lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1Kg3vQ-0002ps-TG@titan.mandriva.com>
Date: Wed, 17 Sep 2008 14:47:00 -0600
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2008:189-1 ] clamav


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                       MDVSA-2008:189-1
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : clamav
 Date    : September 17, 2008
 Affected: 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities were discovered in ClamAV and corrected with
 the 0.94 release, including:
 
 A vulnerability in ClamAV's chm-parser allowed remote attackers to
 cause a denial of service (application crash) via a malformed CHM file
 (CVE-2008-1389).
 
 A vulnerability in libclamav would allow attackers to cause a
 denial of service via vectors related to an out-of-memory condition
 (CVE-2008-3912).
 
 Multiple memory leaks were found in ClamAV that could possibly allow
 attackers to cause a denial of service via excessive memory consumption
 (CVE-2008-3913).
 
 A number of unspecified vulnerabilities in ClamAV were reported that
 have an unknown impact and attack vectors related to file descriptor
 leaks (CVE-2008-3914).
 
 Other bugs have also been corrected in 0.94 which is being provided
 with this update.  Because this new version has increased the major
 of the libclamav library, updated dependent packages are also being
 provided.

 Update:

 The previous update had experimental support enabled, which caused
 ClamAV to report the version as 0.94-exp rather than 0.94, causing
 ClamAV to produce bogus warnings about the installation being outdated.
 This update corrects that problem.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1389
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3912
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3913
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3914
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2007.1:
 0a25d62f32a3c966ee9e76c432a8f66c  2007.1/i586/clamav-0.94-1.2mdv2007.1.i586.rpm
 1d09a763a87cec980197a08b2f35165e  2007.1/i586/clamav-db-0.94-1.2mdv2007.1.i586.rpm
 38722d74b8b0d3dc4b74fc52a54dbfb2  2007.1/i586/clamav-milter-0.94-1.2mdv2007.1.i586.rpm
 89dd6d42f8589ce2875d5084cb071c9f  2007.1/i586/clamd-0.94-1.2mdv2007.1.i586.rpm
 801c2876daf733a9025c10901c7405e4  2007.1/i586/libclamav5-0.94-1.2mdv2007.1.i586.rpm
 33987a0962f91d2a2628d973f5d0de94  2007.1/i586/libclamav-devel-0.94-1.2mdv2007.1.i586.rpm 
 c99406a567c644554d94097e01f41c8d  2007.1/SRPMS/clamav-0.94-1.2mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 06e233d27087cd7145eb75fc9550b066  2007.1/x86_64/clamav-0.94-1.2mdv2007.1.x86_64.rpm
 fbd81101cd1c69678aec16dd3d9bfb98  2007.1/x86_64/clamav-db-0.94-1.2mdv2007.1.x86_64.rpm
 e63b3498b5bb80f7072a10bad3151635  2007.1/x86_64/clamav-milter-0.94-1.2mdv2007.1.x86_64.rpm
 7d921405d8a9c644485fc9678c82d8ca  2007.1/x86_64/clamd-0.94-1.2mdv2007.1.x86_64.rpm
 1e59d172b59333bc6be9ae19a7ff048c  2007.1/x86_64/lib64clamav5-0.94-1.2mdv2007.1.x86_64.rpm
 535fa5c7bd6c3fd47395646eacb981fc  2007.1/x86_64/lib64clamav-devel-0.94-1.2mdv2007.1.x86_64.rpm 
 c99406a567c644554d94097e01f41c8d  2007.1/SRPMS/clamav-0.94-1.2mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 1f635668a04c527f0d28e7c91a052b6c  2008.0/i586/clamav-0.94-1.2mdv2008.0.i586.rpm
 7fbbe9d76f899b145c8b09c249f3ffb6  2008.0/i586/clamav-db-0.94-1.2mdv2008.0.i586.rpm
 ee15c45dfb4a21cf06ed93909bc414c7  2008.0/i586/clamav-milter-0.94-1.2mdv2008.0.i586.rpm
 f85888d63c8cc6e9dd5a869e002af304  2008.0/i586/clamd-0.94-1.2mdv2008.0.i586.rpm
 b0f807f3a60eae7832948cd6dd8e3a85  2008.0/i586/libclamav5-0.94-1.2mdv2008.0.i586.rpm
 bbd10195c02e49e2261e2860766f48d9  2008.0/i586/libclamav-devel-0.94-1.2mdv2008.0.i586.rpm 
 da6badadd19fe759da6f97acf6dde724  2008.0/SRPMS/clamav-0.94-1.2mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 e0748f08124aa8fc792518365100fed4  2008.0/x86_64/clamav-0.94-1.2mdv2008.0.x86_64.rpm
 0827a1bce7f2c1c9467a1f5994fdfd7a  2008.0/x86_64/clamav-db-0.94-1.2mdv2008.0.x86_64.rpm
 04b1282f274807a33ad263df59b4389b  2008.0/x86_64/clamav-milter-0.94-1.2mdv2008.0.x86_64.rpm
 7a33a3c2d8df1302961357c33f31aa01  2008.0/x86_64/clamd-0.94-1.2mdv2008.0.x86_64.rpm
 224ef1a262ba636eebde7b6c6546193b  2008.0/x86_64/lib64clamav5-0.94-1.2mdv2008.0.x86_64.rpm
 15a54bf32c973541f1a8735b5903a847  2008.0/x86_64/lib64clamav-devel-0.94-1.2mdv2008.0.x86_64.rpm 
 da6badadd19fe759da6f97acf6dde724  2008.0/SRPMS/clamav-0.94-1.2mdv2008.0.src.rpm

