bugtraq June 2008 archive
Main Archive Page > Month Archives  > bugtraq archives
bugtraq: [ MDVSA-2008:122 ] - Updated clamav packages fix vulner

[ MDVSA-2008:122 ] - Updated clamav packages fix vulnerability

From: <security_at_nospam>
Date: Tue Jun 24 2008 - 19:17:01 GMT
To: bugtraq@securityfocus.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


  Mandriva Linux Security Advisory MDVSA-2008:122  http://www.mandriva.com/security/
  Package : clamav Date : June 24, 2008 Affected: 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0
_______________________________________________________________________

 Problem Description:  

 A vulnerability was discovered in ClamAV and corrected with the  0.93.1 release:  

 libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers  to cause a denial of service via a crafted Petite file that triggers  an out-of-bounds read. (CVE-2008-2713)  

 Other bugs have also been corrected in 0.93.1 which is being provided  with this update.


 References:  

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2713


 

 Updated Packages:  

 Mandriva Linux 2007.1: d6e6d5fd080ce50027ef69af38f44a50 2007.1/i586/clamav-0.93.1-1.1mdv2007.1.i586.rpm 91e412d5f2b30b49fddb09104ddf6bad 2007.1/i586/clamav-db-0.93.1-1.1mdv2007.1.i586.rpm c396b6cced87ba57938da86a79e63469 2007.1/i586/clamav-milter-0.93.1-1.1mdv2007.1.i586.rpm d79020b041aa6a7956348c799f0e0f8b 2007.1/i586/clamd-0.93.1-1.1mdv2007.1.i586.rpm b4c74f702d97e569c4ac3350b5216246 2007.1/i586/libclamav4-0.93.1-1.1mdv2007.1.i586.rpm 9481877bd226e02ea263df47535d685f 2007.1/i586/libclamav-devel-0.93.1-1.1mdv2007.1.i586.rpm bfeb68ce738cc1c44c89e2e84774a7f6 2007.1/SRPMS/clamav-0.93.1-1.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64: dc70398b743d54094b2c9307686de01d 2007.1/x86_64/clamav-0.93.1-1.1mdv2007.1.x86_64.rpm 5860690f58edb1c7f0a78a46fbb881ed 2007.1/x86_64/clamav-db-0.93.1-1.1mdv2007.1.x86_64.rpm a23d6ad5a58dab98d12c93e95d1fdfe9 2007.1/x86_64/clamav-milter-0.93.1-1.1mdv2007.1.x86_64.rpm e3be58ba2ce45b05274471a177ef2c6b 2007.1/x86_64/clamd-0.93.1-1.1mdv2007.1.x86_64.rpm 0f747e4fe79afc573c739cfc4fba3604 2007.1/x86_64/lib64clamav4-0.93.1-1.1mdv2007.1.x86_64.rpm d7e202d2f083f1a7672380486eddb63f 2007.1/x86_64/lib64clamav-devel-0.93.1-1.1mdv2007.1.x86_64.rpm bfeb68ce738cc1c44c89e2e84774a7f6 2007.1/SRPMS/clamav-0.93.1-1.1mdv2007.1.src.rpm

