[ MDVSA-2008:189 ] clamav
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2008:189
http://www.mandriva.com/security/
_______________________________________________________________________
Package : clamav
Date : September 9, 2008
Affected: 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities were discovered in ClamAV and corrected with
the 0.94 release, including:
A vulnerability in ClamAV's chm-parser allowed remote attackers to
cause a denial of service (application crash) via a malformed CHM file
(CVE-2008-1389).
A vulnerability in libclamav would allow attackers to cause a
denial of service via vectors related to an out-of-memory condition
(CVE-2008-3912).
Multiple memory leaks were found in ClamAV that could possibly allow
attackers to cause a denial of service via excessive memory consumption
(CVE-2008-3913).
A number of unspecified vulnerabilities in ClamAV were reported that
have an unknown impact and attack vectors related to file descriptor
leaks (CVE-2008-3914).
Other bugs have also been corrected in 0.94 which is being provided
with this update. Because this new version has increased the major
of the libclamav library, updated dependent packages are also being
provided.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3912
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3913
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3914
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.1:
5a59d6fe5e4fc3dfeffa930bf1bfbade 2007.1/i586/clamav-0.94-1.1mdv2007.1.i586.rpm
6699ae8d7a278a4546bd16b8edd92b80
2007.1/i586/clamav-db-0.94-1.1mdv2007.1.i586.rpm
369affe714278781d07748aa9aa3282d
2007.1/i586/clamav-milter-0.94-1.1mdv2007.1.i586.rpm
a34884b3416c7039bfe0307329a75469 2007.1/i586/clamd-0.94-1.1mdv2007.1.i586.rpm
326099a42cc04963de5a4e6c32d9295e 2007.1/i586/klamav-0.44-1.1mdv2007.1.i586.rpm
3dac3a08b8077d6367ca22bf9b8b5731
2007.1/i586/libclamav5-0.94-1.1mdv2007.1.i586.rpm
329b46ef055ea610b9baa0a364cce0b0
2007.1/i586/libclamav-devel-0.94-1.1mdv2007.1.i586.rpm
685aea74c200241fdf8ef9fc6f4e4e7b 2007.1/SRPMS/clamav-0.94-1.1mdv2007.1.src.rpm
25b939eb3abfe70374edf4f314f7d2bc 2007.1/SRPMS/klamav-0.44-1.1mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
19b119eeae8187c820a56681ec003bd2
2007.1/x86_64/clamav-0.94-1.1mdv2007.1.x86_64.rpm
44f1c6f2729a154a4d5b92b9b0185b37
2007.1/x86_64/clamav-db-0.94-1.1mdv2007.1.x86_64.rpm
c4a07f4bd14120db422b196f32c491fe
2007.1/x86_64/clamav-milter-0.94-1.1mdv2007.1.x86_64.rpm
4ac4af22079d824c87f83224bb0a5e0a
2007.1/x86_64/clamd-0.94-1.1mdv2007.1.x86_64.rpm
577fa90a30d5b2f47fbd730bf6abcd1f