 Mandriva Linux 2008.1:
 f1defff29a6d692f2913edc7840c89b5  2008.1/i586/clamav-0.94-1.2mdv2008.1.i586.rpm
 ffd2188b88f3ce2af39a8e2d02f70307  2008.1/i586/clamav-db-0.94-1.2mdv2008.1.i586.rpm
 a855ea77c14c21d0b08a6f35fbc431cf  2008.1/i586/clamav-milter-0.94-1.2mdv2008.1.i586.rpm
 6d040d3d0906012d3c6bf41d0ce6e3c1  2008.1/i586/clamd-0.94-1.2mdv2008.1.i586.rpm
 4adf8469ae3d38f690460cc3ef89ddb7  2008.1/i586/libclamav5-0.94-1.2mdv2008.1.i586.rpm
 fa13d072d57822120067452f2bc2d47c  2008.1/i586/libclamav-devel-0.94-1.2mdv2008.1.i586.rpm 
 d78d086eb67f6d0d1c13e13a4174e877  2008.1/SRPMS/clamav-0.94-1.2mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 a9c4faa916ea297fa29e242bab8dd110  2008.1/x86_64/clamav-0.94-1.2mdv2008.1.x86_64.rpm
 3e6928a776118f41c2859518279d054c  2008.1/x86_64/clamav-db-0.94-1.2mdv2008.1.x86_64.rpm
 e4109c12e3abfb8cf3e2a27d074aa4ba  2008.1/x86_64/clamav-milter-0.94-1.2mdv2008.1.x86_64.rpm
 ab64deee18ef690dad6cd4bd623a92cf  2008.1/x86_64/clamd-0.94-1.2mdv2008.1.x86_64.rpm
 2c5f8ddb78d43e40560a3d00a66d4b6f  2008.1/x86_64/lib64clamav5-0.94-1.2mdv2008.1.x86_64.rpm
 5e84438f5e1ce2e5a54e0c84c2ddc638  2008.1/x86_64/lib64clamav-devel-0.94-1.2mdv2008.1.x86_64.rpm 
 d78d086eb67f6d0d1c13e13a4174e877  2008.1/SRPMS/clamav-0.94-1.2mdv2008.1.src.rpm

