[ MDKSA-2006:230 ] - Updated clamav packages fix vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: [ MDKSA-2006:230 ] - Updated clamav packages fix vulnerability
From: security@xxxxxxxxxxxx
Date: Wed, 13 Dec 2006 21:47:00 -0700
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Reply-to: <xsecurity@xxxxxxxxxxxx>
Sender: QATeam User <qateam@xxxxxxxxxxxxxxxxxxxx>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:230
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : clamav
 Date    : December 13, 2006
 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 The latest version of ClamAV, 0.88.7, fixes some bugs, including
 vulnerabilities with handling base64-encoded MIME attachment files that
 can lead to either a) a crash (CVE-2006-5874), or b) a bypass of virus
 detection (CVE-2006-6406).

 As well, a vulnerability was discovered that allows remote attackers to
 cause a stack overflow and application crash by wrapping many layers of
 multipart/mixed content around a document (CVE-2006-6481).

 The latest ClamAV is being provided to address these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5874
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6406
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6481
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 b62b980e893f31cb4a1868bf654111b1  
2006.0/i586/clamav-0.88.7-0.1.20060mdk.i586.rpm
 45224507b6eb7548d77d350e49b779bf  
2006.0/i586/clamav-db-0.88.7-0.1.20060mdk.i586.rpm
 2839e6db4e043c8c5f30242073fd463a  
2006.0/i586/clamav-milter-0.88.7-0.1.20060mdk.i586.rpm
 1efab3d20fc9a3ee591bca6cd911f432  
2006.0/i586/clamd-0.88.7-0.1.20060mdk.i586.rpm
 a02b321e3540dc8746568ceb89978d8a  
2006.0/i586/libclamav1-0.88.7-0.1.20060mdk.i586.rpm
 a2a63b58aa4799427b10b2ef3df0312a  
2006.0/i586/libclamav1-devel-0.88.7-0.1.20060mdk.i586.rpm 
 d0eec42b243ddf7adf64cf64d1220381  
2006.0/SRPMS/clamav-0.88.7-0.1.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 c82c856996f6916e538ad1d8108f32ff  
2006.0/x86_64/clamav-0.88.7-0.1.20060mdk.x86_64.rpm
 c14d9d0ff168241afaed73f5835b1e76  
2006.0/x86_64/clamav-db-0.88.7-0.1.20060mdk.x86_64.rpm
 501ae197ee84e3a9b791bab78e27d744  
2006.0/x86_64/clamav-milter-0.88.7-0.1.20060mdk.x86_64.rpm
 795e8d155a0b93f3854c2a454f265cbd  
2006.0/x86_64/clamd-0.88.7-0.1.20060mdk.x86_64.rpm
 94d70db54cb3129082c5c30d294368d9  
2006.0/x86_64/lib64clamav1-0.88.7-0.1.20060mdk.x86_64.rpm
 d130298465adc84967cc4b2f00b7e3ba  
2006.0/x86_64/lib64clamav1-devel-0.88.7-0.1.20060mdk.x86_64.rpm 
 d0eec42b243ddf7adf64cf64d1220381  
2006.0/SRPMS/clamav-0.88.7-0.1.20060mdk.src.rpm

 Mandriva Linux 2007.0:
 96ed9d67bba561245f73cc69596c4d47  
2007.0/i586/clamav-0.88.7-1.1mdv2007.0.i586.rpm
 3b0d3b89b0507b6a8c65b675a0fbb67b  
2007.0/i586/clamav-db-0.88.7-1.1mdv2007.0.i586.rpm
 31a67792b8319f86c1a48d82c78c06a0  
2007.0/i586/clamav-milter-0.88.7-1.1mdv2007.0.i586.rpm
 3277aa7171b3e4d05d03d7ee7d1c0ed4  
2007.0/i586/clamd-0.88.7-1.1mdv2007.0.i586.rpm
 c25960475a4606bbd910a0200e4cf53f  
2007.0/i586/libclamav1-0.88.7-1.1mdv2007.0.i586.rpm
 265ac03db8213dd9bfca2723b300a763  
2007.0/i586/libclamav1-devel-0.88.7-1.1mdv2007.0.i586.rpm 
 6a4400d492a1a960b8d92f00552d7d18  
2007.0/SRPMS/clamav-0.88.7-1.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 88d6558eaedc651f5997a25a303079a5  
2007.0/x86_64/clamav-0.88.7-1.1mdv2007.0.x86_64.rpm
 78e4cd526a8622b6e12f84fa4ae3d6d0  
2007.0/x86_64/clamav-db-0.88.7-1.1mdv2007.0.x86_64.rpm
 61e1966f5630a939136957d82acbb4c6  
2007.0/x86_64/clamav-milter-0.88.7-1.1mdv2007.0.x86_64.rpm
 9d19aefac34f54e499c36733eca73111  
2007.0/x86_64/clamd-0.88.7-1.1mdv2007.0.x86_64.rpm
 bdf0b48ad7b2afb5aa17b57f42482cf8  
2007.0/x86_64/lib64clamav1-0.88.7-1.1mdv2007.0.x86_64.rpm
 2cd6d0d8d721cf027d0e2bcaebc34cbc  
2007.0/x86_64/lib64clamav1-devel-0.88.7-1.1mdv2007.0.x86_64.rpm 
 6a4400d492a1a960b8d92f00552d7d18  
2007.0/SRPMS/clamav-0.88.7-1.1mdv2007.0.src.rpm

