[Security Announce] [ MDKSA-2007:172 ] - Updated clamav packages vulnerabilities
Posted on: 09/01/2007 05:15 AM

The Mandriva Security Team published a new security update for Mandriva Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2007:172
http://www.mandriva.com/security/
_______________________________________________________________________

Package : clamav
Date : August 31, 2007
Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0
_______________________________________________________________________

Problem Description:

A vulnerability in ClamAV was discovered that could allow remote
attackers to cause a denial of service via a crafted RTF file or a
crafted HTML document with a data: URI, both of which trigger a NULL
dereference (CVE-2007-4510).

A vulnerability in clamav-milter, when run in black hole mode,
could allow remote attackers to execute arbitrary commands via shell
metacharacters that are used in a certain popen call (CVE-2007-4560).

Other bugs have also been corrected in 0.91.2 which is being provided
with this update.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4510
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4560
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.0:
9cc355cd4581c9e15aed5c059263f201 2007.0/i586/clamav-0.91.2-1.1mdv2007.0.i586.rpm
cfcf00e1e77e0945c61fe88f9a47b6be 2007.0/i586/clamav-db-0.91.2-1.1mdv2007.0.i586.rpm
c7a2df49aead6c11e6134ce35f2ff39c 2007.0/i586/clamav-milter-0.91.2-1.1mdv2007.0.i586.rpm
f9ead23bd0d3b98b58687a02eafa3d18 2007.0/i586/clamd-0.91.2-1.1mdv2007.0.i586.rpm
e39d94f73442dbb2e6bd0034bbc242df 2007.0/i586/clamdmon-0.91.2-1.1mdv2007.0.i586.rpm
2c886e10cce4b366a2202c0374550d10 2007.0/i586/libclamav-devel-0.91.2-1.1mdv2007.0.i586.rpm
4b1d3207bfc97d0e75d098e53d227fcf 2007.0/i586/libclamav2-0.91.2-1.1mdv2007.0.i586.rpm
46173382db18fa6776e0c11239d34727 2007.0/SRPMS/clamav-0.91.2-1.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
0004b985905afd8cd892d8565d2c6f84 2007.0/x86_64/clamav-0.91.2-1.1mdv2007.0.x86_64.rpm
604ef50bbb41cba7a46998a872cceb5e 2007.0/x86_64/clamav-db-0.91.2-1.1mdv2007.0.x86_64.rpm
f451326de1cda70b72f78e799702a714 2007.0/x86_64/clamav-milter-0.91.2-1.1mdv2007.0.x86_64.rpm
d459c0ce7eb70fa26f473130b9e2aca3 2007.0/x86_64/clamd-0.91.2-1.1mdv2007.0.x86_64.rpm
7e407178e6b31b27f28ea86a9a812b7e 2007.0/x86_64/clamdmon-0.91.2-1.1mdv2007.0.x86_64.rpm
194efc9b8d8f454a6d40aa02311550ad 2007.0/x86_64/lib64clamav-devel-0.91.2-1.1mdv2007.0.x86_64.rpm
7302c856810696ee9d2da5436a26a5f2 2007.0/x86_64/lib64clamav2-0.91.2-1.1mdv2007.0.x86_64.rpm
46173382db18fa6776e0c11239d34727 2007.0/SRPMS/clamav-0.91.2-1.1mdv2007.0.src.rpm

Mandriva Linux 2007.1:
b314b45eda90a4fc914f980063b08f16 2007.1/i586/clamav-0.91.2-1.1mdv2007.1.i586.rpm
8bbddc576a178213a167285e676f6367 2007.1/i586/clamav-db-0.91.2-1.1mdv2007.1.i586.rpm
d5fc2163cf848f73a686299866bb8e12 2007.1/i586/clamav-milter-0.91.2-1.1mdv2007.1.i586.rpm
0da0d4bdf458feb3a8f01e590603277d 2007.1/i586/clamd-0.91.2-1.1mdv2007.1.i586.rpm
7048492d9a19e3e8805de3838e30efcd 2007.1/i586/clamdmon-0.91.2-1.1mdv2007.1.i586.rpm
f1a6165d185c2bc8bacc1f6a3f6f0583 2007.1/i586/libclamav-devel-0.91.2-1.1mdv2007.1.i586.rpm
82626c97b6c4d0ede2affb6dab4bbb20 2007.1/i586/libclamav2-0.91.2-1.1mdv2007.1.i586.rpm
1aa3e75e6fd71c98a85671f7073eef53 2007.1/SRPMS/clamav-0.91.2-1.1mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
ce936aaf4aac71db278525b626f7db71 2007.1/x86_64/clamav-0.91.2-1.1mdv2007.1.x86_64.rpm
ab831b70524ef3e7e49ad2e421965d10 2007.1/x86_64/clamav-db-0.91.2-1.1mdv2007.1.x86_64.rpm
053f0b5017f2107edc95e33d77827854 2007.1/x86_64/clamav-milter-0.91.2-1.1mdv2007.1.x86_64.rpm
29d1c23377beda7601da3bf160620d75 2007.1/x86_64/clamd-0.91.2-1.1mdv2007.1.x86_64.rpm
f917158048deac5163697c6dbb5882c9 2007.1/x86_64/clamdmon-0.91.2-1.1mdv2007.1.x86_64.rpm
b0e2b52d8d538f29ffbcfe266a540b67 2007.1/x86_64/lib64clamav-devel-0.91.2-1.1mdv2007.1.x86_64.rpm
5e3cd3617c0e719bc7af09781e0dfcb6 2007.1/x86_64/lib64clamav2-0.91.2-1.1mdv2007.1.x86_64.rpm
1aa3e75e6fd71c98a85671f7073eef53 2007.1/SRPMS/clamav-0.91.2-1.1mdv2007.1.src.rpm