2007.1/x86_64/klamav-0.44-1.1mdv2007.1.x86_64.rpm
7bcfa45a9c5b60eb9a1a6eac3a9e475c
2007.1/x86_64/lib64clamav5-0.94-1.1mdv2007.1.x86_64.rpm
f2aaa85f2e0504a380dec20f644efecc
2007.1/x86_64/lib64clamav-devel-0.94-1.1mdv2007.1.x86_64.rpm
685aea74c200241fdf8ef9fc6f4e4e7b 2007.1/SRPMS/clamav-0.94-1.1mdv2007.1.src.rpm
25b939eb3abfe70374edf4f314f7d2bc 2007.1/SRPMS/klamav-0.44-1.1mdv2007.1.src.rpm
Mandriva Linux 2008.0:
07c42704f9eb9c8030f801f229304b3e 2008.0/i586/clamav-0.94-1.1mdv2008.0.i586.rpm
5103d15263284af283399e0eeb71296a
2008.0/i586/clamav-db-0.94-1.1mdv2008.0.i586.rpm
2cf2f1d21d5428c8a26a80d6a70e8a34
2008.0/i586/clamav-milter-0.94-1.1mdv2008.0.i586.rpm
fc53823cb1b73eb75c008a3ebc21193a 2008.0/i586/clamd-0.94-1.1mdv2008.0.i586.rpm
67b1edd4b40dbc10e3594e79a9016f0e 2008.0/i586/klamav-0.44-1.1mdv2008.0.i586.rpm
779bd44fb23ab3d7c38a0ebef3382938
2008.0/i586/libclamav5-0.94-1.1mdv2008.0.i586.rpm
2ec3fb577dc1da56af0481f197e2000d
2008.0/i586/libclamav-devel-0.94-1.1mdv2008.0.i586.rpm
fff2dc6701ea1a7e458e0c7305d7c4b4 2008.0/SRPMS/clamav-0.94-1.1mdv2008.0.src.rpm
790d1fafeb9d594a4ef8b0815f3262b2 2008.0/SRPMS/klamav-0.44-1.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
19a38a3e0dd4b8110978001c9e00983c
2008.0/x86_64/clamav-0.94-1.1mdv2008.0.x86_64.rpm
7d656ec44f2bb5ff2b0fec6bafa7df70
2008.0/x86_64/clamav-db-0.94-1.1mdv2008.0.x86_64.rpm
836b5f5b80d43e8deccc568c4ab13d29
2008.0/x86_64/clamav-milter-0.94-1.1mdv2008.0.x86_64.rpm
3fcf6e4b59d7b7478f54293fcd2ee645
2008.0/x86_64/clamd-0.94-1.1mdv2008.0.x86_64.rpm
2ce435e797aff93eaa669bddd07c80f5
2008.0/x86_64/klamav-0.44-1.1mdv2008.0.x86_64.rpm
24e564b09aa2da8b990341faaaed48e7
2008.0/x86_64/lib64clamav5-0.94-1.1mdv2008.0.x86_64.rpm
f3aad5e06843c9b3e2d02ad200061e0e
2008.0/x86_64/lib64clamav-devel-0.94-1.1mdv2008.0.x86_64.rpm
fff2dc6701ea1a7e458e0c7305d7c4b4 2008.0/SRPMS/clamav-0.94-1.1mdv2008.0.src.rpm
790d1fafeb9d594a4ef8b0815f3262b2 2008.0/SRPMS/klamav-0.44-1.1mdv2008.0.src.rpm
Mandriva Linux 2008.1:
d14bdc1a6449db5cc1503bd4d333e8a2 2008.1/i586/clamav-0.94-1.1mdv2008.1.i586.rpm
f95700d3c9261ad949057511d3b39387
2008.1/i586/clamav-db-0.94-1.1mdv2008.1.i586.rpm
8cab4ed20a974f34a94072792c453abf
2008.1/i586/clamav-milter-0.94-1.1mdv2008.1.i586.rpm
ff0295e9d76ee583ea0c0fb89b40ba6a 2008.1/i586/clamd-0.94-1.1mdv2008.1.i586.rpm
4cfb25dc61c3d00d16d443ac8d71c052 2008.1/i586/klamav-0.44-1.1mdv2008.1.i586.rpm
9abb23ad9e2ec08d6b6148061e7b3e24
2008.1/i586/libclamav5-0.94-1.1mdv2008.1.i586.rpm
20e9761482e5765c383342ddb643dfb9
2008.1/i586/libclamav-devel-0.94-1.1mdv2008.1.i586.rpm
23368e250d024f656f712f5a0b5bc3bc 2008.1/SRPMS/clamav-0.94-1.1mdv2008.1.src.rpm
