lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <E1KBE0j-0004Ru-5i@titan.mandriva.com>
Date: Tue, 24 Jun 2008 13:17:01 -0600
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2008:122 ] - Updated clamav packages fix
	vulnerability


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDVSA-2008:122
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : clamav
 Date    : June 24, 2008
 Affected: 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 A vulnerability was discovered in ClamAV and corrected with the
 0.93.1 release:
 
 libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers
 to cause a denial of service via a crafted Petite file that triggers
 an out-of-bounds read. (CVE-2008-2713)
 
 Other bugs have also been corrected in 0.93.1 which is being provided
 with this update.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2713
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.1:
 d6e6d5fd080ce50027ef69af38f44a50  2007.1/i586/clamav-0.93.1-1.1mdv2007.1.i586.rpm
 91e412d5f2b30b49fddb09104ddf6bad  2007.1/i586/clamav-db-0.93.1-1.1mdv2007.1.i586.rpm
 c396b6cced87ba57938da86a79e63469  2007.1/i586/clamav-milter-0.93.1-1.1mdv2007.1.i586.rpm
 d79020b041aa6a7956348c799f0e0f8b  2007.1/i586/clamd-0.93.1-1.1mdv2007.1.i586.rpm
 b4c74f702d97e569c4ac3350b5216246  2007.1/i586/libclamav4-0.93.1-1.1mdv2007.1.i586.rpm
 9481877bd226e02ea263df47535d685f  2007.1/i586/libclamav-devel-0.93.1-1.1mdv2007.1.i586.rpm 
 bfeb68ce738cc1c44c89e2e84774a7f6  2007.1/SRPMS/clamav-0.93.1-1.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 dc70398b743d54094b2c9307686de01d  2007.1/x86_64/clamav-0.93.1-1.1mdv2007.1.x86_64.rpm
 5860690f58edb1c7f0a78a46fbb881ed  2007.1/x86_64/clamav-db-0.93.1-1.1mdv2007.1.x86_64.rpm
 a23d6ad5a58dab98d12c93e95d1fdfe9  2007.1/x86_64/clamav-milter-0.93.1-1.1mdv2007.1.x86_64.rpm
 e3be58ba2ce45b05274471a177ef2c6b  2007.1/x86_64/clamd-0.93.1-1.1mdv2007.1.x86_64.rpm
 0f747e4fe79afc573c739cfc4fba3604  2007.1/x86_64/lib64clamav4-0.93.1-1.1mdv2007.1.x86_64.rpm
 d7e202d2f083f1a7672380486eddb63f  2007.1/x86_64/lib64clamav-devel-0.93.1-1.1mdv2007.1.x86_64.rpm 
 bfeb68ce738cc1c44c89e2e84774a7f6  2007.1/SRPMS/clamav-0.93.1-1.1mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 58ebbfd98e8a588581fe00ecb872fc27  2008.0/i586/clamav-0.93.1-1.1mdv2008.0.i586.rpm
 33b0fdde3505f6a3e64790ae8d49c131  2008.0/i586/clamav-db-0.93.1-1.1mdv2008.0.i586.rpm
 318c705eadeb8d0ae72fb997b1b652d9  2008.0/i586/clamav-milter-0.93.1-1.1mdv2008.0.i586.rpm
 a5bcba636bc5a0abb93a6bb62f9666dc  2008.0/i586/clamd-0.93.1-1.1mdv2008.0.i586.rpm
 36fe2a64f4dd63b6787587cee1d2f6d7  2008.0/i586/libclamav4-0.93.1-1.1mdv2008.0.i586.rpm
 64e7f239d476d967e744ec98e8bbaaaf  2008.0/i586/libclamav-devel-0.93.1-1.1mdv2008.0.i586.rpm 
 31794216eeb43c8acde7f66c3c90a407  2008.0/SRPMS/clamav-0.93.1-1.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 841b6933ced6c1bcb4d8df1fe09d9e30  2008.0/x86_64/clamav-0.93.1-1.1mdv2008.0.x86_64.rpm
 773e720c69159676e8187f132c447a51  2008.0/x86_64/clamav-db-0.93.1-1.1mdv2008.0.x86_64.rpm
 1473b1bd46f2d266b9b426cc08c3bd11  2008.0/x86_64/clamav-milter-0.93.1-1.1mdv2008.0.x86_64.rpm
 67665907f1716da0c3d4e31728d2a26d  2008.0/x86_64/clamd-0.93.1-1.1mdv2008.0.x86_64.rpm
 5706994b50ed7b5703b1b455b91d1ee1  2008.0/x86_64/lib64clamav4-0.93.1-1.1mdv2008.0.x86_64.rpm
 cfa7bd1e44c43ecdece379b08baa42d5  2008.0/x86_64/lib64clamav-devel-0.93.1-1.1mdv2008.0.x86_64.rpm 
 31794216eeb43c8acde7f66c3c90a407  2008.0/SRPMS/clamav-0.93.1-1.1mdv2008.0.src.rpm

