[ MDKSA-2006:230 ] - Updated clamav packages fix vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2006:230
http://www.mandriva.com/security/
_______________________________________________________________________
Package : clamav
Date : December 13, 2006
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
The latest version of ClamAV, 0.88.7, fixes some bugs, including
vulnerabilities with handling base64-encoded MIME attachment files that
can lead to either a) a crash (CVE-2006-5874), or b) a bypass of virus
detection (CVE-2006-6406).
As well, a vulnerability was discovered that allows remote attackers to
cause a stack overflow and application crash by wrapping many layers of
multipart/mixed content around a document (CVE-2006-6481).
The latest ClamAV is being provided to address these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5874
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6406
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6481
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2006.0:
b62b980e893f31cb4a1868bf654111b1
2006.0/i586/clamav-0.88.7-0.1.20060mdk.i586.rpm
45224507b6eb7548d77d350e49b779bf
2006.0/i586/clamav-db-0.88.7-0.1.20060mdk.i586.rpm
2839e6db4e043c8c5f30242073fd463a
2006.0/i586/clamav-milter-0.88.7-0.1.20060mdk.i586.rpm
1efab3d20fc9a3ee591bca6cd911f432
2006.0/i586/clamd-0.88.7-0.1.20060mdk.i586.rpm
a02b321e3540dc8746568ceb89978d8a
2006.0/i586/libclamav1-0.88.7-0.1.20060mdk.i586.rpm
a2a63b58aa4799427b10b2ef3df0312a
2006.0/i586/libclamav1-devel-0.88.7-0.1.20060mdk.i586.rpm
d0eec42b243ddf7adf64cf64d1220381
2006.0/SRPMS/clamav-0.88.7-0.1.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
c82c856996f6916e538ad1d8108f32ff
2006.0/x86_64/clamav-0.88.7-0.1.20060mdk.x86_64.rpm
c14d9d0ff168241afaed73f5835b1e76
2006.0/x86_64/clamav-db-0.88.7-0.1.20060mdk.x86_64.rpm
501ae197ee84e3a9b791bab78e27d744
2006.0/x86_64/clamav-milter-0.88.7-0.1.20060mdk.x86_64.rpm
795e8d155a0b93f3854c2a454f265cbd
2006.0/x86_64/clamd-0.88.7-0.1.20060mdk.x86_64.rpm
94d70db54cb3129082c5c30d294368d9
2006.0/x86_64/lib64clamav1-0.88.7-0.1.20060mdk.x86_64.rpm
d130298465adc84967cc4b2f00b7e3ba
2006.0/x86_64/lib64clamav1-devel-0.88.7-0.1.20060mdk.x86_64.rpm
d0eec42b243ddf7adf64cf64d1220381
2006.0/SRPMS/clamav-0.88.7-0.1.20060mdk.src.rpm
Mandriva Linux 2007.0:
96ed9d67bba561245f73cc69596c4d47
2007.0/i586/clamav-0.88.7-1.1mdv2007.0.i586.rpm
3b0d3b89b0507b6a8c65b675a0fbb67b
2007.0/i586/clamav-db-0.88.7-1.1mdv2007.0.i586.rpm
31a67792b8319f86c1a48d82c78c06a0
2007.0/i586/clamav-milter-0.88.7-1.1mdv2007.0.i586.rpm
3277aa7171b3e4d05d03d7ee7d1c0ed4
2007.0/i586/clamd-0.88.7-1.1mdv2007.0.i586.rpm
c25960475a4606bbd910a0200e4cf53f
2007.0/i586/libclamav1-0.88.7-1.1mdv2007.0.i586.rpm
265ac03db8213dd9bfca2723b300a763
2007.0/i586/libclamav1-devel-0.88.7-1.1mdv2007.0.i586.rpm
6a4400d492a1a960b8d92f00552d7d18
2007.0/SRPMS/clamav-0.88.7-1.1mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
88d6558eaedc651f5997a25a303079a5
2007.0/x86_64/clamav-0.88.7-1.1mdv2007.0.x86_64.rpm
78e4cd526a8622b6e12f84fa4ae3d6d0
2007.0/x86_64/clamav-db-0.88.7-1.1mdv2007.0.x86_64.rpm
61e1966f5630a939136957d82acbb4c6
2007.0/x86_64/clamav-milter-0.88.7-1.1mdv2007.0.x86_64.rpm
