lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1PQ1b2-0007iv-Tj@titan.mandriva.com>
Date: Tue, 07 Dec 2010 18:45:00 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:249 ] clamav

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:249
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : clamav
 Date    : December 7, 2010
 Affected: 2009.0, Corporate 4.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities were discovered and corrected in clamav:
 
 Multiple unspecified vulnerabilities in pdf.c in libclamav in ClamAV
 before 0.96.5 allow remote attackers to cause a denial of service
 (application crash) or possibly execute arbitrary code via a crafted
 PDF document (CVE-2010-4260, (CVE-2010-4479).
 
 Off-by-one error in the icon_cb function in pe_icons.c in libclamav
 in ClamAV before 0.96.5 allows remote attackers to cause a denial of
 service (memory corruption and application crash) or possibly execute
 arbitrary code via unspecified vectors.  NOTE: some of these details
 are obtained from third party information (CVE-2010-4261).
 
 Packages for 2009.0 are provided as of the Extended Maintenance
 Program. Please visit this link to learn more:
 http://store.mandriva.com/product_info.php?cPath=149&products_id=490
 
 The updated clamav packages have been upgraded to the 0.96.5 version
 that is not vulnerable to these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4260
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4261
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4479
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 9ead4a15ce0b94209cd072fdc0210d7c  2009.0/i586/clamav-0.96.5-0.1mdv2009.0.i586.rpm
 f07c8219761b696e26282fa852fbe4ad  2009.0/i586/clamav-db-0.96.5-0.1mdv2009.0.i586.rpm
 5f3592e1ef8bc479e8791fbf6ed1c5b1  2009.0/i586/clamav-milter-0.96.5-0.1mdv2009.0.i586.rpm
 f94e7fff4f175c49da1d74a09074cc05  2009.0/i586/clamd-0.96.5-0.1mdv2009.0.i586.rpm
 954bc02f355d263f29a12c450d4b057b  2009.0/i586/libclamav6-0.96.5-0.1mdv2009.0.i586.rpm
 82e3c8b870a847b62a889effcf0df5ee  2009.0/i586/libclamav-devel-0.96.5-0.1mdv2009.0.i586.rpm 
 ecd257622ed55d4990e042c6dd381c42  2009.0/SRPMS/clamav-0.96.5-0.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 2b84bb3db11ae2b7bfc6fe48a2e07ef7  2009.0/x86_64/clamav-0.96.5-0.1mdv2009.0.x86_64.rpm
 8cdd574ed24d552aef5e4d3772963fab  2009.0/x86_64/clamav-db-0.96.5-0.1mdv2009.0.x86_64.rpm
 802114d391b05e7c87ab19e2178ca324  2009.0/x86_64/clamav-milter-0.96.5-0.1mdv2009.0.x86_64.rpm
 04d1665b37a93391ca619930440065b7  2009.0/x86_64/clamd-0.96.5-0.1mdv2009.0.x86_64.rpm
 318b41bcab46e00e28bb627090a1ba0f  2009.0/x86_64/lib64clamav6-0.96.5-0.1mdv2009.0.x86_64.rpm
 7e768e6a84594437e2aa901e1e032c89  2009.0/x86_64/lib64clamav-devel-0.96.5-0.1mdv2009.0.x86_64.rpm 
 ecd257622ed55d4990e042c6dd381c42  2009.0/SRPMS/clamav-0.96.5-0.1mdv2009.0.src.rpm

