[ MDKSA-2006:230 ] - Updated clamav packages fix vulnerability




-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:230
http://www.mandriva.com/security/
_______________________________________________________________________

Package : clamav
Date : December 13, 2006
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________

Problem Description:

The latest version of ClamAV, 0.88.7, fixes some bugs, including
vulnerabilities with handling base64-encoded MIME attachment files that
can lead to either a) a crash (CVE-2006-5874), or b) a bypass of virus
detection (CVE-2006-6406).

As well, a vulnerability was discovered that allows remote attackers to
cause a stack overflow and application crash by wrapping many layers of
multipart/mixed content around a document (CVE-2006-6481).

The latest ClamAV is being provided to address these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5874
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6406
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6481
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2006.0:
b62b980e893f31cb4a1868bf654111b1 2006.0/i586/clamav-0.88.7-0.1.20060mdk.i586.rpm
45224507b6eb7548d77d350e49b779bf 2006.0/i586/clamav-db-0.88.7-0.1.20060mdk.i586.rpm
2839e6db4e043c8c5f30242073fd463a 2006.0/i586/clamav-milter-0.88.7-0.1.20060mdk.i586.rpm
1efab3d20fc9a3ee591bca6cd911f432 2006.0/i586/clamd-0.88.7-0.1.20060mdk.i586.rpm
a02b321e3540dc8746568ceb89978d8a 2006.0/i586/libclamav1-0.88.7-0.1.20060mdk.i586.rpm
a2a63b58aa4799427b10b2ef3df0312a 2006.0/i586/libclamav1-devel-0.88.7-0.1.20060mdk.i586.rpm
d0eec42b243ddf7adf64cf64d1220381 2006.0/SRPMS/clamav-0.88.7-0.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
c82c856996f6916e538ad1d8108f32ff 2006.0/x86_64/clamav-0.88.7-0.1.20060mdk.x86_64.rpm
c14d9d0ff168241afaed73f5835b1e76 2006.0/x86_64/clamav-db-0.88.7-0.1.20060mdk.x86_64.rpm
501ae197ee84e3a9b791bab78e27d744 2006.0/x86_64/clamav-milter-0.88.7-0.1.20060mdk.x86_64.rpm
795e8d155a0b93f3854c2a454f265cbd 2006.0/x86_64/clamd-0.88.7-0.1.20060mdk.x86_64.rpm
94d70db54cb3129082c5c30d294368d9 2006.0/x86_64/lib64clamav1-0.88.7-0.1.20060mdk.x86_64.rpm
d130298465adc84967cc4b2f00b7e3ba 2006.0/x86_64/lib64clamav1-devel-0.88.7-0.1.20060mdk.x86_64.rpm
d0eec42b243ddf7adf64cf64d1220381 2006.0/SRPMS/clamav-0.88.7-0.1.20060mdk.src.rpm

Mandriva Linux 2007.0:
96ed9d67bba561245f73cc69596c4d47 2007.0/i586/clamav-0.88.7-1.1mdv2007.0.i586.rpm
3b0d3b89b0507b6a8c65b675a0fbb67b 2007.0/i586/clamav-db-0.88.7-1.1mdv2007.0.i586.rpm
31a67792b8319f86c1a48d82c78c06a0 2007.0/i586/clamav-milter-0.88.7-1.1mdv2007.0.i586.rpm
3277aa7171b3e4d05d03d7ee7d1c0ed4 2007.0/i586/clamd-0.88.7-1.1mdv2007.0.i586.rpm
c25960475a4606bbd910a0200e4cf53f 2007.0/i586/libclamav1-0.88.7-1.1mdv2007.0.i586.rpm
265ac03db8213dd9bfca2723b300a763 2007.0/i586/libclamav1-devel-0.88.7-1.1mdv2007.0.i586.rpm
6a4400d492a1a960b8d92f00552d7d18 2007.0/SRPMS/clamav-0.88.7-1.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
88d6558eaedc651f5997a25a303079a5 2007.0/x86_64/clamav-0.88.7-1.1mdv2007.0.x86_64.rpm
78e4cd526a8622b6e12f84fa4ae3d6d0 2007.0/x86_64/clamav-db-0.88.7-1.1mdv2007.0.x86_64.rpm
61e1966f5630a939136957d82acbb4c6 2007.0/x86_64/clamav-milter-0.88.7-1.1mdv2007.0.x86_64.rpm
9d19aefac34f54e499c36733eca73111 2007.0/x86_64/clamd-0.88.7-1.1mdv2007.0.x86_64.rpm
bdf0b48ad7b2afb5aa17b57f42482cf8 2007.0/x86_64/lib64clamav1-0.88.7-1.1mdv2007.0.x86_64.rpm
2cd6d0d8d721cf027d0e2bcaebc34cbc 2007.0/x86_64/lib64clamav1-devel-0.88.7-1.1mdv2007.0.x86_64.rpm
6a4400d492a1a960b8d92f00552d7d18 2007.0/SRPMS/clamav-0.88.7-1.1mdv2007.0.src.rpm

