<<< Date Index >>>     <<< Thread Index >>>

[ MDKSA-2006:138 ] - Updated clamav packages fix vulnerability



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:138
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : clamav
 Date    : August 8, 2006
 Affected: 2006.0, Corporate 3.0
 _______________________________________________________________________
 
 Problem Description:
 
 Damian Put discovered a boundary error in the UPX extraction module in
 ClamAV which is used to unpack PE Windows executables.  This could be
 abused to cause a Denial of Service issue and potentially allow for
 the execution of arbitrary code with the permissions of the user
 running clamscan or clamd.
 
 Updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4018
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 7160be474b24613a61e0544bc51f7f86  
2006.0/RPMS/clamav-0.88.4-0.1.20060mdk.i586.rpm
 8eaf5d27daa93c18117d72991d04f6a2  
2006.0/RPMS/clamav-db-0.88.4-0.1.20060mdk.i586.rpm
 27781d61cf85dd88b8d83586d4831e1c  
2006.0/RPMS/clamav-milter-0.88.4-0.1.20060mdk.i586.rpm
 ee41c72a28b45af3a8bc8a01b24680c1  
2006.0/RPMS/clamd-0.88.4-0.1.20060mdk.i586.rpm
 0a9fb0940a123a7347920c22a9453282  
2006.0/RPMS/libclamav1-0.88.4-0.1.20060mdk.i586.rpm
 89af9807ff0787621c51c0a6cf2545a0  
2006.0/RPMS/libclamav1-devel-0.88.4-0.1.20060mdk.i586.rpm
 034456a7e7e5c583403c69b06fb2b7c0  
2006.0/SRPMS/clamav-0.88.4-0.1.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 8fc81c2d735a98c48c84abc4654c947e  
x86_64/2006.0/RPMS/clamav-0.88.4-0.1.20060mdk.x86_64.rpm
 0b306fe32d6e833e1ac45bd485fa2e93  
x86_64/2006.0/RPMS/clamav-db-0.88.4-0.1.20060mdk.x86_64.rpm
 fba26b042f08e0edbea94f26e3b0093e  
x86_64/2006.0/RPMS/clamav-milter-0.88.4-0.1.20060mdk.x86_64.rpm
 50fc585d63d14daceeec889d52f4e1e1  
x86_64/2006.0/RPMS/clamd-0.88.4-0.1.20060mdk.x86_64.rpm
 cf9e501d41c3951c158647aeb28a018f  
x86_64/2006.0/RPMS/lib64clamav1-0.88.4-0.1.20060mdk.x86_64.rpm
 9734f7d218bf446ac403584198d035bd  
x86_64/2006.0/RPMS/lib64clamav1-devel-0.88.4-0.1.20060mdk.x86_64.rpm
 034456a7e7e5c583403c69b06fb2b7c0  
x86_64/2006.0/SRPMS/clamav-0.88.4-0.1.20060mdk.src.rpm

 Corporate 3.0:
 8995669334c70e4abe03a130291ceee3  
corporate/3.0/RPMS/clamav-0.88.4-0.1.C30mdk.i586.rpm
 b4d5bb40c553484ece891b5ccf6b9946  
corporate/3.0/RPMS/clamav-db-0.88.4-0.1.C30mdk.i586.rpm
 beca95463cea696152f9b25f57fee24c  
corporate/3.0/RPMS/clamav-milter-0.88.4-0.1.C30mdk.i586.rpm
 35dd7bff362ed54c8e052ba3182bff91  
corporate/3.0/RPMS/clamd-0.88.4-0.1.C30mdk.i586.rpm
 620db7610ccc4c7b05d0580634217e14  
corporate/3.0/RPMS/libclamav1-0.88.4-0.1.C30mdk.i586.rpm
 943964d75379bfbf9db16aa44a6965a4  
corporate/3.0/RPMS/libclamav1-devel-0.88.4-0.1.C30mdk.i586.rpm
 2ae9a4d818dce236123140f9edbaa742  
corporate/3.0/SRPMS/clamav-0.88.4-0.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 873e244792ddb282ba7d5d3780644198  
x86_64/corporate/3.0/RPMS/clamav-0.88.4-0.1.C30mdk.x86_64.rpm
 45a538b5fc07847628b32f4346f4683e  
x86_64/corporate/3.0/RPMS/clamav-db-0.88.4-0.1.C30mdk.x86_64.rpm
 5eef3b58eba440748a40d144adc9f36c  
x86_64/corporate/3.0/RPMS/clamav-milter-0.88.4-0.1.C30mdk.x86_64.rpm
 e2cb732e7b7a676a330784f2414d7700  
x86_64/corporate/3.0/RPMS/clamd-0.88.4-0.1.C30mdk.x86_64.rpm
 686e984920647ab725f6a79249673663  
x86_64/corporate/3.0/RPMS/lib64clamav1-0.88.4-0.1.C30mdk.x86_64.rpm
 78e63226b709d850781813c2e5ea9b08  
x86_64/corporate/3.0/RPMS/lib64clamav1-devel-0.88.4-0.1.C30mdk.x86_64.rpm
 2ae9a4d818dce236123140f9edbaa742  
x86_64/corporate/3.0/SRPMS/clamav-0.88.4-0.1.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFE2QkRmqjQ0CJFipgRAmb4AJ9/p5ePaOBGS4Vc3kbTZJ8iwzwMYwCeIolo
qeIu8V7G7ZFIGDkQuO+HZSo=
=frsA
-----END PGP SIGNATURE-----