[Security Announce] [ MDKSA-2007:150 ] - Updated clamav packages fix vulnerabilities
Posted on: 07/26/2007 02:40 AM

The Mandriva Security Team published a new security update for Mandriva Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2007:150
http://www.mandriva.com/security/
_______________________________________________________________________

Package : clamav
Date : July 25, 2007
Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0
_______________________________________________________________________

Problem Description:

A vulnerability in the RAR VM in ClamAV allowed user-assisted remote
attackers to cause a crash via a crafted RAR archive which resulted
in a NULL pointer dereference.

Other bugs have also been corrected in 0.91.1 which is being provided
with this update.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3725
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.0:
a1d7123d64b17de98db72e05959657e0 2007.0/i586/clamav-0.91.1-1.1mdv2007.0.i586.rpm
4e814bbff65dc4129f398f72b6d62640 2007.0/i586/clamav-db-0.91.1-1.1mdv2007.0.i586.rpm
c6267bcae66562a2458cf9ad5d6de8f4 2007.0/i586/clamav-milter-0.91.1-1.1mdv2007.0.i586.rpm
1f263279bf4cd5460786fe0759c0ec96 2007.0/i586/clamd-0.91.1-1.1mdv2007.0.i586.rpm
0b14d3e33ba65c556cbea0dd4b55a51c 2007.0/i586/clamdmon-0.91.1-1.1mdv2007.0.i586.rpm
2bd3ff262e1f1b5d261e2aa986d23ad5 2007.0/i586/libclamav2-0.91.1-1.1mdv2007.0.i586.rpm
b9b0dac5eccf1000b8301187bcad99b2 2007.0/i586/libclamav2-devel-0.91.1-1.1mdv2007.0.i586.rpm
d1b697088a726c293ee54cc25b660308 2007.0/SRPMS/clamav-0.91.1-1.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
c0b6dc4ec4ab20dba0129966d42cd75e 2007.0/x86_64/clamav-0.91.1-1.1mdv2007.0.x86_64.rpm
8c28b0917575a5b0f2306f6c30d35df8 2007.0/x86_64/clamav-db-0.91.1-1.1mdv2007.0.x86_64.rpm
fbf470d9921d86b6cfbf0b75a8723f71 2007.0/x86_64/clamav-milter-0.91.1-1.1mdv2007.0.x86_64.rpm
9dbff52f73edb4b10efa681b2c3b6b38 2007.0/x86_64/clamd-0.91.1-1.1mdv2007.0.x86_64.rpm
60f9f0b6e869e4931ea6a5e1521d079b 2007.0/x86_64/clamdmon-0.91.1-1.1mdv2007.0.x86_64.rpm
4de72c8d9cd714e0b1b7d9d1aadcb131 2007.0/x86_64/lib64clamav2-0.91.1-1.1mdv2007.0.x86_64.rpm
63dc325ae89be61dca20128ae021a812 2007.0/x86_64/lib64clamav2-devel-0.91.1-1.1mdv2007.0.x86_64.rpm
d1b697088a726c293ee54cc25b660308 2007.0/SRPMS/clamav-0.91.1-1.1mdv2007.0.src.rpm

Mandriva Linux 2007.1:
5044c759d6cad93402ddd5350262f5fb 2007.1/i586/clamav-0.91.1-1.1mdv2007.1.i586.rpm
9fdbb064de5d4752bf29b68edf86c9b7 2007.1/i586/clamav-db-0.91.1-1.1mdv2007.1.i586.rpm
0bb59e9542365b9bd1faf3cdb041e1d1 2007.1/i586/clamav-milter-0.91.1-1.1mdv2007.1.i586.rpm
2f95a4750b57cd52a8f8fe30ff62ad85 2007.1/i586/clamd-0.91.1-1.1mdv2007.1.i586.rpm
33548bc49879899559d5700f7ec0add2 2007.1/i586/clamdmon-0.91.1-1.1mdv2007.1.i586.rpm
4dc6d180ee9e306fa5eb3a1dfe81aa9e 2007.1/i586/libclamav2-0.91.1-1.1mdv2007.1.i586.rpm
f2e5333e7c60c9cbc7b70f3994a867c3 2007.1/i586/libclamav2-devel-0.91.1-1.1mdv2007.1.i586.rpm
fdb6ea9465c87b3206051df922e509d0 2007.1/SRPMS/clamav-0.91.1-1.1mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
15b628de57bf9b067dfe17e4050eae06 2007.1/x86_64/clamav-0.91.1-1.1mdv2007.1.x86_64.rpm
f53ae231e7591079b7a9f88c948527d5 2007.1/x86_64/clamav-db-0.91.1-1.1mdv2007.1.x86_64.rpm
be2c036992c7ebd82ffdc45e4679c83c 2007.1/x86_64/clamav-milter-0.91.1-1.1mdv2007.1.x86_64.rpm
cabcdcf73a9e49ead2db583e1a55af71 2007.1/x86_64/clamd-0.91.1-1.1mdv2007.1.x86_64.rpm
8f8e068f16c979be31d688069c76b797 2007.1/x86_64/clamdmon-0.91.1-1.1mdv2007.1.x86_64.rpm
c37ebfab59ca964727252852af351988 2007.1/x86_64/lib64clamav2-0.91.1-1.1mdv2007.1.x86_64.rpm
744eaf423e847ad4ed1204cfde0bac22 2007.1/x86_64/lib64clamav2-devel-0.91.1-1.1mdv2007.1.x86_64.rpm
fdb6ea9465c87b3206051df922e509d0 2007.1/SRPMS/clamav-0.91.1-1.1mdv2007.1.src.rpm