51eb63fc4854a6c46825a39402147437 2008.1/SRPMS/klamav-0.44-1.1mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
d88cf6080b3a47b047eaf3e827be42b1
2008.1/x86_64/clamav-0.94-1.1mdv2008.1.x86_64.rpm
c321391a081c4984d8d1d4af58fbffbf
2008.1/x86_64/clamav-db-0.94-1.1mdv2008.1.x86_64.rpm
70de3af2a8328433a6f4d72f61a660f5
2008.1/x86_64/clamav-milter-0.94-1.1mdv2008.1.x86_64.rpm
4fe6e4e61ed33e410c42a4fdcb2777da
2008.1/x86_64/clamd-0.94-1.1mdv2008.1.x86_64.rpm
358502ecc7472c604ddf3866babed94c
2008.1/x86_64/klamav-0.44-1.1mdv2008.1.x86_64.rpm
1bb70d6027a0dcaafe8c912da2564c01
2008.1/x86_64/lib64clamav5-0.94-1.1mdv2008.1.x86_64.rpm
72a395c410a865baf22039dd818cfb5d
2008.1/x86_64/lib64clamav-devel-0.94-1.1mdv2008.1.x86_64.rpm
23368e250d024f656f712f5a0b5bc3bc 2008.1/SRPMS/clamav-0.94-1.1mdv2008.1.src.rpm
51eb63fc4854a6c46825a39402147437 2008.1/SRPMS/klamav-0.44-1.1mdv2008.1.src.rpm
Corporate 3.0:
e93f24829e71cbb4c6973212a4cb5c1d
corporate/3.0/i586/clamav-0.94-0.1.C30mdk.i586.rpm
01110930b9a011ec3c2b869fd530ca85
corporate/3.0/i586/clamav-db-0.94-0.1.C30mdk.i586.rpm
8b324ab6f153cd7759970419835c5ba1
corporate/3.0/i586/clamav-milter-0.94-0.1.C30mdk.i586.rpm
da5919de6d6af23a15f01d2c10395816
corporate/3.0/i586/clamd-0.94-0.1.C30mdk.i586.rpm
a4744ab31ab50dd4a6d59ef8e2210577
corporate/3.0/i586/libclamav5-0.94-0.1.C30mdk.i586.rpm
2006ba6b8290823b02845ccca756bda5
corporate/3.0/i586/libclamav-devel-0.94-0.1.C30mdk.i586.rpm
df19860c88af93ae2275e4b527bda574
corporate/3.0/SRPMS/clamav-0.94-0.1.C30mdk.src.rpm
Corporate 3.0/X86_64:
061e89b360cb74b9698f0b666b01343e
corporate/3.0/x86_64/clamav-0.94-0.1.C30mdk.x86_64.rpm
7ec8f85eb723e4b9bd2dca8d5795e126
corporate/3.0/x86_64/clamav-db-0.94-0.1.C30mdk.x86_64.rpm
f63a221901108574637658fed82f57cf
corporate/3.0/x86_64/clamav-milter-0.94-0.1.C30mdk.x86_64.rpm
c4c56997738d082e962e861a7405c210
corporate/3.0/x86_64/clamd-0.94-0.1.C30mdk.x86_64.rpm
c471da2ab426a2577f3888da6bf77df9
corporate/3.0/x86_64/lib64clamav5-0.94-0.1.C30mdk.x86_64.rpm
041c58953f77a64e20b9edeb1221c73c
corporate/3.0/x86_64/lib64clamav-devel-0.94-0.1.C30mdk.x86_64.rpm
df19860c88af93ae2275e4b527bda574
corporate/3.0/SRPMS/clamav-0.94-0.1.C30mdk.src.rpm
Corporate 4.0:
84f0a6d8c90804b06c8074cb9a7ab621
corporate/4.0/i586/c-icap-client-210205-5.4.20060mlcs4.i586.rpm
23afb1e453c7077a251b661d5dea808a
corporate/4.0/i586/c-icap-modules-210205-5.4.20060mlcs4.i586.rpm
a75af557cae299cd1f8a278edbc9d64d
corporate/4.0/i586/c-icap-server-210205-5.4.20060mlcs4.i586.rpm
a8edffaa0508064336ee47ea3b7d99be
corporate/4.0/i586/clamav-0.94-0.1.20060mlcs4.i586.rpm
30dc5ee939826f645dab35982c73573a
