lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1HlZDr-0000kU-N1@artemis.annvix.ca>
Date: Tue, 08 May 2007 17:35:59 -0600
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDKSA-2007:098 ] - Updated clamav packages fix
	vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:098
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : clamav
 Date    : May 8, 2007
 Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 iDefense discovered a stack-based overflow in ClamAV when processing
 negative values in .cab files.  As well, multiple file descriptor
 leaks were also reported and fixed in chmunpack.c, pdf.c, and dblock.c.
 
 This update provides ClamAV 0.90.2 which corrects these problems and
 provides new functionality.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1745
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1997
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2029
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 2211d014f7a41fecf3543d070c837e44  2007.0/i586/clamav-0.90.2-0.1mdv2007.0.i586.rpm
 adc001c225820b471b885d503b2d4024  2007.0/i586/clamav-db-0.90.2-0.1mdv2007.0.i586.rpm
 d28b8f139d2403752b15ba697e6eadd0  2007.0/i586/clamav-milter-0.90.2-0.1mdv2007.0.i586.rpm
 5cec07e5d90e84f0debf815ecb2ede71  2007.0/i586/clamd-0.90.2-0.1mdv2007.0.i586.rpm
 ee47227b4b6326fd14e83c9de9e7cbb4  2007.0/i586/clamdmon-0.90.2-0.1mdv2007.0.i586.rpm
 a247f15680cb1241501f2c0fb2bc5a37  2007.0/i586/klamav-0.41-1.1mdv2007.0.i586.rpm
 03eafa5c78a08817c7f68ffa2a26e227  2007.0/i586/libclamav2-0.90.2-0.1mdv2007.0.i586.rpm
 f0fe00bc99509c274e9299c5c4f2e826  2007.0/i586/libclamav2-devel-0.90.2-0.1mdv2007.0.i586.rpm 
 734908b5ac8c5be5b2eb6f81bec48ff1  2007.0/SRPMS/clamav-0.90.2-0.1mdv2007.0.src.rpm
 12fbdd09557d707bf504812eed80b465  2007.0/SRPMS/klamav-0.41-1.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 a973070e92d5f552f266ab358758b030  2007.0/x86_64/clamav-0.90.2-0.1mdv2007.0.x86_64.rpm
 75c2edc25e52e6333551b0499e286d5c  2007.0/x86_64/clamav-db-0.90.2-0.1mdv2007.0.x86_64.rpm
 4d39eb785e6f9443ee42face36763d34  2007.0/x86_64/clamav-milter-0.90.2-0.1mdv2007.0.x86_64.rpm
 acc40047d1fe5da83457ef359f87e782  2007.0/x86_64/clamd-0.90.2-0.1mdv2007.0.x86_64.rpm
 75759e440426cf13519df17b2da0c17c  2007.0/x86_64/clamdmon-0.90.2-0.1mdv2007.0.x86_64.rpm
 d0cc97c4371ee167f7eae74d1107c5fb  2007.0/x86_64/klamav-0.41-1.1mdv2007.0.x86_64.rpm
 a8cac84de32f5e1ba0b1b8fbfa130b08  2007.0/x86_64/lib64clamav2-0.90.2-0.1mdv2007.0.x86_64.rpm
 40b9b5405014a71edd89cf322c8861df  2007.0/x86_64/lib64clamav2-devel-0.90.2-0.1mdv2007.0.x86_64.rpm 
 734908b5ac8c5be5b2eb6f81bec48ff1  2007.0/SRPMS/clamav-0.90.2-0.1mdv2007.0.src.rpm
 12fbdd09557d707bf504812eed80b465  2007.0/SRPMS/klamav-0.41-1.1mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 b66652a1809ff0c230e3129ac526ace7  2007.1/i586/clamav-0.90.2-0.1mdv2007.1.i586.rpm
 97e6eafe866048eb71ee63ff11d16201  2007.1/i586/clamav-db-0.90.2-0.1mdv2007.1.i586.rpm
 0c5fae41b4c1fe85b81eb75a6d8534a5  2007.1/i586/clamav-milter-0.90.2-0.1mdv2007.1.i586.rpm