Corporate 3.0:
3d676fd4f9e9ded80498b13ee9703447 corporate/3.0/i586/clamav-0.91.1-0.1.C30mdk.i586.rpm
b9b12ef53061ccf1f695c2fffe6a04bb corporate/3.0/i586/clamav-db-0.91.1-0.1.C30mdk.i586.rpm
24da7dc91cbe989c78c7bdf6dba9e900 corporate/3.0/i586/clamav-milter-0.91.1-0.1.C30mdk.i586.rpm
bc9fdfa2c9a6c356f7f14f186d2e57d9 corporate/3.0/i586/clamd-0.91.1-0.1.C30mdk.i586.rpm
3e930ebd2759f14da53b0f2f4d8cf7da corporate/3.0/i586/clamdmon-0.91.1-0.1.C30mdk.i586.rpm
5897ace4abdc86cff7c7f9b073c4a046 corporate/3.0/i586/libclamav2-0.91.1-0.1.C30mdk.i586.rpm
56909a444cdc2b2c60f4c07d8d829034 corporate/3.0/i586/libclamav2-devel-0.91.1-0.1.C30mdk.i586.rpm
b1c34cc12fb36c73c469dcfbf4bcaa4e corporate/3.0/SRPMS/clamav-0.91.1-0.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
1d9868884be1e6222e4161458bb66c26 corporate/3.0/x86_64/clamav-0.91.1-0.1.C30mdk.x86_64.rpm
7cfa0abb1592069c41b7a9e413c9c087 corporate/3.0/x86_64/clamav-db-0.91.1-0.1.C30mdk.x86_64.rpm
eebc3cadf53dd91a4ce07e24f52dc769 corporate/3.0/x86_64/clamav-milter-0.91.1-0.1.C30mdk.x86_64.rpm
51c2d25c6a9daaf22e4de6664f59214b corporate/3.0/x86_64/clamd-0.91.1-0.1.C30mdk.x86_64.rpm
7204fe1ba0c6bf928e5acf49be41162f corporate/3.0/x86_64/clamdmon-0.91.1-0.1.C30mdk.x86_64.rpm
0a35b0352337135ef77792872c1b2f3c corporate/3.0/x86_64/lib64clamav2-0.91.1-0.1.C30mdk.x86_64.rpm
ac762dda202af6e7c334aeb4281478c8 corporate/3.0/x86_64/lib64clamav2-devel-0.91.1-0.1.C30mdk.x86_64.rpm
b1c34cc12fb36c73c469dcfbf4bcaa4e corporate/3.0/SRPMS/clamav-0.91.1-0.1.C30mdk.src.rpm

Corporate 4.0:
07b49366a22bd05a2a2bb04301e4f7ea corporate/4.0/i586/clamav-0.91.1-0.1.20060mlcs4.i586.rpm
ef63aaea4109ca3a3f1fd2faafef6cc7 corporate/4.0/i586/clamav-db-0.91.1-0.1.20060mlcs4.i586.rpm
b05e11e5f7ede181d6160976f52c8fb0 corporate/4.0/i586/clamav-milter-0.91.1-0.1.20060mlcs4.i586.rpm
153c8daee5528351b1dc9488d462f39d corporate/4.0/i586/clamd-0.91.1-0.1.20060mlcs4.i586.rpm
51b0ece4e3aea78fc412595687817edf corporate/4.0/i586/clamdmon-0.91.1-0.1.20060mlcs4.i586.rpm
8fbd33f837d05be535798d580105d4d8 corporate/4.0/i586/libclamav2-0.91.1-0.1.20060mlcs4.i586.rpm
ad7330c0fdfc2a372d462991701c3462 corporate/4.0/i586/libclamav2-devel-0.91.1-0.1.20060mlcs4.i586.rpm
3e04440a073f6c606289c90280cf3c7c corporate/4.0/SRPMS/clamav-0.91.1-0.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
c4bbd2429700fbe41ae69d9926b40569 corporate/4.0/x86_64/clamav-0.91.1-0.1.20060mlcs4.x86_64.rpm
4bba7834c9a14cf2098f3993389d78af corporate/4.0/x86_64/clamav-db-0.91.1-0.1.20060mlcs4.x86_64.rpm
b185a885f6c1038fcc6332a0d4edd5bb corporate/4.0/x86_64/clamav-milter-0.91.1-0.1.20060mlcs4.x86_64.rpm
a3a66b6dcd5834b765339d4e821608dd corporate/4.0/x86_64/clamd-0.91.1-0.1.20060mlcs4.x86_64.rpm
9f2edd76e48cd6c77e8fd847beb8710d corporate/4.0/x86_64/clamdmon-0.91.1-0.1.20060mlcs4.x86_64.rpm
b446eebd29ba07eaea893bb68c9932ba corporate/4.0/x86_64/lib64clamav2-0.91.1-0.1.20060mlcs4.x86_64.rpm
f4735af15e3e15bc26bc188743c3856e corporate/4.0/x86_64/lib64clamav2-devel-0.91.1-0.1.20060mlcs4.x86_64.rpm
3e04440a073f6c606289c90280cf3c7c corporate/4.0/SRPMS/clamav-0.91.1-0.1.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
lt;security*mandriva.comgt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGp7IGmqjQ0CJFipgRAhriAKC+4jhYAgFtzMrinpv0xgx9iGYYFgCdFSQW
TQG7/bzoIJGeWikzMQr+KsA=
=kAPB
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/security_announce_mdksa_2007150__updated_clamav_packages_fix_vulnerabilities.html)