 Corporate 4.0:
 f5a8398d84556589b37c7d4b83719526  corporate/4.0/i586/clamav-0.96.5-0.1.20060mlcs4.i586.rpm
 2dff852878c15339603b8d90c90d02c9  corporate/4.0/i586/clamav-db-0.96.5-0.1.20060mlcs4.i586.rpm
 5223406ce119a25634e7a8b9883f5c1d  corporate/4.0/i586/clamav-milter-0.96.5-0.1.20060mlcs4.i586.rpm
 9a05c1072414eaa6be27d4cb49c67c38  corporate/4.0/i586/clamd-0.96.5-0.1.20060mlcs4.i586.rpm
 2b7b4887e66b5228d70174c7871e0557  corporate/4.0/i586/libclamav6-0.96.5-0.1.20060mlcs4.i586.rpm
 fe0f1b51afd4950f5ecd118f8d780990  corporate/4.0/i586/libclamav-devel-0.96.5-0.1.20060mlcs4.i586.rpm 
 ee9b7ce35ad83dfec3b7ee4b68b1bafc  corporate/4.0/SRPMS/clamav-0.96.5-0.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 00f581cf11a21be74865a9884a1f85e0  corporate/4.0/x86_64/clamav-0.96.5-0.1.20060mlcs4.x86_64.rpm
 416f4b1f73a168aeac08ee2ec1b86ee2  corporate/4.0/x86_64/clamav-db-0.96.5-0.1.20060mlcs4.x86_64.rpm
 6e1939794dbb2d24762323a524d8ef5a  corporate/4.0/x86_64/clamav-milter-0.96.5-0.1.20060mlcs4.x86_64.rpm
 df4a0f11d30599bd76978650d31bd50c  corporate/4.0/x86_64/clamd-0.96.5-0.1.20060mlcs4.x86_64.rpm
 e1f72491d2f168aec358f0c9779dded4  corporate/4.0/x86_64/lib64clamav6-0.96.5-0.1.20060mlcs4.x86_64.rpm
 db4feea7479714e0ed63df6ece12ffa2  corporate/4.0/x86_64/lib64clamav-devel-0.96.5-0.1.20060mlcs4.x86_64.rpm 
 ee9b7ce35ad83dfec3b7ee4b68b1bafc  corporate/4.0/SRPMS/clamav-0.96.5-0.1.20060mlcs4.src.rpm

 Mandriva Enterprise Server 5:
 7dbe85e2b4070fa055a58165dd5e2da1  mes5/i586/clamav-0.96.5-0.1mdvmes5.1.i586.rpm
 07c0b919ab8bb87e79d285f5afa7184a  mes5/i586/clamav-db-0.96.5-0.1mdvmes5.1.i586.rpm
 adb539f66833633598f4d421c203d265  mes5/i586/clamav-milter-0.96.5-0.1mdvmes5.1.i586.rpm
 f2170ba7bb9d2c23521b4b30dca179d8  mes5/i586/clamd-0.96.5-0.1mdvmes5.1.i586.rpm
 6f0bb2908d770bebe256c4f2a49c4ece  mes5/i586/libclamav6-0.96.5-0.1mdvmes5.1.i586.rpm
 ebc71b9b46a18ce96e17e8982437adca  mes5/i586/libclamav-devel-0.96.5-0.1mdvmes5.1.i586.rpm 
 98af84f0b4f58262ff09c04d21218b92  mes5/SRPMS/clamav-0.96.5-0.1mdvmes5.1.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 ddeaeacc6e3f22013125eeb5559e894d  mes5/x86_64/clamav-0.96.5-0.1mdvmes5.1.x86_64.rpm
 256e12003889fdb0489024bccfd84710  mes5/x86_64/clamav-db-0.96.5-0.1mdvmes5.1.x86_64.rpm
 4b60cc0711c3a6d493088734cc161879  mes5/x86_64/clamav-milter-0.96.5-0.1mdvmes5.1.x86_64.rpm
 a41f5bdce028d9e97e1f9eeeb4416c86  mes5/x86_64/clamd-0.96.5-0.1mdvmes5.1.x86_64.rpm
 6555d6c1a3d61d39c901978732068116  mes5/x86_64/lib64clamav6-0.96.5-0.1mdvmes5.1.x86_64.rpm
 61205db186f2bcd90ab37f1ba151b465  mes5/x86_64/lib64clamav-devel-0.96.5-0.1mdvmes5.1.x86_64.rpm 
 98af84f0b4f58262ff09c04d21218b92  mes5/SRPMS/clamav-0.96.5-0.1mdvmes5.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFM/kSrmqjQ0CJFipgRAvd7AKCoTsh6QGeDUBVNfGMnaha7cqnWmQCfc/DW
fYw0YaBk+kcUHdo3nhye7rs=
=3/8e
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