corporate/4.0/i586/clamav-db-0.94-0.1.20060mlcs4.i586.rpm
fd93ef196d826ef6f25cbc6a03b57a19
corporate/4.0/i586/clamav-milter-0.94-0.1.20060mlcs4.i586.rpm
6e47ad078994176a38981d4f74bd9287
corporate/4.0/i586/clamd-0.94-0.1.20060mlcs4.i586.rpm
d50fdc2cb0cf4164f285f5ef95765181
corporate/4.0/i586/libc-icap0-210205-5.4.20060mlcs4.i586.rpm
95c97459c5f13eba7abfc1c596c38b80
corporate/4.0/i586/libc-icap0-devel-210205-5.4.20060mlcs4.i586.rpm
1c99feb33772166e3df3b75c4df89e1c
corporate/4.0/i586/libclamav5-0.94-0.1.20060mlcs4.i586.rpm
dd88b657b21629ad8fe1c771342e33ef
corporate/4.0/i586/libclamav-devel-0.94-0.1.20060mlcs4.i586.rpm
b159933a3ce58f7b391a19ebdf75942b
corporate/4.0/i586/php-clamav-0.12a-8.4.20060mlcs4.i586.rpm
62d716a3300fb873d47434d641f4f7ad
corporate/4.0/SRPMS/c-icap-210205-5.4.20060mlcs4.src.rpm
dd77e56abc4257fb59763d82d3117298
corporate/4.0/SRPMS/clamav-0.94-0.1.20060mlcs4.src.rpm
bd5a8bd48df696c6418005569e4d1507
corporate/4.0/SRPMS/php-clamav-0.12a-8.4.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
6e8ff3ecc2727cb734bcf68180a3fb4c
corporate/4.0/x86_64/c-icap-client-210205-5.4.20060mlcs4.x86_64.rpm
f3d8f2f3bd1042d689270bf00ef3f252
corporate/4.0/x86_64/c-icap-modules-210205-5.4.20060mlcs4.x86_64.rpm
f5a52f8c00b6d80f69f93ec0fe87de26
corporate/4.0/x86_64/c-icap-server-210205-5.4.20060mlcs4.x86_64.rpm
276bb5c9a8aec3e352c355afa0481c72
corporate/4.0/x86_64/clamav-0.94-0.1.20060mlcs4.x86_64.rpm
f4f71f69e34638e62b1c04697dc05bac
corporate/4.0/x86_64/clamav-db-0.94-0.1.20060mlcs4.x86_64.rpm
6dc12eff63f75ea48f2451f59698fba1
corporate/4.0/x86_64/clamav-milter-0.94-0.1.20060mlcs4.x86_64.rpm
3cd934074f8d9154f7056e89ba431fde
corporate/4.0/x86_64/clamd-0.94-0.1.20060mlcs4.x86_64.rpm
4e5bd806c6d28ccf575041515c39b3bd
corporate/4.0/x86_64/lib64c-icap0-210205-5.4.20060mlcs4.x86_64.rpm
5f81b7013bc43fca8d9d3a3e9f7373c9
corporate/4.0/x86_64/lib64c-icap0-devel-210205-5.4.20060mlcs4.x86_64.rpm
fa45fbd491723c28d3a431d75d98391b
corporate/4.0/x86_64/lib64clamav5-0.94-0.1.20060mlcs4.x86_64.rpm
199b59888f0db12c05a669d0d9f12688
corporate/4.0/x86_64/lib64clamav-devel-0.94-0.1.20060mlcs4.x86_64.rpm
dc9a2900fa35e6eed3b65fead293b161
corporate/4.0/x86_64/php-clamav-0.12a-8.4.20060mlcs4.x86_64.rpm
62d716a3300fb873d47434d641f4f7ad
corporate/4.0/SRPMS/c-icap-210205-5.4.20060mlcs4.src.rpm
dd77e56abc4257fb59763d82d3117298
corporate/4.0/SRPMS/clamav-0.94-0.1.20060mlcs4.src.rpm
bd5a8bd48df696c6418005569e4d1507
corporate/4.0/SRPMS/php-clamav-0.12a-8.4.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFIxyZYmqjQ0CJFipgRAjkUAJ4qLTbQKMwCijUO8yt3hZeKPIZxsQCfQuKL
s8pgnFPooN4iKraqvbGh3cA=
=TNvu
-----END PGP SIGNATURE-----