Corporate 3.0:
3f54f8a01c5926fe7b5285e1aa5bd8a0 corporate/3.0/i586/clamav-0.91.2-0.1.C30mdk.i586.rpm
e4f84e94bb49ae6a30db55c0eb3e1f37 corporate/3.0/i586/clamav-db-0.91.2-0.1.C30mdk.i586.rpm
62b32759d1ef5100c7a9d4df5662df4e corporate/3.0/i586/clamav-milter-0.91.2-0.1.C30mdk.i586.rpm
da52811fa2422350fb10aa66b82e7345 corporate/3.0/i586/clamd-0.91.2-0.1.C30mdk.i586.rpm
5b479b2416b7b2a3185a1ea1444e871d corporate/3.0/i586/clamdmon-0.91.2-0.1.C30mdk.i586.rpm
9dac547edcaadc6d91e049dfcfd4c8ef corporate/3.0/i586/libclamav-devel-0.91.2-0.1.C30mdk.i586.rpm
549d6c10620fb7440dbf28df5c8a21de corporate/3.0/i586/libclamav2-0.91.2-0.1.C30mdk.i586.rpm
161aad73d855e835420c4e2cc4d37867 corporate/3.0/SRPMS/clamav-0.91.2-0.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
8558b7b8084cd0b0c3d23c1289830947 corporate/3.0/x86_64/clamav-0.91.2-0.1.C30mdk.x86_64.rpm
62376f79cde45931384e81f267205b54 corporate/3.0/x86_64/clamav-db-0.91.2-0.1.C30mdk.x86_64.rpm
57d93dd2c249d800de1fa22324b4b688 corporate/3.0/x86_64/clamav-milter-0.91.2-0.1.C30mdk.x86_64.rpm
5f7cc43fc89623177e3864194d86dd62 corporate/3.0/x86_64/clamd-0.91.2-0.1.C30mdk.x86_64.rpm
dafb5a003f164d742bcfc2775b1a72ec corporate/3.0/x86_64/clamdmon-0.91.2-0.1.C30mdk.x86_64.rpm
29c3fc98485a4912179438b66be722dc corporate/3.0/x86_64/lib64clamav-devel-0.91.2-0.1.C30mdk.x86_64.rpm
4a49f8d6b1e652a58216d6f20f9d11e8 corporate/3.0/x86_64/lib64clamav2-0.91.2-0.1.C30mdk.x86_64.rpm
161aad73d855e835420c4e2cc4d37867 corporate/3.0/SRPMS/clamav-0.91.2-0.1.C30mdk.src.rpm

Corporate 4.0:
77469fc267c49b8727e9c8d7dfbe1dbe corporate/4.0/i586/clamav-0.91.2-0.1.20060mlcs4.i586.rpm
524a97ee0a548a61503a3d2805148adb corporate/4.0/i586/clamav-db-0.91.2-0.1.20060mlcs4.i586.rpm
b30b5e2ecc63f527a270df87fb236235 corporate/4.0/i586/clamav-milter-0.91.2-0.1.20060mlcs4.i586.rpm
6fdb3fb5e172ac5142cf668013e18f2a corporate/4.0/i586/clamd-0.91.2-0.1.20060mlcs4.i586.rpm
63862acdb343759ad132eb7851de094f corporate/4.0/i586/clamdmon-0.91.2-0.1.20060mlcs4.i586.rpm
d8410aeca30a43ef80dba02181eab604 corporate/4.0/i586/libclamav-devel-0.91.2-0.1.20060mlcs4.i586.rpm
28c9e2d2058116c19230b46686f211af corporate/4.0/i586/libclamav2-0.91.2-0.1.20060mlcs4.i586.rpm
e28ad7b384a7df0d3a457b9cab2e45a5 corporate/4.0/SRPMS/clamav-0.91.2-0.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
23813b996a2fde23ffb7d34c50464576 corporate/4.0/x86_64/clamav-0.91.2-0.1.20060mlcs4.x86_64.rpm
9de86112dede4437ec8de4792602c697 corporate/4.0/x86_64/clamav-db-0.91.2-0.1.20060mlcs4.x86_64.rpm
d7c4ca09b53acf38161206b9b0288f50 corporate/4.0/x86_64/clamav-milter-0.91.2-0.1.20060mlcs4.x86_64.rpm
cc043effd109ea56c076ade68e642007 corporate/4.0/x86_64/clamd-0.91.2-0.1.20060mlcs4.x86_64.rpm
d84d812febc122043602a7cbef4025f7 corporate/4.0/x86_64/clamdmon-0.91.2-0.1.20060mlcs4.x86_64.rpm
7d64c08753f48cd26932b0a047a841c6 corporate/4.0/x86_64/lib64clamav-devel-0.91.2-0.1.20060mlcs4.x86_64.rpm
4c33eb78a714a00844e918c18179ce27 corporate/4.0/x86_64/lib64clamav2-0.91.2-0.1.20060mlcs4.x86_64.rpm
e28ad7b384a7df0d3a457b9cab2e45a5 corporate/4.0/SRPMS/clamav-0.91.2-0.1.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
lt;security*mandriva.comgt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFG2JaAmqjQ0CJFipgRAnI0AJ9fgAIDhVfdbipB/oUayk0fVNyMJQCgq/Do
qkx9vOAIP/sETiOBojGnhkQ=
=6TkG
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/security_announce_mdksa_2007172__updated_clamav_packages_vulnerabilities.html)