lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1L16a9-00018Q-4g@titan.mandriva.com>
Date: Fri, 14 Nov 2008 14:52:00 -0700
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2008:229 ] clamav


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2008:229
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : clamav
 Date    : November 14, 2008
 Affected: 2008.0, 2008.1, 2009.0, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________

 Problem Description:

 An off-by-one error was found in ClamAV versions prior to 0.94.1 that
 could allow remote attackers to cause a denial of service or possibly
 execute arbitrary code via a crafted VBA project file (CVE-2008-5050).
 
 Other bugs have also been corrected in 0.94.1 which is being provided
 with this update.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5050
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 4a120c7624cd31abdef8406545e30910  2008.0/i586/clamav-0.94.1-2.1mdv2008.0.i586.rpm
 4f612c8fc5080e892130cf2aa30e51a2  2008.0/i586/clamav-db-0.94.1-2.1mdv2008.0.i586.rpm
 1044a1caf1d247fe25deddb22a603597  2008.0/i586/clamd-0.94.1-2.1mdv2008.0.i586.rpm
 bd02ba446db1634c1945c3fd41a3cf89  2008.0/i586/libclamav5-0.94.1-2.1mdv2008.0.i586.rpm
 6bbd77167ef0a624a4d275c4ee5aab63  2008.0/i586/libclamav-devel-0.94.1-2.1mdv2008.0.i586.rpm 
 0dde713543b21f5ca52c4d58383ecaf3  2008.0/SRPMS/clamav-0.94.1-2.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 a2f94de161f6038ac0d003afc4ecb45e  2008.0/x86_64/clamav-0.94.1-2.1mdv2008.0.x86_64.rpm
 458891795f311e5fe9a9572acdc4fad5  2008.0/x86_64/clamav-db-0.94.1-2.1mdv2008.0.x86_64.rpm
 b98de6d8e521716d5098629c4b4bff95  2008.0/x86_64/clamd-0.94.1-2.1mdv2008.0.x86_64.rpm
 886066f300513623cecd727db5da9c33  2008.0/x86_64/lib64clamav5-0.94.1-2.1mdv2008.0.x86_64.rpm
 3de51e959737c3a0982bf705af4fbec1  2008.0/x86_64/lib64clamav-devel-0.94.1-2.1mdv2008.0.x86_64.rpm 
 0dde713543b21f5ca52c4d58383ecaf3  2008.0/SRPMS/clamav-0.94.1-2.1mdv2008.0.src.rpm

 Mandriva Linux 2008.1:
 3ed90df7ea9d02f7ff232eb7529f8ba6  2008.1/i586/clamav-0.94.1-2mdv2008.1.i586.rpm
 bc3234eca85d90fad74aedcf9d08d6f9  2008.1/i586/clamav-db-0.94.1-2mdv2008.1.i586.rpm
 b5936ac8b57b0260b57fa3da2b4a813c  2008.1/i586/clamd-0.94.1-2mdv2008.1.i586.rpm
 241e648dc995c03cc62a101cf00f2632  2008.1/i586/libclamav5-0.94.1-2mdv2008.1.i586.rpm
 3570a761d50b6d6cf034f9c8c5333e33  2008.1/i586/libclamav-devel-0.94.1-2mdv2008.1.i586.rpm 
 6c34e5fd82d33489eec50c08666a9285  2008.1/SRPMS/clamav-0.94.1-2mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 bda76080176f91cb58db40227aad8c61  2008.1/x86_64/clamav-0.94.1-2mdv2008.1.x86_64.rpm
 dd9050e863bfe2455831180e90fd4928  2008.1/x86_64/clamav-db-0.94.1-2mdv2008.1.x86_64.rpm
 dbd0cbdf2bcf8a3a1d8788749a977a62  2008.1/x86_64/clamd-0.94.1-2mdv2008.1.x86_64.rpm
 918367efa9d6da46851bdb9a2b50a719  2008.1/x86_64/lib64clamav5-0.94.1-2mdv2008.1.x86_64.rpm
 e708a11bf4df78af44022b245ef0a1d0  2008.1/x86_64/lib64clamav-devel-0.94.1-2mdv2008.1.x86_64.rpm 
 6c34e5fd82d33489eec50c08666a9285  2008.1/SRPMS/clamav-0.94.1-2mdv2008.1.src.rpm