 1c696bad757573fda0e1c357bd2b3f94  2007.1/i586/clamd-0.90.2-0.1mdv2007.1.i586.rpm
 5326be823bd03d1862ec80df806ff3a9  2007.1/i586/clamdmon-0.90.2-0.1mdv2007.1.i586.rpm
 00b506cdbd8fa1f1e8d9562af554a256  2007.1/i586/libclamav2-0.90.2-0.1mdv2007.1.i586.rpm
 1bcd5c07927cbfa748f1fa14adcaf32f  2007.1/i586/libclamav2-devel-0.90.2-0.1mdv2007.1.i586.rpm 
 99e141d5bf907e80bccc2a261c73f6cb  2007.1/SRPMS/clamav-0.90.2-0.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 dbd0b824a83133472fff2a7c2a3530b2  2007.1/x86_64/clamav-0.90.2-0.1mdv2007.1.x86_64.rpm
 0b8a4382b934d7be71c5fe540ad10ab5  2007.1/x86_64/clamav-db-0.90.2-0.1mdv2007.1.x86_64.rpm
 3bcfc76f7625f3714b35ef4200aa99cc  2007.1/x86_64/clamav-milter-0.90.2-0.1mdv2007.1.x86_64.rpm
 36b8e72269a9a12c3c9c3c4c59328fa7  2007.1/x86_64/clamd-0.90.2-0.1mdv2007.1.x86_64.rpm
 6f71a0eb70f3eb6a19911f6f001a73ff  2007.1/x86_64/clamdmon-0.90.2-0.1mdv2007.1.x86_64.rpm
 2f5e5bdfcaa015200759bb27e07e19d9  2007.1/x86_64/lib64clamav2-0.90.2-0.1mdv2007.1.x86_64.rpm
 8bf574ff5e1c85ceb007cd32f9250338  2007.1/x86_64/lib64clamav2-devel-0.90.2-0.1mdv2007.1.x86_64.rpm 
 99e141d5bf907e80bccc2a261c73f6cb  2007.1/SRPMS/clamav-0.90.2-0.1mdv2007.1.src.rpm

 Corporate 3.0:
 7177b4d6df8e60e37821352032294aad  corporate/3.0/i586/clamav-0.90.2-0.1.C30mdk.i586.rpm
 6594a9a2a4660bf7e3c28d34c3aea9df  corporate/3.0/i586/clamav-db-0.90.2-0.1.C30mdk.i586.rpm
 714c0f5fd4ef194e8bd9ad030e107021  corporate/3.0/i586/clamav-milter-0.90.2-0.1.C30mdk.i586.rpm
 c9229860b392eacb6d4040f64ad88352  corporate/3.0/i586/clamd-0.90.2-0.1.C30mdk.i586.rpm
 224eca2e27437172c91a59d215e826f2  corporate/3.0/i586/clamdmon-0.90.2-0.1.C30mdk.i586.rpm
 d1dd71ea52d5374a454a9294b0880fd4  corporate/3.0/i586/libclamav2-0.90.2-0.1.C30mdk.i586.rpm
 19f25b3205aa94fda72f44168aed2028  corporate/3.0/i586/libclamav2-devel-0.90.2-0.1.C30mdk.i586.rpm 
 402a2628de0406f83a8355cafbcc8e94  corporate/3.0/SRPMS/clamav-0.90.2-0.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 baad173e6ba203123e7cf9d72d9fd87d  corporate/3.0/x86_64/clamav-0.90.2-0.1.C30mdk.x86_64.rpm
 3af73e5679e71443627f5dd7c746f8f9  corporate/3.0/x86_64/clamav-db-0.90.2-0.1.C30mdk.x86_64.rpm
 e0b507c47a3ba01c3b483046f57cd259  corporate/3.0/x86_64/clamav-milter-0.90.2-0.1.C30mdk.x86_64.rpm
 02aa3bd204c989513390bd9de44d7057  corporate/3.0/x86_64/clamd-0.90.2-0.1.C30mdk.x86_64.rpm
 8d694e8bfc706d05175c97361e97c0e9  corporate/3.0/x86_64/clamdmon-0.90.2-0.1.C30mdk.x86_64.rpm
 0a61abf70d61bbc6f07105a9d0f9a9c3  corporate/3.0/x86_64/lib64clamav2-0.90.2-0.1.C30mdk.x86_64.rpm
 18ca9e42714171b0746f5a3f210996d0  corporate/3.0/x86_64/lib64clamav2-devel-0.90.2-0.1.C30mdk.x86_64.rpm 
 402a2628de0406f83a8355cafbcc8e94  corporate/3.0/SRPMS/clamav-0.90.2-0.1.C30mdk.src.rpm

 Corporate 4.0:
 b33f0f1a46978f586d682af51092abe4  corporate/4.0/i586/c-icap-client-210205-5.1.20060mlcs4.i586.rpm
 67cd22f5673e1d0d36d58a12c0dbfacf  corporate/4.0/i586/c-icap-modules-210205-5.1.20060mlcs4.i586.rpm
 264415e016eb40a623aa03be2d169ef1  corporate/4.0/i586/c-icap-server-210205-5.1.20060mlcs4.i586.rpm