 Mandriva Linux 2008.0: 58ebbfd98e8a588581fe00ecb872fc27 2008.0/i586/clamav-0.93.1-1.1mdv2008.0.i586.rpm 33b0fdde3505f6a3e64790ae8d49c131 2008.0/i586/clamav-db-0.93.1-1.1mdv2008.0.i586.rpm 318c705eadeb8d0ae72fb997b1b652d9 2008.0/i586/clamav-milter-0.93.1-1.1mdv2008.0.i586.rpm a5bcba636bc5a0abb93a6bb62f9666dc 2008.0/i586/clamd-0.93.1-1.1mdv2008.0.i586.rpm 36fe2a64f4dd63b6787587cee1d2f6d7 2008.0/i586/libclamav4-0.93.1-1.1mdv2008.0.i586.rpm 64e7f239d476d967e744ec98e8bbaaaf 2008.0/i586/libclamav-devel-0.93.1-1.1mdv2008.0.i586.rpm 31794216eeb43c8acde7f66c3c90a407 2008.0/SRPMS/clamav-0.93.1-1.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64: 841b6933ced6c1bcb4d8df1fe09d9e30 2008.0/x86_64/clamav-0.93.1-1.1mdv2008.0.x86_64.rpm 773e720c69159676e8187f132c447a51 2008.0/x86_64/clamav-db-0.93.1-1.1mdv2008.0.x86_64.rpm 1473b1bd46f2d266b9b426cc08c3bd11 2008.0/x86_64/clamav-milter-0.93.1-1.1mdv2008.0.x86_64.rpm 67665907f1716da0c3d4e31728d2a26d 2008.0/x86_64/clamd-0.93.1-1.1mdv2008.0.x86_64.rpm 5706994b50ed7b5703b1b455b91d1ee1 2008.0/x86_64/lib64clamav4-0.93.1-1.1mdv2008.0.x86_64.rpm cfa7bd1e44c43ecdece379b08baa42d5 2008.0/x86_64/lib64clamav-devel-0.93.1-1.1mdv2008.0.x86_64.rpm 31794216eeb43c8acde7f66c3c90a407 2008.0/SRPMS/clamav-0.93.1-1.1mdv2008.0.src.rpm

 Mandriva Linux 2008.1: bfb1edc3b761c6d630fb1e4bc5a21684 2008.1/i586/clamav-0.93.1-1.1mdv2008.1.i586.rpm 0b2bde219f099d8ee612b6ba3578b729 2008.1/i586/clamav-db-0.93.1-1.1mdv2008.1.i586.rpm c7a28b464db932b55ee6ea2b37ffa801 2008.1/i586/clamav-milter-0.93.1-1.1mdv2008.1.i586.rpm f5516462a89259bb2720872cbff8a773 2008.1/i586/clamd-0.93.1-1.1mdv2008.1.i586.rpm 4075f7b927cc5a2782170fa189d4061c 2008.1/i586/libclamav4-0.93.1-1.1mdv2008.1.i586.rpm b2cac58aa4c6fa30f51f253a1d76d73c 2008.1/i586/libclamav-devel-0.93.1-1.1mdv2008.1.i586.rpm bbcef70312d273a5d64396f547a1b267 2008.1/SRPMS/clamav-0.93.1-1.1mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64: 25954d96b34972f1eff9f8d5d6131070 2008.1/x86_64/clamav-0.93.1-1.1mdv2008.1.x86_64.rpm 7f80d7579e298971e218a2b7c55fadd1 2008.1/x86_64/clamav-db-0.93.1-1.1mdv2008.1.x86_64.rpm d7b71a1ac5d4776175f54085843e86ff 2008.1/x86_64/clamav-milter-0.93.1-1.1mdv2008.1.x86_64.rpm 417cc63a86c768f3746c61c6ac2ec756 2008.1/x86_64/clamd-0.93.1-1.1mdv2008.1.x86_64.rpm 897c52373d843fd8d6913b190008755d 2008.1/x86_64/lib64clamav4-0.93.1-1.1mdv2008.1.x86_64.rpm 53498a5bcac565ef5bde747fb777a02f 2008.1/x86_64/lib64clamav-devel-0.93.1-1.1mdv2008.1.x86_64.rpm bbcef70312d273a5d64396f547a1b267 2008.1/SRPMS/clamav-0.93.1-1.1mdv2008.1.src.rpm

 Corporate 3.0: f0dba56ce30fe45c3182fef7aabeb78a corporate/3.0/i586/clamav-0.93.1-0.1.C30mdk.i586.rpm b2b6b6e8115fb26f1dcbf5d91c964c43 corporate/3.0/i586/clamav-db-0.93.1-0.1.C30mdk.i586.rpm 8d9abd25a8a10f1a997371773643baae corporate/3.0/i586/clamav-milter-0.93.1-0.1.C30mdk.i586.rpm 19180f2835b6fc0d45bc141a71c16f5e corporate/3.0/i586/clamd-0.93.1-0.1.C30mdk.i586.rpm f5fd464df26d56eef9871e389e303961 corporate/3.0/i586/libclamav4-0.93.1-0.1.C30mdk.i586.rpm 45018ae43f0ae03f792c92ff9a461063 corporate/3.0/i586/libclamav-devel-0.93.1-0.1.C30mdk.i586.rpm c04af720f4cd7977ce56fd8df74aa760 corporate/3.0/SRPMS/clamav-0.93.1-0.1.C30mdk.src.rpm

