[ MDKSA-2006:080 ] - Updated clamav packages fix vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2006:080
http://www.mandriva.com/security/
_______________________________________________________________________
Package : clamav
Date : May 1, 2006
Affected: 10.2, 2006.0, Corporate 3.0
_______________________________________________________________________
Problem Description:
Ulf Harnhammar discovered that the freshclam tool does not do a proper
check for the size of header data received from a web server. This
could potentially allow a specially prepared HTTP server to exploit
freshclam clients connecting to a database mirror and causing a DoS.
The updated packages have been updated to Clamav 0.88.2 which corrects
this problem.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1989
_______________________________________________________________________
Updated Packages:
Mandriva Linux 10.2:
504700848a3d4d5c6cd56bc599f72a01 10.2/RPMS/clamav-0.88.2-0.1.102mdk.i586.rpm
565dc413c1827141490cf9d3f8638dc4
10.2/RPMS/clamav-db-0.88.2-0.1.102mdk.i586.rpm
0d15660c887ed3b728068c4be742c2c4
10.2/RPMS/clamav-milter-0.88.2-0.1.102mdk.i586.rpm
cb0f6327f6b544bb5785f976837c6534 10.2/RPMS/clamd-0.88.2-0.1.102mdk.i586.rpm
b1290d2aef3fb5fddd2960cf724ddb4a
10.2/RPMS/libclamav1-0.88.2-0.1.102mdk.i586.rpm
78b7ffa7cd5ffd9b97d9e2cbd764dd67
10.2/RPMS/libclamav1-devel-0.88.2-0.1.102mdk.i586.rpm
9c25ddd53c49a94613cba04d487f1d67 10.2/SRPMS/clamav-0.88.2-0.1.102mdk.src.rpm
Mandriva Linux 10.2/X86_64:
21995c6aba38f1dce3ab59e595366869
x86_64/10.2/RPMS/clamav-0.88.2-0.1.102mdk.x86_64.rpm
070fc66c387ac0c48182c94223e68aef
x86_64/10.2/RPMS/clamav-db-0.88.2-0.1.102mdk.x86_64.rpm
1ee9e18a46da275aae4d218749aefa2c
x86_64/10.2/RPMS/clamav-milter-0.88.2-0.1.102mdk.x86_64.rpm
d7e05378a54d9340e031b1be7ebc1d9c
x86_64/10.2/RPMS/clamd-0.88.2-0.1.102mdk.x86_64.rpm
57d2cc1e2604f9a67707c9e32d5912bb
x86_64/10.2/RPMS/lib64clamav1-0.88.2-0.1.102mdk.x86_64.rpm
080bc0894bb82a9ccb3c583099b7ff21
x86_64/10.2/RPMS/lib64clamav1-devel-0.88.2-0.1.102mdk.x86_64.rpm
9c25ddd53c49a94613cba04d487f1d67
x86_64/10.2/SRPMS/clamav-0.88.2-0.1.102mdk.src.rpm
Mandriva Linux 2006.0:
04b9eaa22e3709a556355d1a63f325d3
2006.0/RPMS/clamav-0.88.2-0.1.20060mdk.i586.rpm
b42db252b6017e518cd97bc3852d6501
2006.0/RPMS/clamav-db-0.88.2-0.1.20060mdk.i586.rpm
3b0002e7113f98b2d464db0d83e82937
2006.0/RPMS/clamav-milter-0.88.2-0.1.20060mdk.i586.rpm
824f1c08ea56fca696204d2c17474763
2006.0/RPMS/clamd-0.88.2-0.1.20060mdk.i586.rpm
