lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <E1HvNW7-0007XK-5f@artemis.annvix.ca>
Date: Mon, 04 Jun 2007 19:07:23 -0600
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDKSA-2007:115 ] - Updated clamav packages fix
	vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:115
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : clamav
 Date    : June 4, 2007
 Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 A vulnerability in the OLE2 parser in ClamAV was found that could
 allow a remote attacker to cause a denial of service via resource
 consumption with a carefully crafted OLE2 file.
 
 Other vulnerabilities and bugs have also been corrected in 0.90.3
 which is being provided with this update.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2650
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 8f807a16b18ddd17fdcbbf563f0b225c  2007.0/i586/clamav-0.90.3-0.1mdv2007.0.i586.rpm
 afcb2de5f26cc1fc07499cea6e5f4ffd  2007.0/i586/clamav-db-0.90.3-0.1mdv2007.0.i586.rpm
 3ea7af875ea79a1efb2aec03e4e70e7e  2007.0/i586/clamav-milter-0.90.3-0.1mdv2007.0.i586.rpm
 498a8e05cb31451382562c22dd8c6ca8  2007.0/i586/clamd-0.90.3-0.1mdv2007.0.i586.rpm
 90cecf4adbf717672b54e5a18250447d  2007.0/i586/clamdmon-0.90.3-0.1mdv2007.0.i586.rpm
 4c2b036b761d67aef27349f3bf6de11d  2007.0/i586/libclamav2-0.90.3-0.1mdv2007.0.i586.rpm
 667c354d70642e8663edd469506fb488  2007.0/i586/libclamav2-devel-0.90.3-0.1mdv2007.0.i586.rpm 
 e472e368da522072b20a7773f4db5d22  2007.0/SRPMS/clamav-0.90.3-0.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 15636a6d8f3fd6537350b0a1b67741c3  2007.0/x86_64/clamav-0.90.3-0.1mdv2007.0.x86_64.rpm
 097ede19d694a7f2d8d103bd16f9864b  2007.0/x86_64/clamav-db-0.90.3-0.1mdv2007.0.x86_64.rpm
 68ebe1e39a0b25211e6c9dbeddcdefa6  2007.0/x86_64/clamav-milter-0.90.3-0.1mdv2007.0.x86_64.rpm
 f0bd264bfdadc816759a438308b82cd7  2007.0/x86_64/clamd-0.90.3-0.1mdv2007.0.x86_64.rpm
 30b6eb173aa40c39b6cd191433387a26  2007.0/x86_64/clamdmon-0.90.3-0.1mdv2007.0.x86_64.rpm
 5164562d6affcacc64ade14d3acd23cd  2007.0/x86_64/lib64clamav2-0.90.3-0.1mdv2007.0.x86_64.rpm
 b86a1162638401a101a08b52689df150  2007.0/x86_64/lib64clamav2-devel-0.90.3-0.1mdv2007.0.x86_64.rpm 
 e472e368da522072b20a7773f4db5d22  2007.0/SRPMS/clamav-0.90.3-0.1mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 378ad782e37e018e1e553d7c351ea358  2007.1/i586/clamav-0.90.3-0.1mdv2007.1.i586.rpm
 d083214002090ae15d36c9463c78c29c  2007.1/i586/clamav-db-0.90.3-0.1mdv2007.1.i586.rpm
 5316d47473a5c284f40fdb21c08b9d28  2007.1/i586/clamav-milter-0.90.3-0.1mdv2007.1.i586.rpm
 ff430af11f2ba37bbcb521f93d71030a  2007.1/i586/clamd-0.90.3-0.1mdv2007.1.i586.rpm
 ab9cac6d55dc192b5ffcaa5f356f6821  2007.1/i586/clamdmon-0.90.3-0.1mdv2007.1.i586.rpm
 06daf5c409b7931ca02e88f85048225a  2007.1/i586/libclamav2-0.90.3-0.1mdv2007.1.i586.rpm
 eb59ec3314ae85a0a2c400d725c1d984  2007.1/i586/libclamav2-devel-0.90.3-0.1mdv2007.1.i586.rpm 
 22132cc15d14520edd635019d06b874e  2007.1/SRPMS/clamav-0.90.3-0.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 03d79b409aa5c87570222a600ac92915  2007.1/x86_64/clamav-0.90.3-0.1mdv2007.1.x86_64.rpm
 7cb3f180fa1bfc6cdaae4a7ae4088dc2  2007.1/x86_64/clamav-db-0.90.3-0.1mdv2007.1.x86_64.rpm
 850deaafd4bb64b4c6a35772fffbd369  2007.1/x86_64/clamav-milter-0.90.3-0.1mdv2007.1.x86_64.rpm
 9f3e3f88497ce3b769f5f6f7e05fd8ca  2007.1/x86_64/clamd-0.90.3-0.1mdv2007.1.x86_64.rpm
 6f38934bee43286ecf2b8f7049c6dd1f  2007.1/x86_64/clamdmon-0.90.3-0.1mdv2007.1.x86_64.rpm
 94f315377e8f33b936fff253eaa4e847  2007.1/x86_64/lib64clamav2-0.90.3-0.1mdv2007.1.x86_64.rpm
 c7c1458f005b09c23bb2affb7b9aae0c  2007.1/x86_64/lib64clamav2-devel-0.90.3-0.1mdv2007.1.x86_64.rpm 
 22132cc15d14520edd635019d06b874e  2007.1/SRPMS/clamav-0.90.3-0.1mdv2007.1.src.rpm

