[ MDKSA-2006:184 ] - Updated clamav packages fix vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2006:184
http://www.mandriva.com/security/
_______________________________________________________________________
Package : clamav
Date : October 17, 2006
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
An integer overflow in previous versions of ClamAV could allow a remote
attacker to cause a Denial of Service (scanning service crash) and
execute arbitrary code via a Portable Executable (PE) file
(CVE-2006-4182).
Another vulnerability could allow a remote attacker to cause a DoS via
a crafted compressed HTML (CHM) file that causes ClamAV to read an
invalid memory location (CVE-2006-5295).
These issues are corrected in ClamAV 0.88.5 which is provided with this
update.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5295
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2006.0:
7257c6d81308efe7ef181575b87ec174
2006.0/i586/clamav-0.88.5-0.1.20060mdk.i586.rpm
d0d67d3e7532642e12f6cea52ec8e363
2006.0/i586/clamav-db-0.88.5-0.1.20060mdk.i586.rpm
d304e0ffb807bb475e79b237809c46a2
2006.0/i586/clamav-milter-0.88.5-0.1.20060mdk.i586.rpm
a0660e5fb904772f52bdb50d7a6766fb
2006.0/i586/clamd-0.88.5-0.1.20060mdk.i586.rpm
36f0e822513b958144cd4105c706862b
2006.0/i586/libclamav1-0.88.5-0.1.20060mdk.i586.rpm
a5c42f7006936f045ee0ee46b089f0ee
2006.0/i586/libclamav1-devel-0.88.5-0.1.20060mdk.i586.rpm
cc16fc225d1d56d0595874228cd8070b
2006.0/SRPMS/clamav-0.88.5-0.1.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
1ee38fa91df468c30a0b8c071f473fc0
2006.0/x86_64/clamav-0.88.5-0.1.20060mdk.x86_64.rpm
9a1f38a560272945495b4b05cb94578b
2006.0/x86_64/clamav-db-0.88.5-0.1.20060mdk.x86_64.rpm
c35c88d15873ad4ce7a05b743b6842b4
2006.0/x86_64/clamav-milter-0.88.5-0.1.20060mdk.x86_64.rpm
1cd4471b8a3319047625662d1ac07ba4
2006.0/x86_64/clamd-0.88.5-0.1.20060mdk.x86_64.rpm
f4e78be55de9eb6fb235248cbff62f36
2006.0/x86_64/lib64clamav1-0.88.5-0.1.20060mdk.x86_64.rpm
a3e754c122085472bcb693ca31f161c7
2006.0/x86_64/lib64clamav1-devel-0.88.5-0.1.20060mdk.x86_64.rpm
cc16fc225d1d56d0595874228cd8070b
2006.0/SRPMS/clamav-0.88.5-0.1.20060mdk.src.rpm
Mandriva Linux 2007.0:
8432a3683591374c2e9ad286ce6ceb70
2007.0/i586/clamav-0.88.5-1.1mdv2007.0.i586.rpm
2e9e1fb63f250ca953fe06d066968b88
2007.0/i586/clamav-db-0.88.5-1.1mdv2007.0.i586.rpm
e76fc6017f13f8de7927be403d077510
2007.0/i586/clamav-milter-0.88.5-1.1mdv2007.0.i586.rpm
74742fc0f062e71dc23af86fcac8a253
2007.0/i586/clamd-0.88.5-1.1mdv2007.0.i586.rpm
226952cb531ea0fa12347a464714e409
2007.0/i586/libclamav1-0.88.5-1.1mdv2007.0.i586.rpm
8d8bd491ed7dd5be480656d205f8ca69
2007.0/i586/libclamav1-devel-0.88.5-1.1mdv2007.0.i586.rpm
b1473a05737ecf0bf7d4d3ccdb8bbe21
2007.0/SRPMS/clamav-0.88.5-1.1mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
ec998ee65a8c0277446dcf901abbd901
2007.0/x86_64/clamav-0.88.5-1.1mdv2007.0.x86_64.rpm
27a2344aa2a12f4675b5603c80afbbf8
2007.0/x86_64/clamav-db-0.88.5-1.1mdv2007.0.x86_64.rpm
e9107857a1f585ebe285b12656833a00
2007.0/x86_64/clamav-milter-0.88.5-1.1mdv2007.0.x86_64.rpm
cb15222f0d1af2f030defd8fad981a53
2007.0/x86_64/clamd-0.88.5-1.1mdv2007.0.x86_64.rpm
