MDKSA-2005:125 - Updated clamav packages fix more vulnerabilities

From: Mandriva Security Team (security_at_mandriva.com)
Date: 07/28/05

  • Next message: Sune Kloppenborg Jeppesen: "[ GLSA 200507-27 ] Ethereal: Multiple vulnerabilities" 
    To: bugtraq@securityfocus.com
Date: Wed, 27 Jul 2005 18:31:38 -0600

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

     _______________________________________________________________________

                    Mandriva Linux Security Update Advisory
     _______________________________________________________________________

     Package name: clamav
     Advisory ID: MDKSA-2005:125
     Date: July 27th, 2005

     Affected versions: 10.1, 10.2, Corporate 3.0
     ______________________________________________________________________

     Problem Description:

     Neel Mehta and Alex Wheeler discovered integer overflow vulnerabilites
     in Clam AntiVirus when handling the TNEF, CHM, and FSG file formats.
     By sending a specially-crafted file, an attacker could execute
     arbitrary code with the permissions of the user running Clam AV.
     
     This update provides clamav 0.86.2 which is not vulnerable to these
     issues.
     _______________________________________________________________________

     References:

      http://sourceforge.net/project/shownotes.php?release_id=344514
     ______________________________________________________________________

     Updated Packages:
      
     Mandrakelinux 10.1:
     3aff45c0ae423b192f01753464b6cfbc 10.1/RPMS/clamav-0.86.2-0.1.101mdk.i586.rpm
     0d299b50297ac175acdb7531f84f55ab 10.1/RPMS/clamav-db-0.86.2-0.1.101mdk.i586.rpm
     dffea206daadeab2d90a8b68ca4f7fea 10.1/RPMS/clamav-milter-0.86.2-0.1.101mdk.i586.rpm
     f3f09c0d2d575b3156cf323ffbbb94db 10.1/RPMS/clamd-0.86.2-0.1.101mdk.i586.rpm
     d1b9984b610cce82fcab6d9c4c5a97ca 10.1/RPMS/libclamav1-0.86.2-0.1.101mdk.i586.rpm
     46b3844d26743b67e9496052933d705f 10.1/RPMS/libclamav1-devel-0.86.2-0.1.101mdk.i586.rpm
     c42e349d54742b783c3003557e3c30cb 10.1/SRPMS/clamav-0.86.2-0.1.101mdk.src.rpm

     Mandrakelinux 10.1/X86_64:
     a423b14654e6942ab17739990dcfae6e x86_64/10.1/RPMS/clamav-0.86.2-0.1.101mdk.x86_64.rpm
     aa1b3a15c662321fe2991e1aeeaae68a x86_64/10.1/RPMS/clamav-db-0.86.2-0.1.101mdk.x86_64.rpm
     01b1199b3ba12d6feaa5ff1d921fe0e7 x86_64/10.1/RPMS/clamav-milter-0.86.2-0.1.101mdk.x86_64.rpm
     60a72c063eab410c282e8ee9d0a362fe x86_64/10.1/RPMS/clamd-0.86.2-0.1.101mdk.x86_64.rpm
     02acc55a71e3af52323b8aa340f5521f x86_64/10.1/RPMS/lib64clamav1-0.86.2-0.1.101mdk.x86_64.rpm
     9f24abc7804efab4b00799745983e3f1 x86_64/10.1/RPMS/lib64clamav1-devel-0.86.2-0.1.101mdk.x86_64.rpm
     c42e349d54742b783c3003557e3c30cb x86_64/10.1/SRPMS/clamav-0.86.2-0.1.101mdk.src.rpm

     Mandrakelinux 10.2:
     5547710e07946868106e106ef69db7be 10.2/RPMS/clamav-0.86.2-0.1.102mdk.i586.rpm
     5ef48f506ceeae734d446482cc301474 10.2/RPMS/clamav-db-0.86.2-0.1.102mdk.i586.rpm
     4f64fcc53200e73828959577eafe7035 10.2/RPMS/clamav-milter-0.86.2-0.1.102mdk.i586.rpm
     6a7a2f0e4d02ea303617351af05a5770 10.2/RPMS/clamd-0.86.2-0.1.102mdk.i586.rpm
     956ecafdf4be2be4da8e9f2f0ea7d9c3 10.2/RPMS/libclamav1-0.86.2-0.1.102mdk.i586.rpm
     b51aec4894ad6d5a950188bc5ec7a8c3 10.2/RPMS/libclamav1-devel-0.86.2-0.1.102mdk.i586.rpm
     be8dccab0884da69dd52c62abbab35fd 10.2/SRPMS/clamav-0.86.2-0.1.102mdk.src.rpm