Corporate 3.0:
feaa3bc3bf4a008ebe28be198d00fdf3 corporate/3.0/i586/clamav-0.88.7-0.1.C30mdk.i586.rpm
07d17cdbf4f6037211a6ccd8fa19dacb corporate/3.0/i586/clamav-db-0.88.7-0.1.C30mdk.i586.rpm
86d5d1ba6a021918dfec382d363f1b6c corporate/3.0/i586/clamav-milter-0.88.7-0.1.C30mdk.i586.rpm
cd6b3538836b38a4280bc87b8973622f corporate/3.0/i586/clamd-0.88.7-0.1.C30mdk.i586.rpm
9267bc8bfe596439de8886223bad26e9 corporate/3.0/i586/libclamav1-0.88.7-0.1.C30mdk.i586.rpm
4682ad4e008c5ce93429034abe40d5d6 corporate/3.0/i586/libclamav1-devel-0.88.7-0.1.C30mdk.i586.rpm
98f8117362b50ca3e775894d45a5fcfb corporate/3.0/SRPMS/clamav-0.88.7-0.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
cfa59847b3868d67dac9c61ce07a310d corporate/3.0/x86_64/clamav-0.88.7-0.1.C30mdk.x86_64.rpm
53d4c93840bb02b1092b2a8122e555e5 corporate/3.0/x86_64/clamav-db-0.88.7-0.1.C30mdk.x86_64.rpm
893ef35e464ef5e9b1f7bad7ce1b1842 corporate/3.0/x86_64/clamav-milter-0.88.7-0.1.C30mdk.x86_64.rpm
dfa01a642a5b00c298a6bd85a82d7a5d corporate/3.0/x86_64/clamd-0.88.7-0.1.C30mdk.x86_64.rpm
0ee7a5c70a4f3d2e01e19a3abda229fb corporate/3.0/x86_64/lib64clamav1-0.88.7-0.1.C30mdk.x86_64.rpm
7007fdd4b7c038c85947cda87c5262d3 corporate/3.0/x86_64/lib64clamav1-devel-0.88.7-0.1.C30mdk.x86_64.rpm
98f8117362b50ca3e775894d45a5fcfb corporate/3.0/SRPMS/clamav-0.88.7-0.1.C30mdk.src.rpm

Corporate 4.0:
1fc7dc3770ca0a6aa16c6213d5d19fcc corporate/4.0/i586/clamav-0.88.7-0.1.20060mlcs4.i586.rpm
aa5259c487956b9de144fe12710f3f1c corporate/4.0/i586/clamav-db-0.88.7-0.1.20060mlcs4.i586.rpm
15fca428565d2dd9f2c169359826a95a corporate/4.0/i586/clamav-milter-0.88.7-0.1.20060mlcs4.i586.rpm
6a2ad1ede1e2d686c6d894e8c8b1e441 corporate/4.0/i586/clamd-0.88.7-0.1.20060mlcs4.i586.rpm
87a1ad35fa480c91a769351bb9571698 corporate/4.0/i586/libclamav1-0.88.7-0.1.20060mlcs4.i586.rpm
1c3f598674665c6c399e7799103dc4b7 corporate/4.0/i586/libclamav1-devel-0.88.7-0.1.20060mlcs4.i586.rpm
bbbd149e943f327577eba98d7c5dce0a corporate/4.0/SRPMS/clamav-0.88.7-0.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
5941452de407b4f4d0e5631d57cea1b8 corporate/4.0/x86_64/clamav-0.88.7-0.1.20060mlcs4.x86_64.rpm
86dca13c238afc9ccb7683542ad12b44 corporate/4.0/x86_64/clamav-db-0.88.7-0.1.20060mlcs4.x86_64.rpm
249703cc4d464ef85067b4659d0e6757 corporate/4.0/x86_64/clamav-milter-0.88.7-0.1.20060mlcs4.x86_64.rpm
bf8037a275cf6e28a1a1227b5a9e5777 corporate/4.0/x86_64/clamd-0.88.7-0.1.20060mlcs4.x86_64.rpm
7b507bda94614b3f4547415df052af0f corporate/4.0/x86_64/lib64clamav1-0.88.7-0.1.20060mlcs4.x86_64.rpm
2778dd446bbd8b0e7f8e756bd8d8634f corporate/4.0/x86_64/lib64clamav1-devel-0.88.7-0.1.20060mlcs4.x86_64.rpm
bbbd149e943f327577eba98d7c5dce0a corporate/4.0/SRPMS/clamav-0.88.7-0.1.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFgKmimqjQ0CJFipgRAo1UAKD1yGF4pBsvp0qCiA8d6+Y1fOqnRQCeLXip
wqTUVda/tbDQwDjyJK5R76c=
=onOo
-----END PGP SIGNATURE-----



Relevant Pages

  • [Full-disclosure] [ MDVSA-2008:189 ] clamav
    ... Package: clamav ... Multiple vulnerabilities were discovered in ClamAV and corrected with ... Updated Packages: ... Mandriva Linux 2007.1/X86_64: ...
    (Full-Disclosure)
  • [ MDVSA-2008:189 ] clamav
    ... Package: clamav ... Multiple vulnerabilities were discovered in ClamAV and corrected with ... Updated Packages: ... Mandriva Linux 2007.1/X86_64: ...
    (Bugtraq)
  • [Full-disclosure] [ MDVSA-2011:027 ] openoffice.org
    ... Multiple directory traversal vulnerabilities allow remote attackers ... OpenOffice.org packages have been updated in order to fix these ... Mandriva Linux 2009.0/X86_64: ...
    (Full-Disclosure)
  • [ MDVSA-2011:027 ] openoffice.org
    ... Multiple directory traversal vulnerabilities allow remote attackers ... OpenOffice.org packages have been updated in order to fix these ... Mandriva Linux 2009.0/X86_64: ...
    (Bugtraq)
  • [Full-disclosure] [ MDVSA-2011:031 ] python-django
    ... Multiple vulnerabilities has been found and corrected in python-django: ... and 1.2.x before 1.2.5 might allow remote attackers to inject ... Updated Packages: ... Mandriva Linux 2010.0/X86_64: ...
    (Full-Disclosure)