fff09c60e23b76a5d56cf0408309b920
2007.0/x86_64/lib64clamav1-0.88.5-1.1mdv2007.0.x86_64.rpm
54a9559d2577bf834ddb2d269d4da1f4
2007.0/x86_64/lib64clamav1-devel-0.88.5-1.1mdv2007.0.x86_64.rpm
b1473a05737ecf0bf7d4d3ccdb8bbe21
2007.0/SRPMS/clamav-0.88.5-1.1mdv2007.0.src.rpm
Corporate 3.0:
68f85c25ebbe918bad56cedcf995a189
corporate/3.0/i586/clamav-0.88.5-0.1.C30mdk.i586.rpm
f0079a03a83690746c47eaac22a58585
corporate/3.0/i586/clamav-db-0.88.5-0.1.C30mdk.i586.rpm
c27d329d0801f0c7d164c0e569c68e2b
corporate/3.0/i586/clamav-milter-0.88.5-0.1.C30mdk.i586.rpm
df44fa4ceda48f1cf7c3053ee1891e65
corporate/3.0/i586/clamd-0.88.5-0.1.C30mdk.i586.rpm
f1e11299f2083a1a52b68bf0ee89037a
corporate/3.0/i586/libclamav1-0.88.5-0.1.C30mdk.i586.rpm
6b2fe309926b86b83ca29b76ad611672
corporate/3.0/i586/libclamav1-devel-0.88.5-0.1.C30mdk.i586.rpm
683a0d9c4efe743a6cc9d07b818f067a
corporate/3.0/SRPMS/clamav-0.88.5-0.1.C30mdk.src.rpm
Corporate 3.0/X86_64:
b3544b024bf20115b62d3d209c5bc087
corporate/3.0/x86_64/clamav-0.88.5-0.1.C30mdk.x86_64.rpm
03a9fddd95374f6f77dff6cca8b99524
corporate/3.0/x86_64/clamav-db-0.88.5-0.1.C30mdk.x86_64.rpm
810a7025eff37a6a1382299dd643eb7d
corporate/3.0/x86_64/clamav-milter-0.88.5-0.1.C30mdk.x86_64.rpm
70ac3e42511e94348f7abc519a33b486
corporate/3.0/x86_64/clamd-0.88.5-0.1.C30mdk.x86_64.rpm
b73cc847f492ebaeb4be946eeafb8727
corporate/3.0/x86_64/lib64clamav1-0.88.5-0.1.C30mdk.x86_64.rpm
13ae64b28effa69f671d1ba15f66ad36
corporate/3.0/x86_64/lib64clamav1-devel-0.88.5-0.1.C30mdk.x86_64.rpm
683a0d9c4efe743a6cc9d07b818f067a
corporate/3.0/SRPMS/clamav-0.88.5-0.1.C30mdk.src.rpm
Corporate 4.0:
08675f7f9190ece69a25710adaecf4f7
corporate/4.0/i586/clamav-0.88.5-0.1.20060mlcs4.i586.rpm
25334fa761a4fabdf54a58e7b0f816c9
corporate/4.0/i586/clamav-db-0.88.5-0.1.20060mlcs4.i586.rpm
eb2f5b811c13df00bcb6d8cbd48ddd56
corporate/4.0/i586/clamav-milter-0.88.5-0.1.20060mlcs4.i586.rpm
136398c2a827e64e9090fb54d09038af
corporate/4.0/i586/clamd-0.88.5-0.1.20060mlcs4.i586.rpm
ce07174bf64d73244eece879a30cbd24
corporate/4.0/i586/libclamav1-0.88.5-0.1.20060mlcs4.i586.rpm
2ab18a6b380c61528afc8300c63ce69a
corporate/4.0/i586/libclamav1-devel-0.88.5-0.1.20060mlcs4.i586.rpm
f4cb68b37b1866f70520881d89fd3718
corporate/4.0/SRPMS/clamav-0.88.5-0.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
6b08a2c1b74209be1b2eb024f868687f
corporate/4.0/x86_64/clamav-0.88.5-0.1.20060mlcs4.x86_64.rpm
2b566bb7262e0d81c8443953d974c69f
corporate/4.0/x86_64/clamav-db-0.88.5-0.1.20060mlcs4.x86_64.rpm
6d16860abac0a7fb31992ca3ef21052c
corporate/4.0/x86_64/clamav-milter-0.88.5-0.1.20060mlcs4.x86_64.rpm
eab31907b6561495acb164328c272ce0
corporate/4.0/x86_64/clamd-0.88.5-0.1.20060mlcs4.x86_64.rpm
7a260e2c3a524d259027c8e54c63adb4
corporate/4.0/x86_64/lib64clamav1-0.88.5-0.1.20060mlcs4.x86_64.rpm
3ba6065a13cfd18d7b73366872ea8ccd
corporate/4.0/x86_64/lib64clamav1-devel-0.88.5-0.1.20060mlcs4.x86_64.rpm
f4cb68b37b1866f70520881d89fd3718
corporate/4.0/SRPMS/clamav-0.88.5-0.1.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFFNSuKmqjQ0CJFipgRAisVAKDL332h+poNjniQ+sr0FoGO9Zx7LQCgjQx9
6FE0xddk5MrCZvz/NulZeGk=
=VdLo
-----END PGP SIGNATURE-----