475e79b237809c46a2  2006.0/i586/clamav-milter-0.88.5-0.1.20060mdk.i586.rpm
 a0660e5fb904772f52bdb50d7a6766fb  2006.0/i586/clamd-0.88.5-0.1.20060mdk.i586.rpm
 36f0e822513b958144cd4105c706862b  2006.0/i586/libclamav1-0.88.5-0.1.20060mdk.i586.rpm
 a5c42f7006936f045ee0ee46b089f0ee  2006.0/i586/libclamav1-devel-0.88.5-0.1.20060mdk.i586.rpm 
 cc16fc225d1d56d0595874228cd8070b  2006.0/SRPMS/clamav-0.88.5-0.1.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 1ee38fa91df468c30a0b8c071f473fc0  2006.0/x86_64/clamav-0.88.5-0.1.20060mdk.x86_64.rpm
 9a1f38a560272945495b4b05cb94578b  2006.0/x86_64/clamav-db-0.88.5-0.1.20060mdk.x86_64.rpm
 c35c88d15873ad4ce7a05b743b6842b4  2006.0/x86_64/clamav-milter-0.88.5-0.1.20060mdk.x86_64.rpm
 1cd4471b8a3319047625662d1ac07ba4  2006.0/x86_64/clamd-0.88.5-0.1.20060mdk.x86_64.rpm
 f4e78be55de9eb6fb235248cbff62f36  2006.0/x86_64/lib64clamav1-0.88.5-0.1.20060mdk.x86_64.rpm
 a3e754c122085472bcb693ca31f161c7  2006.0/x86_64/lib64clamav1-devel-0.88.5-0.1.20060mdk.x86_64.rpm 
 cc16fc225d1d56d0595874228cd8070b  2006.0/SRPMS/clamav-0.88.5-0.1.20060mdk.src.rpm

 Mandriva Linux 2007.0:
 8432a3683591374c2e9ad286ce6ceb70  2007.0/i586/clamav-0.88.5-1.1mdv2007.0.i586.rpm
 2e9e1fb63f250ca953fe06d066968b88  2007.0/i586/clamav-db-0.88.5-1.1mdv2007.0.i586.rpm
 e76fc6017f13f8de7927be403d077510  2007.0/i586/clamav-milter-0.88.5-1.1mdv2007.0.i586.rpm
 74742fc0f062e71dc23af86fcac8a253  2007.0/i586/clamd-0.88.5-1.1mdv2007.0.i586.rpm
 226952cb531ea0fa12347a464714e409  2007.0/i586/libclamav1-0.88.5-1.1mdv2007.0.i586.rpm
 8d8bd491ed7dd5be480656d205f8ca69  2007.0/i586/libclamav1-devel-0.88.5-1.1mdv2007.0.i586.rpm 
 b1473a05737ecf0bf7d4d3ccdb8bbe21  2007.0/SRPMS/clamav-0.88.5-1.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 ec998ee65a8c0277446dcf901abbd901  2007.0/x86_64/clamav-0.88.5-1.1mdv2007.0.x86_64.rpm
 27a2344aa2a12f4675b5603c80afbbf8  2007.0/x86_64/clamav-db-0.88.5-1.1mdv2007.0.x86_64.rpm
 e9107857a1f585ebe285b12656833a00  2007.0/x86_64/clamav-milter-0.88.5-1.1mdv2007.0.x86_64.rpm
 cb15222f0d1af2f030defd8fad981a53  2007.0/x86_64/clamd-0.88.5-1.1mdv2007.0.x86_64.rpm
 fff09c60e23b76a5d56cf0408309b920  2007.0/x86_64/lib64clamav1-0.88.5-1.1mdv2007.0.x86_64.rpm
 54a9559d2577bf834ddb2d269d4da1f4  2007.0/x86_64/lib64clamav1-devel-0.88.5-1.1mdv2007.0.x86_64.rpm 
 b1473a05737ecf0bf7d4d3ccdb8bbe21  2007.0/SRPMS/clamav-0.88.5-1.1mdv2007.0.src.rpm