     Mandrakelinux 10.2/X86_64:
     7b22b558e2e0e48cb3f8e137c74982b8 x86_64/10.2/RPMS/clamav-0.86.2-0.1.102mdk.x86_64.rpm
     3e0f6b63b114ffeb10b5f2ac2e5be66f x86_64/10.2/RPMS/clamav-db-0.86.2-0.1.102mdk.x86_64.rpm
     4a68fe06f2c665135d979a2d385079ab x86_64/10.2/RPMS/clamav-milter-0.86.2-0.1.102mdk.x86_64.rpm
     1b580f573bf00a934c7a7702815776e8 x86_64/10.2/RPMS/clamd-0.86.2-0.1.102mdk.x86_64.rpm
     6a30cc951870872319cd85ae597859f1 x86_64/10.2/RPMS/lib64clamav1-0.86.2-0.1.102mdk.x86_64.rpm
     7ecb12fa41abe3154ab70bdeb19e07c2 x86_64/10.2/RPMS/lib64clamav1-devel-0.86.2-0.1.102mdk.x86_64.rpm
     be8dccab0884da69dd52c62abbab35fd x86_64/10.2/SRPMS/clamav-0.86.2-0.1.102mdk.src.rpm

     Corporate 3.0:
     6f0a3bb18f7d61a16417a98fa69cdacb corporate/3.0/RPMS/clamav-0.86.2-0.1.C30mdk.i586.rpm
     69588b59e762b1d03ac5a3cf9dbfa8b0 corporate/3.0/RPMS/clamav-db-0.86.2-0.1.C30mdk.i586.rpm
     1eafaa2b6137d98c8cf194f2f58bc3d0 corporate/3.0/RPMS/clamav-milter-0.86.2-0.1.C30mdk.i586.rpm
     3a267af54b0eeabd001c3451986ed15c corporate/3.0/RPMS/clamd-0.86.2-0.1.C30mdk.i586.rpm
     1f76c41366fc33e3af89dd78accb1274 corporate/3.0/RPMS/libclamav1-0.86.2-0.1.C30mdk.i586.rpm
     4bde87b4bcbf9d10930ad0e2eaba4098 corporate/3.0/RPMS/libclamav1-devel-0.86.2-0.1.C30mdk.i586.rpm
     55acc738815c806b4432771588499a8e corporate/3.0/SRPMS/clamav-0.86.2-0.1.C30mdk.src.rpm

     Corporate 3.0/X86_64:
     a22408fe6beb9b8bda8ff23afe644192 x86_64/corporate/3.0/RPMS/clamav-0.86.2-0.1.C30mdk.x86_64.rpm
     8b4166f392d03770be85d515ed3ba380 x86_64/corporate/3.0/RPMS/clamav-db-0.86.2-0.1.C30mdk.x86_64.rpm
     2521821041564175cea3baf9f7b87694 x86_64/corporate/3.0/RPMS/clamav-milter-0.86.2-0.1.C30mdk.x86_64.rpm
     fd479aa012e2fd92b18cdf57adaba9e6 x86_64/corporate/3.0/RPMS/clamd-0.86.2-0.1.C30mdk.x86_64.rpm
     4bdf0fa5cb4e8cb179038fd35340ca14 x86_64/corporate/3.0/RPMS/lib64clamav1-0.86.2-0.1.C30mdk.x86_64.rpm
     d7141c38c4c01ce2fd9c7a7f361bca72 x86_64/corporate/3.0/RPMS/lib64clamav1-devel-0.86.2-0.1.C30mdk.x86_64.rpm
     55acc738815c806b4432771588499a8e x86_64/corporate/3.0/SRPMS/clamav-0.86.2-0.1.C30mdk.src.rpm
     _______________________________________________________________________

     To upgrade automatically use MandrakeUpdate or urpmi. The verification
     of md5 checksums and GPG signatures is performed automatically for you.

     All packages are signed by Mandriva for security. You can obtain the
     GPG public key of the Mandriva Security Team by executing:

      gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

     You can view other update advisories for Mandriva Linux at:

      http://www.mandriva.com/security/advisories

     If you want to report vulnerabilities, please contact

      security_(at)_mandriva.com
     _______________________________________________________________________

     Type Bits/KeyID Date User ID
     pub 1024D/22458A98 2000-07-10 Mandriva Security Team
      <security*mandriva.com>

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.4 (GNU/Linux)

    iD8DBQFC6CdqmqjQ0CJFipgRAtdvAKDjWIZoDFM7vgBBirtrKzZ5gtav+QCgrhDY
    0XoqT2+UgWbVLQ3tVwSKS8U=
    =9Qeu
    -----END PGP SIGNATURE-----

  • Next message: Sune Kloppenborg Jeppesen: "[ GLSA 200507-27 ] Ethereal: Multiple vulnerabilities"