 Corporate 3.0:
 d173ea9451a336aa56e834f1cd3d4882  corporate/3.0/i586/clamav-0.90.3-0.1.C30mdk.i586.rpm
 2694fbbd622a5b312a523bc16993ff1c  corporate/3.0/i586/clamav-db-0.90.3-0.1.C30mdk.i586.rpm
 647afdc7fcec85cc9190e2680b35000c  corporate/3.0/i586/clamav-milter-0.90.3-0.1.C30mdk.i586.rpm
 2646c5e3f81c8d0b35229205bbba5344  corporate/3.0/i586/clamd-0.90.3-0.1.C30mdk.i586.rpm
 bfd73b522c6d7cda7e7dd995a6e7e79b  corporate/3.0/i586/clamdmon-0.90.3-0.1.C30mdk.i586.rpm
 aeca41b4f44f1f7ccbee306816f34259  corporate/3.0/i586/libclamav2-0.90.3-0.1.C30mdk.i586.rpm
 78e8398b8f4b8663b0a0684acd6bd938  corporate/3.0/i586/libclamav2-devel-0.90.3-0.1.C30mdk.i586.rpm 
 3bdca91be114543785b82ff8da904c16  corporate/3.0/SRPMS/clamav-0.90.3-0.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 9d3ee2af6dbb5595bdbb1db33344bda5  corporate/3.0/x86_64/clamav-0.90.3-0.1.C30mdk.x86_64.rpm
 22b70bcf86a90f84702f722a5eb5dbf1  corporate/3.0/x86_64/clamav-db-0.90.3-0.1.C30mdk.x86_64.rpm
 6b9e3874400f1417318cac606a13bdec  corporate/3.0/x86_64/clamav-milter-0.90.3-0.1.C30mdk.x86_64.rpm
 e18e2aab82234f1d6c4441e20fea15f0  corporate/3.0/x86_64/clamd-0.90.3-0.1.C30mdk.x86_64.rpm
 0deb01240f12850c04b68e1b664fbb6a  corporate/3.0/x86_64/clamdmon-0.90.3-0.1.C30mdk.x86_64.rpm
 e47416fc1e17beb2b99b804181272c79  corporate/3.0/x86_64/lib64clamav2-0.90.3-0.1.C30mdk.x86_64.rpm
 5c90229eb99e94aa932fb33290ec555b  corporate/3.0/x86_64/lib64clamav2-devel-0.90.3-0.1.C30mdk.x86_64.rpm 
 3bdca91be114543785b82ff8da904c16  corporate/3.0/SRPMS/clamav-0.90.3-0.1.C30mdk.src.rpm

 Corporate 4.0:
 a21c2b1fb87e9fffacd85820727e2ffe  corporate/4.0/i586/clamav-0.90.3-0.1.20060mlcs4.i586.rpm
 a7ae50da3c78dde47323fec240aa36d3  corporate/4.0/i586/clamav-db-0.90.3-0.1.20060mlcs4.i586.rpm
 8ec25cea1228b0ba1bf15c9eea095de3  corporate/4.0/i586/clamav-milter-0.90.3-0.1.20060mlcs4.i586.rpm
 c8dfe521c3578b1df2d1e0a2c5e71e4f  corporate/4.0/i586/clamd-0.90.3-0.1.20060mlcs4.i586.rpm
 32dfdd00de21829792926c8c004f3cde  corporate/4.0/i586/clamdmon-0.90.3-0.1.20060mlcs4.i586.rpm
 23849d5c8ab87ba99e746e4b3f28542c  corporate/4.0/i586/libclamav2-0.90.3-0.1.20060mlcs4.i586.rpm
 8fc0841ab5d68e340e1fbe1289b407bb  corporate/4.0/i586/libclamav2-devel-0.90.3-0.1.20060mlcs4.i586.rpm 
 0b3f79671ad392182f4dbc810862565f  corporate/4.0/SRPMS/clamav-0.90.3-0.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 8ad7c2d47152f95df1a85603bed0ed6f  corporate/4.0/x86_64/clamav-0.90.3-0.1.20060mlcs4.x86_64.rpm
 ee676819dcdcc147f4464892751113a6  corporate/4.0/x86_64/clamav-db-0.90.3-0.1.20060mlcs4.x86_64.rpm
 4e6f85c45c5acad11628a2f6246ddd7c  corporate/4.0/x86_64/clamav-milter-0.90.3-0.1.20060mlcs4.x86_64.rpm
 a1fe3eb1c616bd40f0d289a1ba17969d  corporate/4.0/x86_64/clamd-0.90.3-0.1.20060mlcs4.x86_64.rpm
 d982b68a08dd7937518a2586ec01f0d7  corporate/4.0/x86_64/clamdmon-0.90.3-0.1.20060mlcs4.x86_64.rpm
 31b0aa61a5c53209d9958b99118fbc44  corporate/4.0/x86_64/lib64clamav2-0.90.3-0.1.20060mlcs4.x86_64.rpm
 dc14036a8b0862eff5db9da5f6622c87  corporate/4.0/x86_64/lib64clamav2-devel-0.90.3-0.1.20060mlcs4.x86_64.rpm 
 0b3f79671ad392182f4dbc810862565f  corporate/4.0/SRPMS/clamav-0.90.3-0.1.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGZIvVmqjQ0CJFipgRAqKFAJ9NN5N1g9d5BVPImqTEpuNLuCWE3gCgnQZH
nA89R8r/ADEJybA3wf+crQ0=
=Y8wF
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