[ MDVSA-2008:003 ] - Updated clamav packages fix multiple vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2008:003
http://www.mandriva.com/security/
_______________________________________________________________________
Package : clamav
Date : January 8, 2008
Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
An integer overflow vulnerability was reported by iDefense with clamav
when parsing Portable Executable (PE) files packed in he MEW format.
This could be exploited to cause a heap-based buffer overflow
(CVE-2007-6335).
Toeroek Edwin reported an off-by-one error when decompressing MS-ZIP
compressed CAB files (CVE-2007-6336).
As well, an unspecified vulnerability related to the bzip2
decompression algorithm was also discovered (CVE-2007-6337).
Other bugs have also been corrected in 0.92 which is being provided
with this update. Because this new version has increased the major
of the libclamav library, updated dependent packages are also being
provided.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6335
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6336
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6337
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.0:
fc1ed2d6d7e2fa61e004fd494422e22f 2007.0/i586/clamav-0.92-1.2mdv2007.0.i586.rpm
0a7dfdfcdc80018d86f8bae73765eb92
2007.0/i586/clamav-db-0.92-1.2mdv2007.0.i586.rpm
ab2486ddadf2802c9e78430abb4e58fb
2007.0/i586/clamav-milter-0.92-1.2mdv2007.0.i586.rpm
d2194bbac627a8acafd970db80e20412 2007.0/i586/clamd-0.92-1.2mdv2007.0.i586.rpm
399a07092d1d78854d632dbe9817d6a5
2007.0/i586/clamdmon-0.92-1.2mdv2007.0.i586.rpm
47decdf9abd2202411c491e894c79929 2007.0/i586/klamav-0.41-1.2mdv2007.0.i586.rpm
1d943cf9dee68ffa180a71d858a70380
2007.0/i586/libclamav-devel-0.92-1.2mdv2007.0.i586.rpm
d989f8d8b42469a13a6d5fc2688bc9b2
2007.0/i586/libclamav3-0.92-1.2mdv2007.0.i586.rpm
62bfa2e660093513501a33789363d460 2007.0/SRPMS/clamav-0.92-1.2mdv2007.0.src.rpm
55e28787b08fb04beff3116e7f8d6493 2007.0/SRPMS/klamav-0.41-1.2mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
95f5232dc3753516030e8535729ab255
2007.0/x86_64/clamav-0.92-1.2mdv2007.0.x86_64.rpm
e7cebecea23dd203d52d179bf4d134cf
2007.0/x86_64/clamav-db-0.92-1.2mdv2007.0.x86_64.rpm
ef628aa8fe5942d46aa744732506deed
2007.0/x86_64/clamav-milter-0.92-1.2mdv2007.0.x86_64.rpm
183e54911edb0cc44973a8fd536637b0
2007.0/x86_64/clamd-0.92-1.2mdv2007.0.x86_64.rpm
b4518d6bb8613c99a790fe7f38b137c8
2007.0/x86_64/clamdmon-0.92-1.2mdv2007.0.x86_64.rpm
42f54d20f5532e816129b31cf60413a9
2007.0/x86_64/klamav-0.41-1.2mdv2007.0.x86_64.rpm
a50b759ceb63183e37f5763b4d1bd717
2007.0/x86_64/lib64clamav-devel-0.92-1.2mdv2007.0.x86_64.rpm
dafdf9a64ead071f9f04bdf2d4a58e6e
2007.0/x86_64/lib64clamav3-0.92-1.2mdv2007.0.x86_64.rpm