 Mandriva Linux 2008.1:
 bfb1edc3b761c6d630fb1e4bc5a21684  2008.1/i586/clamav-0.93.1-1.1mdv2008.1.i586.rpm
 0b2bde219f099d8ee612b6ba3578b729  2008.1/i586/clamav-db-0.93.1-1.1mdv2008.1.i586.rpm
 c7a28b464db932b55ee6ea2b37ffa801  2008.1/i586/clamav-milter-0.93.1-1.1mdv2008.1.i586.rpm
 f5516462a89259bb2720872cbff8a773  2008.1/i586/clamd-0.93.1-1.1mdv2008.1.i586.rpm
 4075f7b927cc5a2782170fa189d4061c  2008.1/i586/libclamav4-0.93.1-1.1mdv2008.1.i586.rpm
 b2cac58aa4c6fa30f51f253a1d76d73c  2008.1/i586/libclamav-devel-0.93.1-1.1mdv2008.1.i586.rpm 
 bbcef70312d273a5d64396f547a1b267  2008.1/SRPMS/clamav-0.93.1-1.1mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 25954d96b34972f1eff9f8d5d6131070  2008.1/x86_64/clamav-0.93.1-1.1mdv2008.1.x86_64.rpm
 7f80d7579e298971e218a2b7c55fadd1  2008.1/x86_64/clamav-db-0.93.1-1.1mdv2008.1.x86_64.rpm
 d7b71a1ac5d4776175f54085843e86ff  2008.1/x86_64/clamav-milter-0.93.1-1.1mdv2008.1.x86_64.rpm
 417cc63a86c768f3746c61c6ac2ec756  2008.1/x86_64/clamd-0.93.1-1.1mdv2008.1.x86_64.rpm
 897c52373d843fd8d6913b190008755d  2008.1/x86_64/lib64clamav4-0.93.1-1.1mdv2008.1.x86_64.rpm
 53498a5bcac565ef5bde747fb777a02f  2008.1/x86_64/lib64clamav-devel-0.93.1-1.1mdv2008.1.x86_64.rpm 
 bbcef70312d273a5d64396f547a1b267  2008.1/SRPMS/clamav-0.93.1-1.1mdv2008.1.src.rpm

