| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 17 Oct 2006 16:27:00 -0600 From: security@...driva.com To: full-disclosure@...ts.grok.org.uk Subject: [ MDKSA-2006:184 ] - Updated clamav packages fix vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2006:184 http://www.mandriva.com/security/ _______________________________________________________________________ Package : clamav Date : October 17, 2006 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0 _______________________________________________________________________ Problem Description: An integer overflow in previous versions of ClamAV could allow a remote attacker to cause a Denial of Service (scanning service crash) and execute arbitrary code via a Portable Executable (PE) file (CVE-2006-4182). Another vulnerability could allow a remote attacker to cause a DoS via a crafted compressed HTML (CHM) file that causes ClamAV to read an invalid memory location (CVE-2006-5295). These issues are corrected in ClamAV 0.88.5 which is provided with this update. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4182 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5295 _______________________________________________________________________ Updated Packages: Mandriva Linux 2006.0: 7257c6d81308efe7ef181575b87ec174 2006.0/i586/clamav-0.88.5-0.1.20060mdk.i586.rpm d0d67d3e7532642e12f6cea52ec8e363 2006.0/i586/clamav-db-0.88.5-0.1.20060mdk.i586.rpm d304e0ffb807bb475e79b237809c46a2 2006.0/i586/clamav-milter-0.88.5-0.1.20060mdk.i586.rpm a0660e5fb904772f52bdb50d7a6766fb 2006.0/i586/clamd-0.88.5-0.1.20060mdk.i586.rpm 36f0e822513b958144cd4105c706862b 2006.0/i586/libclamav1-0.88.5-0.1.20060mdk.i586.rpm a5c42f7006936f045ee0ee46b089f0ee 2006.0/i586/libclamav1-devel-0.88.5-0.1.20060mdk.i586.rpm cc16fc225d1d56d0595874228cd8070b 2006.0/SRPMS/clamav-0.88.5-0.1.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 1ee38fa91df468c30a0b8c071f473fc0 2006.0/x86_64/clamav-0.88.5-0.1.20060mdk.x86_64.rpm 9a1f38a560272945495b4b05cb94578b 2006.0/x86_64/clamav-db-0.88.5-0.1.20060mdk.x86_64.rpm c35c88d15873ad4ce7a05b743b6842b4 2006.0/x86_64/clamav-milter-0.88.5-0.1.20060mdk.x86_64.rpm 1cd4471b8a3319047625662d1ac07ba4 2006.0/x86_64/clamd-0.88.5-0.1.20060mdk.x86_64.rpm f4e78be55de9eb6fb235248cbff62f36 2006.0/x86_64/lib64clamav1-0.88.5-0.1.20060mdk.x86_64.rpm a3e754c122085472bcb693ca31f161c7 2006.0/x86_64/lib64clamav1-devel-0.88.5-0.1.20060mdk.x86_64.rpm cc16fc225d1d56d0595874228cd8070b 2006.0/SRPMS/clamav-0.88.5-0.1.20060mdk.src.rpm Mandriva Linux 2007.0: 8432a3683591374c2e9ad286ce6ceb70 2007.0/i586/clamav-0.88.5-1.1mdv2007.0.i586.rpm 2e9e1fb63f250ca953fe06d066968b88 2007.0/i586/clamav-db-0.88.5-1.1mdv2007.0.i586.rpm e76fc6017f13f8de7927be403d077510 2007.0/i586/clamav-milter-0.88.5-1.1mdv2007.0.i586.rpm 74742fc0f062e71dc23af86fcac8a253 2007.0/i586/clamd-0.88.5-1.1mdv2007.0.i586.rpm 226952cb531ea0fa12347a464714e409 2007.0/i586/libclamav1-0.88.5-1.1mdv2007.0.i586.rpm 8d8bd491ed7dd5be480656d205f8ca69 2007.0/i586/libclamav1-devel-0.88.5-1.1mdv2007.0.i586.rpm b1473a05737ecf0bf7d4d3ccdb8bbe21 2007.0/SRPMS/clamav-0.88.5-1.1mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: ec998ee65a8c0277446dcf901abbd901 2007.0/x86_64/clamav-0.88.5-1.1mdv2007.0.x86_64.rpm 27a2344aa2a12f4675b5603c80afbbf8 2007.0/x86_64/clamav-db-0.88.5-1.1mdv2007.0.x86_64.rpm