 Mandriva Linux 2009.0:
 0f778e49185ed0c79196a556ad610fb4  2009.0/i586/clamav-0.94.1-2mdv2009.0.i586.rpm
 036d1122a7278cca7e72659fcae305f8  2009.0/i586/clamav-db-0.94.1-2mdv2009.0.i586.rpm
 f232743d8963dfc84dfff8941970b147  2009.0/i586/clamd-0.94.1-2mdv2009.0.i586.rpm
 f44183b1c32fd70418735a8251498ed8  2009.0/i586/libclamav5-0.94.1-2mdv2009.0.i586.rpm
 344b38ebe0c65e6d6abaab3706e7c2d6  2009.0/i586/libclamav-devel-0.94.1-2mdv2009.0.i586.rpm 
 0558907f32571f4ba2820353c01b95cf  2009.0/SRPMS/clamav-0.94.1-2mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 1e7408051f4aacc418f8f6be9943f4e6  2009.0/x86_64/clamav-0.94.1-2mdv2009.0.x86_64.rpm
 07114ef73bda272c2f3ba3694250dcb5  2009.0/x86_64/clamav-db-0.94.1-2mdv2009.0.x86_64.rpm
 097d65cfa28451572df549a8f6035d7b  2009.0/x86_64/clamd-0.94.1-2mdv2009.0.x86_64.rpm
 a6414357665c15a5ba457745fcc5198d  2009.0/x86_64/lib64clamav5-0.94.1-2mdv2009.0.x86_64.rpm
 1f3462333c4382bec424711706943641  2009.0/x86_64/lib64clamav-devel-0.94.1-2mdv2009.0.x86_64.rpm 
 0558907f32571f4ba2820353c01b95cf  2009.0/SRPMS/clamav-0.94.1-2mdv2009.0.src.rpm

 Corporate 3.0:
 6a4bc1edc194b63ac516342c9a8fd662  corporate/3.0/i586/clamav-0.94.1-1.1.C30mdk.i586.rpm
 73a6316315af4df3bfcd9ab3013e7d38  corporate/3.0/i586/clamav-db-0.94.1-1.1.C30mdk.i586.rpm
 dac04c7ef47d707ed6d6f1a93ed771e5  corporate/3.0/i586/clamd-0.94.1-1.1.C30mdk.i586.rpm
 f27a634805c01f4b630c6e54de41cea6  corporate/3.0/i586/libclamav5-0.94.1-1.1.C30mdk.i586.rpm
 be4c0ab9842a4ca264b19f2cd457c825  corporate/3.0/i586/libclamav-devel-0.94.1-1.1.C30mdk.i586.rpm 
 adddb2c28c6336400adde155122fdeb5  corporate/3.0/SRPMS/clamav-0.94.1-1.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 553fca8ee2b24b098ffe7a69ebf6f7d1  corporate/3.0/x86_64/clamav-0.94.1-1.1.C30mdk.x86_64.rpm
 29d4426e96a6d6b17b2c33761578b86d  corporate/3.0/x86_64/clamav-db-0.94.1-1.1.C30mdk.x86_64.rpm
 65ec3b8aec99fcd5e38664862d2279ba  corporate/3.0/x86_64/clamd-0.94.1-1.1.C30mdk.x86_64.rpm
 d8bdcd787cf07bdf0899e9cc178bf012  corporate/3.0/x86_64/lib64clamav5-0.94.1-1.1.C30mdk.x86_64.rpm
 2c575bc6d82897ae866e2031c3729d99  corporate/3.0/x86_64/lib64clamav-devel-0.94.1-1.1.C30mdk.x86_64.rpm 
 adddb2c28c6336400adde155122fdeb5  corporate/3.0/SRPMS/clamav-0.94.1-1.1.C30mdk.src.rpm

 Corporate 4.0:
 7462d619f941c799bc58448b13122271  corporate/4.0/i586/clamav-0.94.1-1.1.20060mlcs4.i586.rpm
 7c69f00769c6f285e42a9bae29745758  corporate/4.0/i586/clamav-db-0.94.1-1.1.20060mlcs4.i586.rpm
 27991558a673913188cf8d968d1b594b  corporate/4.0/i586/clamd-0.94.1-1.1.20060mlcs4.i586.rpm
 e32cc6209d42050be9b87eb9e7b50cc6  corporate/4.0/i586/libclamav5-0.94.1-1.1.20060mlcs4.i586.rpm
 43a820ed215d1bc3f55c91c9a35668ac  corporate/4.0/i586/libclamav-devel-0.94.1-1.1.20060mlcs4.i586.rpm 
 c8c748cb4ff626c87ec4ec620873516b  corporate/4.0/SRPMS/clamav-0.94.1-1.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 acfcee4b7b662b20cbb7339c6874ff4a  corporate/4.0/x86_64/clamav-0.94.1-1.1.20060mlcs4.x86_64.rpm
 e92cb46b6d371f73eff43b476dcd54f4  corporate/4.0/x86_64/clamav-db-0.94.1-1.1.20060mlcs4.x86_64.rpm
 ec10430998e66eb4480b57d2fb6498cb  corporate/4.0/x86_64/clamd-0.94.1-1.1.20060mlcs4.x86_64.rpm
 fdf5c8befc3d9d1998374f50cb5422e2  corporate/4.0/x86_64/lib64clamav5-0.94.1-1.1.20060mlcs4.x86_64.rpm
 e8c7a76407422da2d981c78ceb08d025  corporate/4.0/x86_64/lib64clamav-devel-0.94.1-1.1.20060mlcs4.x86_64.rpm 
 c8c748cb4ff626c87ec4ec620873516b  corporate/4.0/SRPMS/clamav-0.94.1-1.1.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJHcTemqjQ0CJFipgRAlpVAJ0b6pm8UdqWIdKxPfFjTf5TWFsW1wCfdjSr
OpG3ud3BqpP/lBGsycPNuWY=
=AY8S
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