62bfa2e660093513501a33789363d460 2007.0/SRPMS/clamav-0.92-1.2mdv2007.0.src.rpm
55e28787b08fb04beff3116e7f8d6493 2007.0/SRPMS/klamav-0.41-1.2mdv2007.0.src.rpm
Mandriva Linux 2007.1:
98d49b30e7a6b938af5aaef9a472a25c 2007.1/i586/clamav-0.92-1.2mdv2007.1.i586.rpm
9bfdaad1a14b3565be36864193ce9840
2007.1/i586/clamav-db-0.92-1.2mdv2007.1.i586.rpm
4ad6c52459606908986826259d17fa4e
2007.1/i586/clamav-milter-0.92-1.2mdv2007.1.i586.rpm
bfe81d6d31909889f4a1f9822c6f3c87 2007.1/i586/clamd-0.92-1.2mdv2007.1.i586.rpm
77591c75d6176061fa120ad5b5329846
2007.1/i586/clamdmon-0.92-1.2mdv2007.1.i586.rpm
66939dc58639cc283cd4809719379100 2007.1/i586/klamav-0.41-2.1mdv2007.1.i586.rpm
cf7e4f222f7b1992174c52fc9fa5e5e2
2007.1/i586/libclamav-devel-0.92-1.2mdv2007.1.i586.rpm
405f62a1609dc6c8ea527bf2479030c1
2007.1/i586/libclamav3-0.92-1.2mdv2007.1.i586.rpm
b07c73a90d19f1a9d4c34cb586a51d0b 2007.1/SRPMS/clamav-0.92-1.2mdv2007.1.src.rpm
45f42d28eb80611716a514aeed60b147 2007.1/SRPMS/klamav-0.41-2.1mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
0ce7b6c2cc03b1a06812eaa8666a69d7
2007.1/x86_64/clamav-0.92-1.2mdv2007.1.x86_64.rpm
1d5785bb027b8f554d736b6b480755c2
2007.1/x86_64/clamav-db-0.92-1.2mdv2007.1.x86_64.rpm
721eeabf6bc31ac026af9a8971a010ee
2007.1/x86_64/clamav-milter-0.92-1.2mdv2007.1.x86_64.rpm
9d275b05f19ab0fbf8a294345aaf2d46
2007.1/x86_64/clamd-0.92-1.2mdv2007.1.x86_64.rpm
a20c0c41cdd1fb2a68e157eb7b9c6c37
2007.1/x86_64/clamdmon-0.92-1.2mdv2007.1.x86_64.rpm
18d5c2a141e17b054b87d98534c18820
2007.1/x86_64/klamav-0.41-2.1mdv2007.1.x86_64.rpm
bfc5e7ef4a1445d2f529dbd57aec9440
2007.1/x86_64/lib64clamav-devel-0.92-1.2mdv2007.1.x86_64.rpm
1284fd4541adfb80164a40a17bd367c4
2007.1/x86_64/lib64clamav3-0.92-1.2mdv2007.1.x86_64.rpm
b07c73a90d19f1a9d4c34cb586a51d0b 2007.1/SRPMS/clamav-0.92-1.2mdv2007.1.src.rpm
45f42d28eb80611716a514aeed60b147 2007.1/SRPMS/klamav-0.41-2.1mdv2007.1.src.rpm
Mandriva Linux 2008.0:
6845c3727edd9c4cd40ab453433b23de 2008.0/i586/clamav-0.92-1.2mdv2008.0.i586.rpm
be3ee6e6a5507432295ab884b28dd963
2008.0/i586/clamav-db-0.92-1.2mdv2008.0.i586.rpm
b75df65dda486cbff50a07dfc5f67053
2008.0/i586/clamav-milter-0.92-1.2mdv2008.0.i586.rpm
d6c5d54b74df8ad54c8c0166a5dfca5a 2008.0/i586/clamd-0.92-1.2mdv2008.0.i586.rpm
99690d8f46e628ced3d7511c3961d8c8
2008.0/i586/clamdmon-0.92-1.2mdv2008.0.i586.rpm
a761c21b0b0132567e45e005f4b46d59
2008.0/i586/klamav-0.41.1-2.1mdv2008.0.i586.rpm
1eca36b7674292f957de5c7809ef7c8f
2008.0/i586/libclamav-devel-0.92-1.2mdv2008.0.i586.rpm
3b593a73a49128450d7dd0b55d379c87
2008.0/i586/libclamav3-0.92-1.2mdv2008.0.i586.rpm
51dc9ab3b42c323547d03de5db226a84 2008.0/SRPMS/clamav-0.92-1.2mdv2008.0.src.rpm
4257ab503f00c056db9e2d2ec5be92d7
2008.0/SRPMS/klamav-0.41.1-2.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
cde28a6c10e4e649fdc2e76a3c058190