9d19aefac34f54e499c36733eca73111
2007.0/x86_64/clamd-0.88.7-1.1mdv2007.0.x86_64.rpm
bdf0b48ad7b2afb5aa17b57f42482cf8
2007.0/x86_64/lib64clamav1-0.88.7-1.1mdv2007.0.x86_64.rpm
2cd6d0d8d721cf027d0e2bcaebc34cbc
2007.0/x86_64/lib64clamav1-devel-0.88.7-1.1mdv2007.0.x86_64.rpm
6a4400d492a1a960b8d92f00552d7d18
2007.0/SRPMS/clamav-0.88.7-1.1mdv2007.0.src.rpm
Corporate 3.0:
feaa3bc3bf4a008ebe28be198d00fdf3
corporate/3.0/i586/clamav-0.88.7-0.1.C30mdk.i586.rpm
07d17cdbf4f6037211a6ccd8fa19dacb
corporate/3.0/i586/clamav-db-0.88.7-0.1.C30mdk.i586.rpm
86d5d1ba6a021918dfec382d363f1b6c
corporate/3.0/i586/clamav-milter-0.88.7-0.1.C30mdk.i586.rpm
cd6b3538836b38a4280bc87b8973622f
corporate/3.0/i586/clamd-0.88.7-0.1.C30mdk.i586.rpm
9267bc8bfe596439de8886223bad26e9
corporate/3.0/i586/libclamav1-0.88.7-0.1.C30mdk.i586.rpm
4682ad4e008c5ce93429034abe40d5d6
corporate/3.0/i586/libclamav1-devel-0.88.7-0.1.C30mdk.i586.rpm
98f8117362b50ca3e775894d45a5fcfb
corporate/3.0/SRPMS/clamav-0.88.7-0.1.C30mdk.src.rpm
Corporate 3.0/X86_64:
cfa59847b3868d67dac9c61ce07a310d
corporate/3.0/x86_64/clamav-0.88.7-0.1.C30mdk.x86_64.rpm
53d4c93840bb02b1092b2a8122e555e5
corporate/3.0/x86_64/clamav-db-0.88.7-0.1.C30mdk.x86_64.rpm
893ef35e464ef5e9b1f7bad7ce1b1842
corporate/3.0/x86_64/clamav-milter-0.88.7-0.1.C30mdk.x86_64.rpm
dfa01a642a5b00c298a6bd85a82d7a5d
corporate/3.0/x86_64/clamd-0.88.7-0.1.C30mdk.x86_64.rpm
0ee7a5c70a4f3d2e01e19a3abda229fb
corporate/3.0/x86_64/lib64clamav1-0.88.7-0.1.C30mdk.x86_64.rpm
7007fdd4b7c038c85947cda87c5262d3
corporate/3.0/x86_64/lib64clamav1-devel-0.88.7-0.1.C30mdk.x86_64.rpm
98f8117362b50ca3e775894d45a5fcfb
corporate/3.0/SRPMS/clamav-0.88.7-0.1.C30mdk.src.rpm
Corporate 4.0:
1fc7dc3770ca0a6aa16c6213d5d19fcc
corporate/4.0/i586/clamav-0.88.7-0.1.20060mlcs4.i586.rpm
aa5259c487956b9de144fe12710f3f1c
corporate/4.0/i586/clamav-db-0.88.7-0.1.20060mlcs4.i586.rpm
15fca428565d2dd9f2c169359826a95a
corporate/4.0/i586/clamav-milter-0.88.7-0.1.20060mlcs4.i586.rpm
6a2ad1ede1e2d686c6d894e8c8b1e441
corporate/4.0/i586/clamd-0.88.7-0.1.20060mlcs4.i586.rpm
87a1ad35fa480c91a769351bb9571698
corporate/4.0/i586/libclamav1-0.88.7-0.1.20060mlcs4.i586.rpm
1c3f598674665c6c399e7799103dc4b7
corporate/4.0/i586/libclamav1-devel-0.88.7-0.1.20060mlcs4.i586.rpm
bbbd149e943f327577eba98d7c5dce0a
corporate/4.0/SRPMS/clamav-0.88.7-0.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
5941452de407b4f4d0e5631d57cea1b8
corporate/4.0/x86_64/clamav-0.88.7-0.1.20060mlcs4.x86_64.rpm
86dca13c238afc9ccb7683542ad12b44
corporate/4.0/x86_64/clamav-db-0.88.7-0.1.20060mlcs4.x86_64.rpm
249703cc4d464ef85067b4659d0e6757
corporate/4.0/x86_64/clamav-milter-0.88.7-0.1.20060mlcs4.x86_64.rpm
bf8037a275cf6e28a1a1227b5a9e5777
corporate/4.0/x86_64/clamd-0.88.7-0.1.20060mlcs4.x86_64.rpm
7b507bda94614b3f4547415df052af0f
corporate/4.0/x86_64/lib64clamav1-0.88.7-0.1.20060mlcs4.x86_64.rpm
2778dd446bbd8b0e7f8e756bd8d8634f
corporate/4.0/x86_64/lib64clamav1-devel-0.88.7-0.1.20060mlcs4.x86_64.rpm
bbbd149e943f327577eba98d7c5dce0a
corporate/4.0/SRPMS/clamav-0.88.7-0.1.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFFgKmimqjQ0CJFipgRAo1UAKD1yGF4pBsvp0qCiA8d6+Y1fOqnRQCeLXip
wqTUVda/tbDQwDjyJK5R76c=
=onOo
-----END PGP SIGNATURE-----