 Corporate 3.0:
 feaa3bc3bf4a008ebe28be198d00fdf3  
corporate/3.0/i586/clamav-0.88.7-0.1.C30mdk.i586.rpm
 07d17cdbf4f6037211a6ccd8fa19dacb  
corporate/3.0/i586/clamav-db-0.88.7-0.1.C30mdk.i586.rpm
 86d5d1ba6a021918dfec382d363f1b6c  
corporate/3.0/i586/clamav-milter-0.88.7-0.1.C30mdk.i586.rpm
 cd6b3538836b38a4280bc87b8973622f  
corporate/3.0/i586/clamd-0.88.7-0.1.C30mdk.i586.rpm
 9267bc8bfe596439de8886223bad26e9  
corporate/3.0/i586/libclamav1-0.88.7-0.1.C30mdk.i586.rpm
 4682ad4e008c5ce93429034abe40d5d6  
corporate/3.0/i586/libclamav1-devel-0.88.7-0.1.C30mdk.i586.rpm 
 98f8117362b50ca3e775894d45a5fcfb  
corporate/3.0/SRPMS/clamav-0.88.7-0.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 cfa59847b3868d67dac9c61ce07a310d  
corporate/3.0/x86_64/clamav-0.88.7-0.1.C30mdk.x86_64.rpm
 53d4c93840bb02b1092b2a8122e555e5  
corporate/3.0/x86_64/clamav-db-0.88.7-0.1.C30mdk.x86_64.rpm
 893ef35e464ef5e9b1f7bad7ce1b1842  
corporate/3.0/x86_64/clamav-milter-0.88.7-0.1.C30mdk.x86_64.rpm
 dfa01a642a5b00c298a6bd85a82d7a5d  
corporate/3.0/x86_64/clamd-0.88.7-0.1.C30mdk.x86_64.rpm
 0ee7a5c70a4f3d2e01e19a3abda229fb  
corporate/3.0/x86_64/lib64clamav1-0.88.7-0.1.C30mdk.x86_64.rpm
 7007fdd4b7c038c85947cda87c5262d3  
corporate/3.0/x86_64/lib64clamav1-devel-0.88.7-0.1.C30mdk.x86_64.rpm 
 98f8117362b50ca3e775894d45a5fcfb  
corporate/3.0/SRPMS/clamav-0.88.7-0.1.C30mdk.src.rpm

 Corporate 4.0:
 1fc7dc3770ca0a6aa16c6213d5d19fcc  
corporate/4.0/i586/clamav-0.88.7-0.1.20060mlcs4.i586.rpm
 aa5259c487956b9de144fe12710f3f1c  
corporate/4.0/i586/clamav-db-0.88.7-0.1.20060mlcs4.i586.rpm
 15fca428565d2dd9f2c169359826a95a  
corporate/4.0/i586/clamav-milter-0.88.7-0.1.20060mlcs4.i586.rpm
 6a2ad1ede1e2d686c6d894e8c8b1e441  
corporate/4.0/i586/clamd-0.88.7-0.1.20060mlcs4.i586.rpm
 87a1ad35fa480c91a769351bb9571698  
corporate/4.0/i586/libclamav1-0.88.7-0.1.20060mlcs4.i586.rpm
 1c3f598674665c6c399e7799103dc4b7  
corporate/4.0/i586/libclamav1-devel-0.88.7-0.1.20060mlcs4.i586.rpm 
 bbbd149e943f327577eba98d7c5dce0a  
corporate/4.0/SRPMS/clamav-0.88.7-0.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 5941452de407b4f4d0e5631d57cea1b8  
corporate/4.0/x86_64/clamav-0.88.7-0.1.20060mlcs4.x86_64.rpm
 86dca13c238afc9ccb7683542ad12b44  
corporate/4.0/x86_64/clamav-db-0.88.7-0.1.20060mlcs4.x86_64.rpm
 249703cc4d464ef85067b4659d0e6757  
corporate/4.0/x86_64/clamav-milter-0.88.7-0.1.20060mlcs4.x86_64.rpm
 bf8037a275cf6e28a1a1227b5a9e5777  
corporate/4.0/x86_64/clamd-0.88.7-0.1.20060mlcs4.x86_64.rpm
 7b507bda94614b3f4547415df052af0f  
corporate/4.0/x86_64/lib64clamav1-0.88.7-0.1.20060mlcs4.x86_64.rpm
 2778dd446bbd8b0e7f8e756bd8d8634f  
corporate/4.0/x86_64/lib64clamav1-devel-0.88.7-0.1.20060mlcs4.x86_64.rpm 
 bbbd149e943f327577eba98d7c5dce0a  
corporate/4.0/SRPMS/clamav-0.88.7-0.1.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFgKmimqjQ0CJFipgRAo1UAKD1yGF4pBsvp0qCiA8d6+Y1fOqnRQCeLXip
wqTUVda/tbDQwDjyJK5R76c=
=onOo
-----END PGP SIGNATURE-----

Prev by Date: [ MDKSA-2006:229 ] - Updated evince packages fix buffer overflow vulnerability
Next by Date: [CAID 34870]: CA Anti-Virus vetfddnt.sys, vetmonnt.sys Local Denial of Service Vulnerabilities
Previous by thread: [ MDKSA-2006:229 ] - Updated evince packages fix buffer overflow vulnerability
Next by thread: [CAID 34870]: CA Anti-Virus vetfddnt.sys, vetmonnt.sys Local Denial of Service Vulnerabilities
Index(es):
- Date
- Thread