2008.0/x86_64/clamav-0.92-1.2mdv2008.0.x86_64.rpm
cddc66f6bf586632b3b6372a55dd01d9
2008.0/x86_64/clamav-db-0.92-1.2mdv2008.0.x86_64.rpm
0f55d2cd2560725241a599eaf4473b16
2008.0/x86_64/clamav-milter-0.92-1.2mdv2008.0.x86_64.rpm
91c0c8d9a951437a31dce3de060e948e
2008.0/x86_64/clamd-0.92-1.2mdv2008.0.x86_64.rpm
835e414799fd885acb37697e7a94a0ac
2008.0/x86_64/clamdmon-0.92-1.2mdv2008.0.x86_64.rpm
c4bb62543906bd0685ef3dedbd1d1eed
2008.0/x86_64/klamav-0.41.1-2.1mdv2008.0.x86_64.rpm
013062a449726abcdb0e6ac69c0932d1
2008.0/x86_64/lib64clamav-devel-0.92-1.2mdv2008.0.x86_64.rpm
f6b532ea61bf4213123804b00b7e0d40
2008.0/x86_64/lib64clamav3-0.92-1.2mdv2008.0.x86_64.rpm
51dc9ab3b42c323547d03de5db226a84 2008.0/SRPMS/clamav-0.92-1.2mdv2008.0.src.rpm
4257ab503f00c056db9e2d2ec5be92d7
2008.0/SRPMS/klamav-0.41.1-2.1mdv2008.0.src.rpm
Corporate 3.0:
3f2a48e871c6c4a3b0a57d0eaa622a37
corporate/3.0/i586/clamav-0.92-0.2.C30mdk.i586.rpm
ce3f09c9cbbd81bd2f5b035bf29a5b46
corporate/3.0/i586/clamav-db-0.92-0.2.C30mdk.i586.rpm
e60f7417cdeddb012eb8b1f5713d63a3
corporate/3.0/i586/clamav-milter-0.92-0.2.C30mdk.i586.rpm
74f1aee20b5031b0ac067d188f7168fb
corporate/3.0/i586/clamd-0.92-0.2.C30mdk.i586.rpm
3bb0b303bef626dc9543310c6fb25696
corporate/3.0/i586/clamdmon-0.92-0.2.C30mdk.i586.rpm
9f6845a740d65133e4ddfc4b3f97c11a
corporate/3.0/i586/libclamav-devel-0.92-0.2.C30mdk.i586.rpm
5364bdfc013ade1199cd9e95f1587b20
corporate/3.0/i586/libclamav3-0.92-0.2.C30mdk.i586.rpm
3706e74c9205d888150c74a5310741e0
corporate/3.0/SRPMS/clamav-0.92-0.2.C30mdk.src.rpm
Corporate 3.0/X86_64:
c07a6b3b930907d623ac66abb1b3a599
corporate/3.0/x86_64/clamav-0.92-0.2.C30mdk.x86_64.rpm
dc5a98c4378b9fd58e9c4dcc149d9708
corporate/3.0/x86_64/clamav-db-0.92-0.2.C30mdk.x86_64.rpm
93bc3c83d173c8fa6b5f8fba96df8847
corporate/3.0/x86_64/clamav-milter-0.92-0.2.C30mdk.x86_64.rpm
3038d4e399a7ee4dd07739e91a10a675
corporate/3.0/x86_64/clamd-0.92-0.2.C30mdk.x86_64.rpm
ed758355a6d8b53bf3a5a5d84124c789
corporate/3.0/x86_64/clamdmon-0.92-0.2.C30mdk.x86_64.rpm
9546306ca59838c1b35fac61a12297b3
corporate/3.0/x86_64/lib64clamav-devel-0.92-0.2.C30mdk.x86_64.rpm
5817803ca6185e173127889ae7640589
corporate/3.0/x86_64/lib64clamav3-0.92-0.2.C30mdk.x86_64.rpm
3706e74c9205d888150c74a5310741e0
corporate/3.0/SRPMS/clamav-0.92-0.2.C30mdk.src.rpm
Corporate 4.0:
09bc97f6d0c3a507537dd5df5d5a2e9e
corporate/4.0/i586/c-icap-client-210205-5.2.20060mlcs4.i586.rpm
c162b402dd359cef918fca6a4ee55dc4
corporate/4.0/i586/c-icap-modules-210205-5.2.20060mlcs4.i586.rpm
4ef1e16aa796f03a35e4fde3b2e73c29
corporate/4.0/i586/c-icap-server-210205-5.2.20060mlcs4.i586.rpm
b300a7fc384f7425c10b5498c703f2c9
corporate/4.0/i586/clamav-0.92-0.2.20060mlcs4.i586.rpm
2445d34f9632fa547ae0a1884152e7f2
corporate/4.0/i586/clamav-db-0.92-0.2.20060mlcs4.i586.rpm