 Corporate 3.0:
 f0dba56ce30fe45c3182fef7aabeb78a  corporate/3.0/i586/clamav-0.93.1-0.1.C30mdk.i586.rpm
 b2b6b6e8115fb26f1dcbf5d91c964c43  corporate/3.0/i586/clamav-db-0.93.1-0.1.C30mdk.i586.rpm
 8d9abd25a8a10f1a997371773643baae  corporate/3.0/i586/clamav-milter-0.93.1-0.1.C30mdk.i586.rpm
 19180f2835b6fc0d45bc141a71c16f5e  corporate/3.0/i586/clamd-0.93.1-0.1.C30mdk.i586.rpm
 f5fd464df26d56eef9871e389e303961  corporate/3.0/i586/libclamav4-0.93.1-0.1.C30mdk.i586.rpm
 45018ae43f0ae03f792c92ff9a461063  corporate/3.0/i586/libclamav-devel-0.93.1-0.1.C30mdk.i586.rpm 
 c04af720f4cd7977ce56fd8df74aa760  corporate/3.0/SRPMS/clamav-0.93.1-0.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 7c90dbfd62be67c5b80a66851c850115  corporate/3.0/x86_64/clamav-0.93.1-0.1.C30mdk.x86_64.rpm
 9de87454215778b01cf19d28c7f12455  corporate/3.0/x86_64/clamav-db-0.93.1-0.1.C30mdk.x86_64.rpm
 44fa657f08f4002c57a6e285a707fe9a  corporate/3.0/x86_64/clamav-milter-0.93.1-0.1.C30mdk.x86_64.rpm
 dc400142582e2a71c457b5ebc0910d7d  corporate/3.0/x86_64/clamd-0.93.1-0.1.C30mdk.x86_64.rpm
 6b1b886bc76a5d74bbce14b940cfc041  corporate/3.0/x86_64/lib64clamav4-0.93.1-0.1.C30mdk.x86_64.rpm
 38209d7e42fee1ed11b546d3051e9469  corporate/3.0/x86_64/lib64clamav-devel-0.93.1-0.1.C30mdk.x86_64.rpm 
 c04af720f4cd7977ce56fd8df74aa760  corporate/3.0/SRPMS/clamav-0.93.1-0.1.C30mdk.src.rpm

 Corporate 4.0:
 60f05b344ae9cce445e0dca85ab2c81e  corporate/4.0/i586/clamav-0.93.1-0.1.20060mlcs4.i586.rpm
 bf703aa241b7f4b6bb6d8c7c3ebe3ea1  corporate/4.0/i586/clamav-db-0.93.1-0.1.20060mlcs4.i586.rpm
 380accf13269177a90345c43f5747493  corporate/4.0/i586/clamav-milter-0.93.1-0.1.20060mlcs4.i586.rpm
 f07c62afc0fae6bef7b70c1a8ff41bff  corporate/4.0/i586/clamd-0.93.1-0.1.20060mlcs4.i586.rpm
 c320f5224c4c58a7cbc4e089c6ccd23c  corporate/4.0/i586/libclamav4-0.93.1-0.1.20060mlcs4.i586.rpm
 85bf45fcda26e4604c805dda06525949  corporate/4.0/i586/libclamav-devel-0.93.1-0.1.20060mlcs4.i586.rpm 
 4aed1ebe1a76e5ab5b82f7a473089f16  corporate/4.0/SRPMS/clamav-0.93.1-0.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 4ec940e0deecd0ee8e1d40e6e3677f7e  corporate/4.0/x86_64/clamav-0.93.1-0.1.20060mlcs4.x86_64.rpm
 93b41555ee924c7d121e2c1bf45cd197  corporate/4.0/x86_64/clamav-db-0.93.1-0.1.20060mlcs4.x86_64.rpm
 704f979eb6e9685ea75e3b4f68006cd9  corporate/4.0/x86_64/clamav-milter-0.93.1-0.1.20060mlcs4.x86_64.rpm
 6d77b053863261b147cfbba7a769cedc  corporate/4.0/x86_64/clamd-0.93.1-0.1.20060mlcs4.x86_64.rpm
 6920e123961a36b004938ba3356a3875  corporate/4.0/x86_64/lib64clamav4-0.93.1-0.1.20060mlcs4.x86_64.rpm
 a63edc2a6f9e36bdfb372baa0c2eab99  corporate/4.0/x86_64/lib64clamav-devel-0.93.1-0.1.20060mlcs4.x86_64.rpm 
 4aed1ebe1a76e5ab5b82f7a473089f16  corporate/4.0/SRPMS/clamav-0.93.1-0.1.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIYRxRmqjQ0CJFipgRAu/IAJ0dVKtK+0T0C9izy9ZwAoNNqnqm0QCeL0Yz
+ycX4AzT0q2FQrJAj70RJbU=
=/9gL
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