59cf5dabda1ec2d4c00607c61568603c
2006.0/RPMS/libclamav1-0.88.2-0.1.20060mdk.i586.rpm
5fa8e2280cd07c19f14c13d8ef6a808d
2006.0/RPMS/libclamav1-devel-0.88.2-0.1.20060mdk.i586.rpm
8f8d2d75378f599ec0ad4bb0c4b4c718
2006.0/SRPMS/clamav-0.88.2-0.1.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
31d57fe2b7213ef6a553efbb54e9fd44
x86_64/2006.0/RPMS/clamav-0.88.2-0.1.20060mdk.x86_64.rpm
cd92749b954d7e683e63ac91465279cf
x86_64/2006.0/RPMS/clamav-db-0.88.2-0.1.20060mdk.x86_64.rpm
cd67db062928aab0bff452d548c8f109
x86_64/2006.0/RPMS/clamav-milter-0.88.2-0.1.20060mdk.x86_64.rpm
32220d09761f344b256c402b362fdf44
x86_64/2006.0/RPMS/clamd-0.88.2-0.1.20060mdk.x86_64.rpm
80e899d781d667614ff1be548473469c
x86_64/2006.0/RPMS/lib64clamav1-0.88.2-0.1.20060mdk.x86_64.rpm
0a926463dde3f8f730b3088b454033be
x86_64/2006.0/RPMS/lib64clamav1-devel-0.88.2-0.1.20060mdk.x86_64.rpm
8f8d2d75378f599ec0ad4bb0c4b4c718
x86_64/2006.0/SRPMS/clamav-0.88.2-0.1.20060mdk.src.rpm
Corporate 3.0:
9e293869d32057fd0eb32489c2668c9a
corporate/3.0/RPMS/clamav-0.88.2-0.1.C30mdk.i586.rpm
e727b5102b3b7ecd1580c7671825ed24
corporate/3.0/RPMS/clamav-db-0.88.2-0.1.C30mdk.i586.rpm
016b4eac4f1dda299d3ef4a708ba11c2
corporate/3.0/RPMS/clamav-milter-0.88.2-0.1.C30mdk.i586.rpm
7c715a9f07a204fdf070eac3c7dd264a
corporate/3.0/RPMS/clamd-0.88.2-0.1.C30mdk.i586.rpm
47b553230f4070d12995a4ae9c1a4111
corporate/3.0/RPMS/libclamav1-0.88.2-0.1.C30mdk.i586.rpm
8d11c95524b35b91b29da262cee7ce3e
corporate/3.0/RPMS/libclamav1-devel-0.88.2-0.1.C30mdk.i586.rpm
b702a7862c123c89bdea7d0ab72aea38
corporate/3.0/SRPMS/clamav-0.88.2-0.1.C30mdk.src.rpm
Corporate 3.0/X86_64:
4309266e4bacf97d9025d688cfe88cd8
x86_64/corporate/3.0/RPMS/clamav-0.88.2-0.1.C30mdk.x86_64.rpm
2f14c88331222593e2a24bc8a28c1dfc
x86_64/corporate/3.0/RPMS/clamav-db-0.88.2-0.1.C30mdk.x86_64.rpm
9b810d09669a131f80354dee61e8ab6e
x86_64/corporate/3.0/RPMS/clamav-milter-0.88.2-0.1.C30mdk.x86_64.rpm
f5cf957964da35212b5216ef61db6cb6
x86_64/corporate/3.0/RPMS/clamd-0.88.2-0.1.C30mdk.x86_64.rpm
fdaffd2efa64f9a4613398ae7c299509
x86_64/corporate/3.0/RPMS/lib64clamav1-0.88.2-0.1.C30mdk.x86_64.rpm
4f33c005fd172e9c6de84368cf51c681
x86_64/corporate/3.0/RPMS/lib64clamav1-devel-0.88.2-0.1.C30mdk.x86_64.rpm
b702a7862c123c89bdea7d0ab72aea38
x86_64/corporate/3.0/SRPMS/clamav-0.88.2-0.1.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFEVp2BmqjQ0CJFipgRAirLAJ9TxkFwzMcqyigcLs4SPm2EuZFHSwCgz7KP
WW/K0gl6N4ZI9rcdOLcbTqM=
=Wyyr
-----END PGP SIGNATURE-----