4fbf33fa8581f1e9149064bf98286d76
corporate/4.0/i586/clamav-milter-0.92-0.2.20060mlcs4.i586.rpm
d7975bcedccf63ad68fa1003c39ea38f
corporate/4.0/i586/clamd-0.92-0.2.20060mlcs4.i586.rpm
1a36e1a5f049193ebc4183116b0efba1
corporate/4.0/i586/clamdmon-0.92-0.2.20060mlcs4.i586.rpm
d65e1dc78894367ec8778cdd4b3dcaab
corporate/4.0/i586/libc-icap0-210205-5.2.20060mlcs4.i586.rpm
557e71c20126d3e8e2b3761d618e81b2
corporate/4.0/i586/libc-icap0-devel-210205-5.2.20060mlcs4.i586.rpm
7547cb16781ef5864049bdbe3be066ca
corporate/4.0/i586/libclamav-devel-0.92-0.2.20060mlcs4.i586.rpm
8670164705db11dab33cf01aecee05b5
corporate/4.0/i586/libclamav3-0.92-0.2.20060mlcs4.i586.rpm
4bdc08d830df3e0b8ddc2eada232a83d
corporate/4.0/i586/php-clamav-0.12a-8.2.20060mlcs4.i586.rpm
ab588a94a6ae104f6a379dd164fdbb9b
corporate/4.0/SRPMS/c-icap-210205-5.2.20060mlcs4.src.rpm
f62afc45435fb35b7a24b5a1a9827099
corporate/4.0/SRPMS/clamav-0.92-0.2.20060mlcs4.src.rpm
1fdbb8cab6b50d1648dcc162f1e9aad8
corporate/4.0/SRPMS/php-clamav-0.12a-8.2.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
f84c1bd0a6e0794991262915dd73682c
corporate/4.0/x86_64/c-icap-client-210205-5.2.20060mlcs4.x86_64.rpm
1a4cea375f8278d8fa74e578e05b99f8
corporate/4.0/x86_64/c-icap-modules-210205-5.2.20060mlcs4.x86_64.rpm
c86cf3a99cb02b60686cfafebdabc427
corporate/4.0/x86_64/c-icap-server-210205-5.2.20060mlcs4.x86_64.rpm
ac36226fb9c603e53c6b8ae0cc834106
corporate/4.0/x86_64/clamav-0.92-0.2.20060mlcs4.x86_64.rpm
8b6b8043edb52c9510e634a6f5549ffc
corporate/4.0/x86_64/clamav-db-0.92-0.2.20060mlcs4.x86_64.rpm
80313735603168fa6d4d1cee550b4461
corporate/4.0/x86_64/clamav-milter-0.92-0.2.20060mlcs4.x86_64.rpm
5edc55a2746cdbfbc9dab0c138cd7904
corporate/4.0/x86_64/clamd-0.92-0.2.20060mlcs4.x86_64.rpm
bf4df46b323a4184726b02b8551fbb74
corporate/4.0/x86_64/clamdmon-0.92-0.2.20060mlcs4.x86_64.rpm
3bd7ab884f9e1dce5d127ded6b81cddc
corporate/4.0/x86_64/lib64c-icap0-210205-5.2.20060mlcs4.x86_64.rpm
6f688ee2b22016964b46dc81c8a075a0
corporate/4.0/x86_64/lib64c-icap0-devel-210205-5.2.20060mlcs4.x86_64.rpm
a8f718d57e5533e8df7c47cd26f5b2a4
corporate/4.0/x86_64/lib64clamav-devel-0.92-0.2.20060mlcs4.x86_64.rpm
a7e2bca01fdf9ec52bb277b85260a6f4
corporate/4.0/x86_64/lib64clamav3-0.92-0.2.20060mlcs4.x86_64.rpm
a0eff3d2addb10828672f26d1ef9aebf
corporate/4.0/x86_64/php-clamav-0.12a-8.2.20060mlcs4.x86_64.rpm
ab588a94a6ae104f6a379dd164fdbb9b
corporate/4.0/SRPMS/c-icap-210205-5.2.20060mlcs4.src.rpm
f62afc45435fb35b7a24b5a1a9827099
corporate/4.0/SRPMS/clamav-0.92-0.2.20060mlcs4.src.rpm
1fdbb8cab6b50d1648dcc162f1e9aad8
corporate/4.0/SRPMS/php-clamav-0.12a-8.2.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
iD8DBQFHhEmcmqjQ0CJFipgRAvVeAJ45qzu/QLzIfZj6gtC30oXmGzl8/wCePF5A
vIfEl5eWay4ZlBdo5q23Y4M=
=9O4q
-----END PGP SIGNATURE-----