 Corporate 3.0:
 68f85c25ebbe918bad56cedcf995a189  corporate/3.0/i586/clamav-0.88.5-0.1.C30mdk.i586.rpm
 f0079a03a83690746c47eaac22a58585  corporate/3.0/i586/clamav-db-0.88.5-0.1.C30mdk.i586.rpm
 c27d329d0801f0c7d164c0e569c68e2b  corporate/3.0/i586/clamav-milter-0.88.5-0.1.C30mdk.i586.rpm
 df44fa4ceda48f1cf7c3053ee1891e65  corporate/3.0/i586/clamd-0.88.5-0.1.C30mdk.i586.rpm
 f1e11299f2083a1a52b68bf0ee89037a  corporate/3.0/i586/libclamav1-0.88.5-0.1.C30mdk.i586.rpm
 6b2fe309926b86b83ca29b76ad611672  corporate/3.0/i586/libclamav1-devel-0.88.5-0.1.C30mdk.i586.rpm 
 683a0d9c4efe743a6cc9d07b818f067a  corporate/3.0/SRPMS/clamav-0.88.5-0.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 b3544b024bf20115b62d3d209c5bc087  corporate/3.0/x86_64/clamav-0.88.5-0.1.C30mdk.x86_64.rpm
 03a9fddd95374f6f77dff6cca8b99524  corporate/3.0/x86_64/clamav-db-0.88.5-0.1.C30mdk.x86_64.rpm
 810a7025eff37a6a1382299dd643eb7d  corporate/3.0/x86_64/clamav-milter-0.88.5-0.1.C30mdk.x86_64.rpm
 70ac3e42511e94348f7abc519a33b486  corporate/3.0/x86_64/clamd-0.88.5-0.1.C30mdk.x86_64.rpm
 b73cc847f492ebaeb4be946eeafb8727  corporate/3.0/x86_64/lib64clamav1-0.88.5-0.1.C30mdk.x86_64.rpm
 13ae64b28effa69f671d1ba15f66ad36  corporate/3.0/x86_64/lib64clamav1-devel-0.88.5-0.1.C30mdk.x86_64.rpm 
 683a0d9c4efe743a6cc9d07b818f067a  corporate/3.0/SRPMS/clamav-0.88.5-0.1.C30mdk.src.rpm

 Corporate 4.0:
 08675f7f9190ece69a25710adaecf4f7  corporate/4.0/i586/clamav-0.88.5-0.1.20060mlcs4.i586.rpm
 25334fa761a4fabdf54a58e7b0f816c9  corporate/4.0/i586/clamav-db-0.88.5-0.1.20060mlcs4.i586.rpm
 eb2f5b811c13df00bcb6d8cbd48ddd56  corporate/4.0/i586/clamav-milter-0.88.5-0.1.20060mlcs4.i586.rpm
 136398c2a827e64e9090fb54d09038af  corporate/4.0/i586/clamd-0.88.5-0.1.20060mlcs4.i586.rpm
 ce07174bf64d73244eece879a30cbd24  corporate/4.0/i586/libclamav1-0.88.5-0.1.20060mlcs4.i586.rpm
 2ab18a6b380c61528afc8300c63ce69a  corporate/4.0/i586/libclamav1-devel-0.88.5-0.1.20060mlcs4.i586.rpm 
 f4cb68b37b1866f70520881d89fd3718  corporate/4.0/SRPMS/clamav-0.88.5-0.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 6b08a2c1b74209be1b2eb024f868687f  corporate/4.0/x86_64/clamav-0.88.5-0.1.20060mlcs4.x86_64.rpm
 2b566bb7262e0d81c8443953d974c69f  corporate/4.0/x86_64/clamav-db-0.88.5-0.1.20060mlcs4.x86_64.rpm
 6d16860abac0a7fb31992ca3ef21052c  corporate/4.0/x86_64/clamav-milter-0.88.5-0.1.20060mlcs4.x86_64.rpm
 eab31907b6561495acb164328c272ce0  corporate/4.0/x86_64/clamd-0.88.5-0.1.20060mlcs4.x86_64.rpm
 7a260e2c3a524d259027c8e54c63adb4  corporate/4.0/x86_64/lib64clamav1-0.88.5-0.1.20060mlcs4.x86_64.rpm
 3ba6065a13cfd18d7b73366872ea8ccd  corporate/4.0/x86_64/lib64clamav1-devel-0.88.5-0.1.20060mlcs4.x86_64.rpm 
 f4cb68b37b1866f70520881d89fd3718  corporate/4.0/SRPMS/clamav-0.88.5-0.1.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFNSuKmqjQ0CJFipgRAisVAKDL332h+poNjniQ+sr0FoGO9Zx7LQCgjQx9
6FE0xddk5MrCZvz/NulZeGk=
=VdLo
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