 Corporate 3.0/X86_64: 7c90dbfd62be67c5b80a66851c850115 corporate/3.0/x86_64/clamav-0.93.1-0.1.C30mdk.x86_64.rpm 9de87454215778b01cf19d28c7f12455 corporate/3.0/x86_64/clamav-db-0.93.1-0.1.C30mdk.x86_64.rpm 44fa657f08f4002c57a6e285a707fe9a corporate/3.0/x86_64/clamav-milter-0.93.1-0.1.C30mdk.x86_64.rpm dc400142582e2a71c457b5ebc0910d7d corporate/3.0/x86_64/clamd-0.93.1-0.1.C30mdk.x86_64.rpm 6b1b886bc76a5d74bbce14b940cfc041 corporate/3.0/x86_64/lib64clamav4-0.93.1-0.1.C30mdk.x86_64.rpm 38209d7e42fee1ed11b546d3051e9469 corporate/3.0/x86_64/lib64clamav-devel-0.93.1-0.1.C30mdk.x86_64.rpm c04af720f4cd7977ce56fd8df74aa760 corporate/3.0/SRPMS/clamav-0.93.1-0.1.C30mdk.src.rpm

 Corporate 4.0: 60f05b344ae9cce445e0dca85ab2c81e corporate/4.0/i586/clamav-0.93.1-0.1.20060mlcs4.i586.rpm bf703aa241b7f4b6bb6d8c7c3ebe3ea1 corporate/4.0/i586/clamav-db-0.93.1-0.1.20060mlcs4.i586.rpm 380accf13269177a90345c43f5747493 corporate/4.0/i586/clamav-milter-0.93.1-0.1.20060mlcs4.i586.rpm f07c62afc0fae6bef7b70c1a8ff41bff corporate/4.0/i586/clamd-0.93.1-0.1.20060mlcs4.i586.rpm c320f5224c4c58a7cbc4e089c6ccd23c corporate/4.0/i586/libclamav4-0.93.1-0.1.20060mlcs4.i586.rpm 85bf45fcda26e4604c805dda06525949 corporate/4.0/i586/libclamav-devel-0.93.1-0.1.20060mlcs4.i586.rpm 4aed1ebe1a76e5ab5b82f7a473089f16 corporate/4.0/SRPMS/clamav-0.93.1-0.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64: 4ec940e0deecd0ee8e1d40e6e3677f7e corporate/4.0/x86_64/clamav-0.93.1-0.1.20060mlcs4.x86_64.rpm 93b41555ee924c7d121e2c1bf45cd197 corporate/4.0/x86_64/clamav-db-0.93.1-0.1.20060mlcs4.x86_64.rpm 704f979eb6e9685ea75e3b4f68006cd9 corporate/4.0/x86_64/clamav-milter-0.93.1-0.1.20060mlcs4.x86_64.rpm 6d77b053863261b147cfbba7a769cedc corporate/4.0/x86_64/clamd-0.93.1-0.1.20060mlcs4.x86_64.rpm 6920e123961a36b004938ba3356a3875 corporate/4.0/x86_64/lib64clamav4-0.93.1-0.1.20060mlcs4.x86_64.rpm a63edc2a6f9e36bdfb372baa0c2eab99 corporate/4.0/x86_64/lib64clamav-devel-0.93.1-0.1.20060mlcs4.x86_64.rpm 4aed1ebe1a76e5ab5b82f7a473089f16 corporate/4.0/SRPMS/clamav-0.93.1-0.1.20060mlcs4.src.rpm
_______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi. The verification  of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security. You can obtain the  GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com


 Type Bits/KeyID Date User ID
 pub 1024D/22458A98 2000-07-10 Mandriva Security Team   <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIYRxRmqjQ0CJFipgRAu/IAJ0dVKtK+0T0C9izy9ZwAoNNqnqm0QCeL0Yz +ycX4AzT0q2FQrJAj70RJbU=
=/9gL
-----END PGP SIGNATURE-----