[ MDKSA-2006:138 ] - Updated clamav packages fix vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2006:138
http://www.mandriva.com/security/
_______________________________________________________________________
Package : clamav
Date : August 8, 2006
Affected: 2006.0, Corporate 3.0
_______________________________________________________________________
Problem Description:
Damian Put discovered a boundary error in the UPX extraction module in
ClamAV which is used to unpack PE Windows executables. This could be
abused to cause a Denial of Service issue and potentially allow for
the execution of arbitrary code with the permissions of the user
running clamscan or clamd.
Updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4018
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2006.0:
7160be474b24613a61e0544bc51f7f86
2006.0/RPMS/clamav-0.88.4-0.1.20060mdk.i586.rpm
8eaf5d27daa93c18117d72991d04f6a2
2006.0/RPMS/clamav-db-0.88.4-0.1.20060mdk.i586.rpm
27781d61cf85dd88b8d83586d4831e1c
2006.0/RPMS/clamav-milter-0.88.4-0.1.20060mdk.i586.rpm
ee41c72a28b45af3a8bc8a01b24680c1
2006.0/RPMS/clamd-0.88.4-0.1.20060mdk.i586.rpm
0a9fb0940a123a7347920c22a9453282
2006.0/RPMS/libclamav1-0.88.4-0.1.20060mdk.i586.rpm
89af9807ff0787621c51c0a6cf2545a0
2006.0/RPMS/libclamav1-devel-0.88.4-0.1.20060mdk.i586.rpm
034456a7e7e5c583403c69b06fb2b7c0
2006.0/SRPMS/clamav-0.88.4-0.1.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
8fc81c2d735a98c48c84abc4654c947e
x86_64/2006.0/RPMS/clamav-0.88.4-0.1.20060mdk.x86_64.rpm
0b306fe32d6e833e1ac45bd485fa2e93
x86_64/2006.0/RPMS/clamav-db-0.88.4-0.1.20060mdk.x86_64.rpm
fba26b042f08e0edbea94f26e3b0093e
x86_64/2006.0/RPMS/clamav-milter-0.88.4-0.1.20060mdk.x86_64.rpm
50fc585d63d14daceeec889d52f4e1e1
x86_64/2006.0/RPMS/clamd-0.88.4-0.1.20060mdk.x86_64.rpm
cf9e501d41c3951c158647aeb28a018f
x86_64/2006.0/RPMS/lib64clamav1-0.88.4-0.1.20060mdk.x86_64.rpm
9734f7d218bf446ac403584198d035bd
x86_64/2006.0/RPMS/lib64clamav1-devel-0.88.4-0.1.20060mdk.x86_64.rpm
034456a7e7e5c583403c69b06fb2b7c0
x86_64/2006.0/SRPMS/clamav-0.88.4-0.1.20060mdk.src.rpm
Corporate 3.0:
8995669334c70e4abe03a130291ceee3
corporate/3.0/RPMS/clamav-0.88.4-0.1.C30mdk.i586.rpm
b4d5bb40c553484ece891b5ccf6b9946
corporate/3.0/RPMS/clamav-db-0.88.4-0.1.C30mdk.i586.rpm
beca95463cea696152f9b25f57fee24c
corporate/3.0/RPMS/clamav-milter-0.88.4-0.1.C30mdk.i586.rpm
35dd7bff362ed54c8e052ba3182bff91
corporate/3.0/RPMS/clamd-0.88.4-0.1.C30mdk.i586.rpm
620db7610ccc4c7b05d0580634217e14
corporate/3.0/RPMS/libclamav1-0.88.4-0.1.C30mdk.i586.rpm
943964d75379bfbf9db16aa44a6965a4
corporate/3.0/RPMS/libclamav1-devel-0.88.4-0.1.C30mdk.i586.rpm
2ae9a4d818dce236123140f9edbaa742
corporate/3.0/SRPMS/clamav-0.88.4-0.1.C30mdk.src.rpm
Corporate 3.0/X86_64:
873e244792ddb282ba7d5d3780644198
x86_64/corporate/3.0/RPMS/clamav-0.88.4-0.1.C30mdk.x86_64.rpm
45a538b5fc07847628b32f4346f4683e
x86_64/corporate/3.0/RPMS/clamav-db-0.88.4-0.1.C30mdk.x86_64.rpm
5eef3b58eba440748a40d144adc9f36c
x86_64/corporate/3.0/RPMS/clamav-milter-0.88.4-0.1.C30mdk.x86_64.rpm
e2cb732e7b7a676a330784f2414d7700
x86_64/corporate/3.0/RPMS/clamd-0.88.4-0.1.C30mdk.x86_64.rpm
686e984920647ab725f6a79249673663
x86_64/corporate/3.0/RPMS/lib64clamav1-0.88.4-0.1.C30mdk.x86_64.rpm
78e63226b709d850781813c2e5ea9b08
x86_64/corporate/3.0/RPMS/lib64clamav1-devel-0.88.4-0.1.C30mdk.x86_64.rpm
2ae9a4d818dce236123140f9edbaa742
x86_64/corporate/3.0/SRPMS/clamav-0.88.4-0.1.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFE2QkRmqjQ0CJFipgRAmb4AJ9/p5ePaOBGS4Vc3kbTZJ8iwzwMYwCeIolo
qeIu8V7G7ZFIGDkQuO+HZSo=
=frsA
-----END PGP SIGNATURE-----