 89de04208221deb6e202341e221e22aa  corporate/4.0/i586/clamav-0.90.2-0.1.20060mlcs4.i586.rpm
 046c3e89778d1f3a703cd6cc0a91448c  corporate/4.0/i586/clamav-db-0.90.2-0.1.20060mlcs4.i586.rpm
 f75e267641b15349179abf2986bcdb18  corporate/4.0/i586/clamav-milter-0.90.2-0.1.20060mlcs4.i586.rpm
 795fb04fa95831df69fdd5274982e946  corporate/4.0/i586/clamd-0.90.2-0.1.20060mlcs4.i586.rpm
 91ce75ba655023dab2b333b3d2bf62c1  corporate/4.0/i586/clamdmon-0.90.2-0.1.20060mlcs4.i586.rpm
 1f636943dd042678f9d8c9809f169fac  corporate/4.0/i586/libc-icap0-210205-5.1.20060mlcs4.i586.rpm
 9f57d65028742b02f27ddba2ccdfe2fc  corporate/4.0/i586/libc-icap0-devel-210205-5.1.20060mlcs4.i586.rpm
 73f67fbbc2bf8bf73f08c5d3cfbd9954  corporate/4.0/i586/libclamav2-0.90.2-0.1.20060mlcs4.i586.rpm
 f2a5be7820b47affb9f4aa05d2f092bf  corporate/4.0/i586/libclamav2-devel-0.90.2-0.1.20060mlcs4.i586.rpm
 bc8d6245b59b292efa62f0384e3a4496  corporate/4.0/i586/php-clamav-0.12a-8.1.20060mlcs4.i586.rpm 
 2a300f3338ab1ead23803f85d21fcba1  corporate/4.0/SRPMS/c-icap-210205-5.1.20060mlcs4.src.rpm
 bb0912083f6bd93a445d719aaf753bb9  corporate/4.0/SRPMS/clamav-0.90.2-0.1.20060mlcs4.src.rpm
 b2a5fa75cd2b51fb189f5d02a5e488af  corporate/4.0/SRPMS/php-clamav-0.12a-8.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 5d9d40eb769b02f7d7224357c1976911  corporate/4.0/x86_64/c-icap-client-210205-5.1.20060mlcs4.x86_64.rpm
 9e45bc3b7a9a21a79a71bf474cc2ebb8  corporate/4.0/x86_64/c-icap-modules-210205-5.1.20060mlcs4.x86_64.rpm
 30d67094e3c9b15913c0164a36380d4f  corporate/4.0/x86_64/c-icap-server-210205-5.1.20060mlcs4.x86_64.rpm
 ba3d82a0d0438624eba148d318e9b2e0  corporate/4.0/x86_64/clamav-0.90.2-0.1.20060mlcs4.x86_64.rpm
 61fb486f94ac177c0ccba8fa631ad858  corporate/4.0/x86_64/clamav-db-0.90.2-0.1.20060mlcs4.x86_64.rpm
 45f636a882ca7c43b4c688b329a01636  corporate/4.0/x86_64/clamav-milter-0.90.2-0.1.20060mlcs4.x86_64.rpm
 6e97062d240678b656c29d7b726c0d83  corporate/4.0/x86_64/clamd-0.90.2-0.1.20060mlcs4.x86_64.rpm
 8a91c0cee441f1e769fbbc0d9b10aa40  corporate/4.0/x86_64/clamdmon-0.90.2-0.1.20060mlcs4.x86_64.rpm
 bf9b3cebac8cc981f4ebaccb15939aa9  corporate/4.0/x86_64/lib64c-icap0-210205-5.1.20060mlcs4.x86_64.rpm
 2aa193ba4b144d983d87a75dbd3299cf  corporate/4.0/x86_64/lib64c-icap0-devel-210205-5.1.20060mlcs4.x86_64.rpm
 a61eddbda5c2165f8b968b02e3c579f3  corporate/4.0/x86_64/lib64clamav2-0.90.2-0.1.20060mlcs4.x86_64.rpm
 fb99d38a11d56577ba41e310f092ff40  corporate/4.0/x86_64/lib64clamav2-devel-0.90.2-0.1.20060mlcs4.x86_64.rpm
 c837cbe17ea5d462f2bc885f5bd0f23d  corporate/4.0/x86_64/php-clamav-0.12a-8.1.20060mlcs4.x86_64.rpm 
 2a300f3338ab1ead23803f85d21fcba1  corporate/4.0/SRPMS/c-icap-210205-5.1.20060mlcs4.src.rpm
 bb0912083f6bd93a445d719aaf753bb9  corporate/4.0/SRPMS/clamav-0.90.2-0.1.20060mlcs4.src.rpm
 b2a5fa75cd2b51fb189f5d02a5e488af  corporate/4.0/SRPMS/php-clamav-0.12a-8.1.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGQN3vmqjQ0CJFipgRAvW0AJ41MvnKYdVhQ/88XubBD+9/ojK9CwCg81SP
VBiIWZmqOEKz0iYWl0EVTNA=
=ydtv
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