e9107857a1f585ebe285b12656833a00 2007.0/x86_64/clamav-milter-0.88.5-1.1mdv2007.0.x86_64.rpm cb15222f0d1af2f030defd8fad981a53 2007.0/x86_64/clamd-0.88.5-1.1mdv2007.0.x86_64.rpm fff09c60e23b76a5d56cf0408309b920 2007.0/x86_64/lib64clamav1-0.88.5-1.1mdv2007.0.x86_64.rpm 54a9559d2577bf834ddb2d269d4da1f4 2007.0/x86_64/lib64clamav1-devel-0.88.5-1.1mdv2007.0.x86_64.rpm b1473a05737ecf0bf7d4d3ccdb8bbe21 2007.0/SRPMS/clamav-0.88.5-1.1mdv2007.0.src.rpm Corporate 3.0: 68f85c25ebbe918bad56cedcf995a189 corporate/3.0/i586/clamav-0.88.5-0.1.C30mdk.i586.rpm f0079a03a83690746c47eaac22a58585 corporate/3.0/i586/clamav-db-0.88.5-0.1.C30mdk.i586.rpm c27d329d0801f0c7d164c0e569c68e2b corporate/3.0/i586/clamav-milter-0.88.5-0.1.C30mdk.i586.rpm df44fa4ceda48f1cf7c3053ee1891e65 corporate/3.0/i586/clamd-0.88.5-0.1.C30mdk.i586.rpm f1e11299f2083a1a52b68bf0ee89037a corporate/3.0/i586/libclamav1-0.88.5-0.1.C30mdk.i586.rpm 6b2fe309926b86b83ca29b76ad611672 corporate/3.0/i586/libclamav1-devel-0.88.5-0.1.C30mdk.i586.rpm 683a0d9c4efe743a6cc9d07b818f067a corporate/3.0/SRPMS/clamav-0.88.5-0.1.C30mdk.src.rpm Corporate 3.0/X86_64: b3544b024bf20115b62d3d209c5bc087 corporate/3.0/x86_64/clamav-0.88.5-0.1.C30mdk.x86_64.rpm 03a9fddd95374f6f77dff6cca8b99524 corporate/3.0/x86_64/clamav-db-0.88.5-0.1.C30mdk.x86_64.rpm 810a7025eff37a6a1382299dd643eb7d corporate/3.0/x86_64/clamav-milter-0.88.5-0.1.C30mdk.x86_64.rpm 70ac3e42511e94348f7abc519a33b486 corporate/3.0/x86_64/clamd-0.88.5-0.1.C30mdk.x86_64.rpm b73cc847f492ebaeb4be946eeafb8727 corporate/3.0/x86_64/lib64clamav1-0.88.5-0.1.C30mdk.x86_64.rpm 13ae64b28effa69f671d1ba15f66ad36 corporate/3.0/x86_64/lib64clamav1-devel-0.88.5-0.1.C30mdk.x86_64.rpm 683a0d9c4efe743a6cc9d07b818f067a corporate/3.0/SRPMS/clamav-0.88.5-0.1.C30mdk.src.rpm Corporate 4.0: 08675f7f9190ece69a25710adaecf4f7 corporate/4.0/i586/clamav-0.88.5-0.1.20060mlcs4.i586.rpm 25334fa761a4fabdf54a58e7b0f816c9 corporate/4.0/i586/clamav-db-0.88.5-0.1.20060mlcs4.i586.rpm eb2f5b811c13df00bcb6d8cbd48ddd56 corporate/4.0/i586/clamav-milter-0.88.5-0.1.20060mlcs4.i586.rpm 136398c2a827e64e9090fb54d09038af corporate/4.0/i586/clamd-0.88.5-0.1.20060mlcs4.i586.rpm ce07174bf64d73244eece879a30cbd24 corporate/4.0/i586/libclamav1-0.88.5-0.1.20060mlcs4.i586.rpm 2ab18a6b380c61528afc8300c63ce69a corporate/4.0/i586/libclamav1-devel-0.88.5-0.1.20060mlcs4.i586.rpm f4cb68b37b1866f70520881d89fd3718 corporate/4.0/SRPMS/clamav-0.88.5-0.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: 6b08a2c1b74209be1b2eb024f868687f corporate/4.0/x86_64/clamav-0.88.5-0.1.20060mlcs4.x86_64.rpm 2b566bb7262e0d81c8443953d974c69f corporate/4.0/x86_64/clamav-db-0.88.5-0.1.20060mlcs4.x86_64.rpm 6d16860abac0a7fb31992ca3ef21052c corporate/4.0/x86_64/clamav-milter-0.88.5-0.1.20060mlcs4.x86_64.rpm eab31907b6561495acb164328c272ce0 corporate/4.0/x86_64/clamd-0.88.5-0.1.20060mlcs4.x86_64.rpm 7a260e2c3a524d259027c8e54c63adb4 corporate/4.0/x86_64/lib64clamav1-0.88.5-0.1.20060mlcs4.x86_64.rpm 3ba6065a13cfd18d7b73366872ea8ccd corporate/4.0/x86_64/lib64clamav1-devel-0.88.5-0.1.20060mlcs4.x86_64.rpm f4cb68b37b1866f70520881d89fd3718 corporate/4.0/SRPMS/clamav-0.88.5-0.1.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFFNSuKmqjQ0CJFipgRAisVAKDL332h+poNjniQ+sr0FoGO9Zx7LQCgjQx9 6FE0xddk5MrCZvz/NulZeGk= =VdLo -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists