[ MDVSA-2008:239 ] clamav
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2008:239
http://www.mandriva.com/security/
_______________________________________________________________________
Package : clamav
Date : December 5, 2008
Affected: 2008.0, 2008.1, 2009.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
Ilja van Sprundel found that ClamAV contained a denial of service
vulnerability in how it handled processing JPEG files, due to it
not limiting the recursion depth when processing JPEG thumbnails
(CVE-2008-5314).
Other bugs have also been corrected in 0.94.2 which is being provided
with this update.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5314
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
76beab75d863d50bba121d855c9b438b
2008.0/i586/clamav-0.94.2-1.1mdv2008.0.i586.rpm
4fd30d06eaae9dd3485d1029b785b5d1
2008.0/i586/clamav-db-0.94.2-1.1mdv2008.0.i586.rpm
3293ae92542961c7aff1270321e42c64
2008.0/i586/clamd-0.94.2-1.1mdv2008.0.i586.rpm
edf97df009a6670637d9259e93e8fa4d
2008.0/i586/libclamav5-0.94.2-1.1mdv2008.0.i586.rpm
a6c8e64a377e3cffe859fa1b9c369ccf
2008.0/i586/libclamav-devel-0.94.2-1.1mdv2008.0.i586.rpm
ad2a6c0a833e798109f7dafefe845c6b
2008.0/SRPMS/clamav-0.94.2-1.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
9be0855b803f6772371c94e613e609cc
2008.0/x86_64/clamav-0.94.2-1.1mdv2008.0.x86_64.rpm
d61d7b9cdc5418209da894c1d557dc2f
2008.0/x86_64/clamav-db-0.94.2-1.1mdv2008.0.x86_64.rpm
51fd1abb8528865ff3930dfbc497293f
2008.0/x86_64/clamd-0.94.2-1.1mdv2008.0.x86_64.rpm
024a6a575ca469dc3f3044e50ff82611
2008.0/x86_64/lib64clamav5-0.94.2-1.1mdv2008.0.x86_64.rpm
986d1b076adf3bed18a37fb7ffbb938b
2008.0/x86_64/lib64clamav-devel-0.94.2-1.1mdv2008.0.x86_64.rpm
ad2a6c0a833e798109f7dafefe845c6b
2008.0/SRPMS/clamav-0.94.2-1.1mdv2008.0.src.rpm
Mandriva Linux 2008.1:
cc37662a9b26623fbacdd49f6bd552f1
2008.1/i586/clamav-0.94.2-1.1mdv2008.1.i586.rpm
447c0735aa918d5c8ba9dc603a830e84
2008.1/i586/clamav-db-0.94.2-1.1mdv2008.1.i586.rpm
612c1311f2ec78ea72a821fcb5f69e9e
2008.1/i586/clamd-0.94.2-1.1mdv2008.1.i586.rpm
d1cda95e0b38da35f601a21adf8a83ea
2008.1/i586/libclamav5-0.94.2-1.1mdv2008.1.i586.rpm
e6debecc5127af9c9b6a1ce1b6856a14
2008.1/i586/libclamav-devel-0.94.2-1.1mdv2008.1.i586.rpm
4a85173474e49d304c0055cc4f9a50ee
2008.1/SRPMS/clamav-0.94.2-1.1mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
666d401ee9a3e5386c39dae18b706736
2008.1/x86_64/clamav-0.94.2-1.1mdv2008.1.x86_64.rpm
f1e7e07f56c9ffa8671adc066ecd88d9
2008.1/x86_64/clamav-db-0.94.2-1.1mdv2008.1.x86_64.rpm
68831cc7365c47c630df5edb1838206d
2008.1/x86_64/clamd-0.94.2-1.1mdv2008.1.x86_64.rpm
23a274e8c5f558ae53a306bd00fee12e
2008.1/x86_64/lib64clamav5-0.94.2-1.1mdv2008.1.x86_64.rpm
79196d7b4f6c0e7df71d2d6430be21ab
2008.1/x86_64/lib64clamav-devel-0.94.2-1.1mdv2008.1.x86_64.rpm
4a85173474e49d304c0055cc4f9a50ee
2008.1/SRPMS/clamav-0.94.2-1.1mdv2008.1.src.rpm
Mandriva Linux 2009.0:
e3bb00e5435ee0bc4e3ba34377cee784
2009.0/i586/clamav-0.94.2-1.1mdv2009.0.i586.rpm
a2cd7d757a336f34058a55098dc600e8
2009.0/i586/clamav-db-0.94.2-1.1mdv2009.0.i586.rpm
6904d7d8f7a35d2a65a4cfe40ef48bfa
2009.0/i586/clamd-0.94.2-1.1mdv2009.0.i586.rpm
36c1e37a32f65cb96d24fd8b0db5f7e5
2009.0/i586/libclamav5-0.94.2-1.1mdv2009.0.i586.rpm