 Corporate 3.0:
 f9ebd8551b792fb9eb74af864cdc358f  corporate/3.0/i586/clamav-0.94-0.2.C30mdk.i586.rpm
 6591ae6e2d0344ef711ad3adb35f1280  corporate/3.0/i586/clamav-db-0.94-0.2.C30mdk.i586.rpm
 a52d8773f590d90105fcdbce90ea49f7  corporate/3.0/i586/clamav-milter-0.94-0.2.C30mdk.i586.rpm
 d433e471fdc1b4b3c89374af62222053  corporate/3.0/i586/clamd-0.94-0.2.C30mdk.i586.rpm
 19608ef8cfdbb2784bf7deae90c67bbe  corporate/3.0/i586/libclamav5-0.94-0.2.C30mdk.i586.rpm
 ea06cf7a5ce38bfb4e543fecf8fabdd5  corporate/3.0/i586/libclamav-devel-0.94-0.2.C30mdk.i586.rpm 
 4b1e8ef2379e85f21551f95a94f1a8e5  corporate/3.0/SRPMS/clamav-0.94-0.2.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 8a2a43d7821522d700bb3f63c966a104  corporate/3.0/x86_64/clamav-0.94-0.2.C30mdk.x86_64.rpm
 604d398be060c7f431a792b4d0757a8b  corporate/3.0/x86_64/clamav-db-0.94-0.2.C30mdk.x86_64.rpm
 b122a52e8e55edcf92ab86eb9ee3610c  corporate/3.0/x86_64/clamav-milter-0.94-0.2.C30mdk.x86_64.rpm
 0c3467a14808f500debc3cc942567263  corporate/3.0/x86_64/clamd-0.94-0.2.C30mdk.x86_64.rpm
 65b9975e084064ce95106e50e2fd4f4e  corporate/3.0/x86_64/lib64clamav5-0.94-0.2.C30mdk.x86_64.rpm
 c8ab52b74b1588aecb8154dfa3f5d648  corporate/3.0/x86_64/lib64clamav-devel-0.94-0.2.C30mdk.x86_64.rpm 
 4b1e8ef2379e85f21551f95a94f1a8e5  corporate/3.0/SRPMS/clamav-0.94-0.2.C30mdk.src.rpm

 Corporate 4.0:
 ac6b9ccf86d24c75378af4b6d9ebc7ae  corporate/4.0/i586/clamav-0.94-0.2.20060mlcs4.i586.rpm
 277a27113deb3918357f23cc22f0be03  corporate/4.0/i586/clamav-db-0.94-0.2.20060mlcs4.i586.rpm
 030871f92c0a0810ce1d6ebef3b79281  corporate/4.0/i586/clamav-milter-0.94-0.2.20060mlcs4.i586.rpm
 62928c90ddc3231a74dd4d22e5b978b2  corporate/4.0/i586/clamd-0.94-0.2.20060mlcs4.i586.rpm
 361666d642f123a6753432feb4929903  corporate/4.0/i586/libclamav5-0.94-0.2.20060mlcs4.i586.rpm
 52cda54b2fa72df9117f6a6948583ee6  corporate/4.0/i586/libclamav-devel-0.94-0.2.20060mlcs4.i586.rpm 
 7021edb359916cfa3fb30543ea370aa8  corporate/4.0/SRPMS/clamav-0.94-0.2.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 68ac788288dc16c43fc223df3899917b  corporate/4.0/x86_64/clamav-0.94-0.2.20060mlcs4.x86_64.rpm
 de6d27c00958e9bdd0d66ff43f97ee10  corporate/4.0/x86_64/clamav-db-0.94-0.2.20060mlcs4.x86_64.rpm
 b0a7ba23f28b62c17306479d64ad6a22  corporate/4.0/x86_64/clamav-milter-0.94-0.2.20060mlcs4.x86_64.rpm
 fdf85b763af44d15efe62a5b65c2c381  corporate/4.0/x86_64/clamd-0.94-0.2.20060mlcs4.x86_64.rpm
 247599c92852bba5467f544f3aac0e2b  corporate/4.0/x86_64/lib64clamav5-0.94-0.2.20060mlcs4.x86_64.rpm
 46f8956577297aff1086ecdf1b19209b  corporate/4.0/x86_64/lib64clamav-devel-0.94-0.2.20060mlcs4.x86_64.rpm 
 7021edb359916cfa3fb30543ea370aa8  corporate/4.0/SRPMS/clamav-0.94-0.2.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFI0T3umqjQ0CJFipgRAsxbAJwLv/XtQ4i4u9Ub3e1weYDutjKwQQCfcpP/
hg0ASUdC8aRKpTDiW8eOW9A=
=zpXC
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