f4f89d2acb7237ba6135ba54dccacaf9
2009.0/i586/libclamav-devel-0.94.2-1.1mdv2009.0.i586.rpm
d9954bb8eac45821b9f13e655fb7839e
2009.0/SRPMS/clamav-0.94.2-1.1mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
2355d0d75b0199682e71657db724e295
2009.0/x86_64/clamav-0.94.2-1.1mdv2009.0.x86_64.rpm
3432b677b2a72802432cc96d92014f5b
2009.0/x86_64/clamav-db-0.94.2-1.1mdv2009.0.x86_64.rpm
7bebc82ca05fecdc1768892dbd812c17
2009.0/x86_64/clamd-0.94.2-1.1mdv2009.0.x86_64.rpm
ba9fdd676bb4ce545072a14e8e96f86c
2009.0/x86_64/lib64clamav5-0.94.2-1.1mdv2009.0.x86_64.rpm
6e1c88a5a086126ea6df74fa0642e45f
2009.0/x86_64/lib64clamav-devel-0.94.2-1.1mdv2009.0.x86_64.rpm
d9954bb8eac45821b9f13e655fb7839e
2009.0/SRPMS/clamav-0.94.2-1.1mdv2009.0.src.rpm
Corporate 3.0:
0de774b0b919eaf9269bff1f9dbcc502
corporate/3.0/i586/clamav-0.94.2-0.1.C30mdk.i586.rpm
79b305aa810908fa3e30b32a9ddc0a9a
corporate/3.0/i586/clamav-db-0.94.2-0.1.C30mdk.i586.rpm
bcb7357561fb229201fa415dbbe1ba10
corporate/3.0/i586/clamd-0.94.2-0.1.C30mdk.i586.rpm
a889cd1fa54443ed7f84b03a599b5dd7
corporate/3.0/i586/libclamav5-0.94.2-0.1.C30mdk.i586.rpm
04895e0ca3f5f112562b3352bdd4e522
corporate/3.0/i586/libclamav-devel-0.94.2-0.1.C30mdk.i586.rpm
a307df060dcaa0c7d93c7cbd9f58e842
corporate/3.0/SRPMS/clamav-0.94.2-0.1.C30mdk.src.rpm
Corporate 3.0/X86_64:
a56708d3e7bf8c6111a1f1b4b44d2571
corporate/3.0/x86_64/clamav-0.94.2-0.1.C30mdk.x86_64.rpm
095bd1aa2b2295d555ca13c36f5778b4
corporate/3.0/x86_64/clamav-db-0.94.2-0.1.C30mdk.x86_64.rpm
0c80591bfdccc63fe3818583b5fcb829
corporate/3.0/x86_64/clamd-0.94.2-0.1.C30mdk.x86_64.rpm
1311da34900cd15ce38c14ff16b2c0dc
corporate/3.0/x86_64/lib64clamav5-0.94.2-0.1.C30mdk.x86_64.rpm
fe66fd2f698a27b014b1c68e2bd019d8
corporate/3.0/x86_64/lib64clamav-devel-0.94.2-0.1.C30mdk.x86_64.rpm
a307df060dcaa0c7d93c7cbd9f58e842
corporate/3.0/SRPMS/clamav-0.94.2-0.1.C30mdk.src.rpm
Corporate 4.0:
392911d388217b1d55cf31a7bb2586ab
corporate/4.0/i586/clamav-0.94.2-0.1.20060mlcs4.i586.rpm
77d8232d30d440220faf79d979fae533
corporate/4.0/i586/clamav-db-0.94.2-0.1.20060mlcs4.i586.rpm
866326eaf820b549877f2c3126cdf2ba
corporate/4.0/i586/clamd-0.94.2-0.1.20060mlcs4.i586.rpm
f2ba2c12b43ec1979424cddf8bb6c475
corporate/4.0/i586/libclamav5-0.94.2-0.1.20060mlcs4.i586.rpm
6557632e03d2a4863326b49404dbdcd7
corporate/4.0/i586/libclamav-devel-0.94.2-0.1.20060mlcs4.i586.rpm
54d43f922df6e0ece09ec3c3ece7364a
corporate/4.0/SRPMS/clamav-0.94.2-0.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
72f5f30c460683914b27d257e2125688
corporate/4.0/x86_64/clamav-0.94.2-0.1.20060mlcs4.x86_64.rpm
169f086d64243420757efd885c931a99
corporate/4.0/x86_64/clamav-db-0.94.2-0.1.20060mlcs4.x86_64.rpm
cd2ac76205e5a866a0083a8aa741a052
corporate/4.0/x86_64/clamd-0.94.2-0.1.20060mlcs4.x86_64.rpm
5b2ec74d5d3b07f0546d7e4c76072bb4
corporate/4.0/x86_64/lib64clamav5-0.94.2-0.1.20060mlcs4.x86_64.rpm
c506b06df4cb84b77d626525d5c05025
corporate/4.0/x86_64/lib64clamav-devel-0.94.2-0.1.20060mlcs4.x86_64.rpm
54d43f922df6e0ece09ec3c3ece7364a
corporate/4.0/SRPMS/clamav-0.94.2-0.1.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJObfTmqjQ0CJFipgRAtM0AKCJYtlHyOIaSKU/vTnqy6euklannwCg4o9r
kxD6kNYfUfrH+9OQcCbhks0=
=HAZR
-----END PGP SIGNATURE-----