Welcome to our website
To take full advantage of all features you need to login or register. Registration is completely free and takes only a few seconds.
[Security Announce] [ MDKSA-2006:184 ] - Updated clamav packages fix vulnerabilities
Posted by Bob on: 10/17/2006 11:35 PM [ Print | 0 comment(s) ]
The Mandriva Security Team published a new security update for Mandriva Linux. Here the announcement:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2006:184
http://www.mandriva.com/security/
_______________________________________________________________________
Package : clamav
Date : October 17, 2006
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
An integer overflow in previous versions of ClamAV could allow a remote
attacker to cause a Denial of Service (scanning service crash) and
execute arbitrary code via a Portable Executable (PE) file
(CVE-2006-4182).
Another vulnerability could allow a remote attacker to cause a DoS via
a crafted compressed HTML (CHM) file that causes ClamAV to read an
invalid memory location (CVE-2006-5295).
These issues are corrected in ClamAV 0.88.5 which is provided with this
update.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5295
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2006.0:
7257c6d81308efe7ef181575b87ec174 2006.0/i586/clamav-0.88.5-0.1.20060mdk.i586.rpm
d0d67d3e7532642e12f6cea52ec8e363 2006.0/i586/clamav-db-0.88.5-0.1.20060mdk.i586.rpm
d304e0ffb807bb475e79b237809c46a2 2006.0/i586/clamav-milter-0.88.5-0.1.20060mdk.i586.rpm
a0660e5fb904772f52bdb50d7a6766fb 2006.0/i586/clamd-0.88.5-0.1.20060mdk.i586.rpm
36f0e822513b958144cd4105c706862b 2006.0/i586/libclamav1-0.88.5-0.1.20060mdk.i586.rpm
a5c42f7006936f045ee0ee46b089f0ee 2006.0/i586/libclamav1-devel-0.88.5-0.1.20060mdk.i586.rpm
cc16fc225d1d56d0595874228cd8070b 2006.0/SRPMS/clamav-0.88.5-0.1.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
1ee38fa91df468c30a0b8c071f473fc0 2006.0/x86_64/clamav-0.88.5-0.1.20060mdk.x86_64.rpm
9a1f38a560272945495b4b05cb94578b 2006.0/x86_64/clamav-db-0.88.5-0.1.20060mdk.x86_64.rpm
c35c88d15873ad4ce7a05b743b6842b4 2006.0/x86_64/clamav-milter-0.88.5-0.1.20060mdk.x86_64.rpm
1cd4471b8a3319047625662d1ac07ba4 2006.0/x86_64/clamd-0.88.5-0.1.20060mdk.x86_64.rpm
f4e78be55de9eb6fb235248cbff62f36 2006.0/x86_64/lib64clamav1-0.88.5-0.1.20060mdk.x86_64.rpm
a3e754c122085472bcb693ca31f161c7 2006.0/x86_64/lib64clamav1-devel-0.88.5-0.1.20060mdk.x86_64.rpm
cc16fc225d1d56d0595874228cd8070b 2006.0/SRPMS/clamav-0.88.5-0.1.20060mdk.src.rpm
Mandriva Linux 2007.0:
8432a3683591374c2e9ad286ce6ceb70 2007.0/i586/clamav-0.88.5-1.1mdv2007.0.i586.rpm
2e9e1fb63f250ca953fe06d066968b88 2007.0/i586/clamav-db-0.88.5-1.1mdv2007.0.i586.rpm
e76fc6017f13f8de7927be403d077510 2007.0/i586/clamav-milter-0.88.5-1.1mdv2007.0.i586.rpm
74742fc0f062e71dc23af86fcac8a253 2007.0/i586/clamd-0.88.5-1.1mdv2007.0.i586.rpm
226952cb531ea0fa12347a464714e409 2007.0/i586/libclamav1-0.88.5-1.1mdv2007.0.i586.rpm
8d8bd491ed7dd5be480656d205f8ca69 2007.0/i586/libclamav1-devel-0.88.5-1.1mdv2007.0.i586.rpm
b1473a05737ecf0bf7d4d3ccdb8bbe21 2007.0/SRPMS/clamav-0.88.5-1.1mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
ec998ee65a8c0277446dcf901abbd901 2007.0/x86_64/clamav-0.88.5-1.1mdv2007.0.x86_64.rpm
27a2344aa2a12f4675b5603c80afbbf8 2007.0/x86_64/clamav-db-0.88.5-1.1mdv2007.0.x86_64.rpm
e9107857a1f585ebe285b12656833a00 2007.0/x86_64/clamav-milter-0.88.5-1.1mdv2007.0.x86_64.rpm
cb15222f0d1af2f030defd8fad981a53 2007.0/x86_64/clamd-0.88.5-1.1mdv2007.0.x86_64.rpm
fff09c60e23b76a5d56cf0408309b920 2007.0/x86_64/lib64clamav1-0.88.5-1.1mdv2007.0.x86_64.rpm
54a9559d2577bf834ddb2d269d4da1f4 2007.0/x86_64/lib64clamav1-devel-0.88.5-1.1mdv2007.0.x86_64.rpm
b1473a05737ecf0bf7d4d3ccdb8bbe21 2007.0/SRPMS/clamav-0.88.5-1.1mdv2007.0.src.rpm
Corporate 3.0:
68f85c25ebbe918bad56cedcf995a189 corporate/3.0/i586/clamav-0.88.5-0.1.C30mdk.i586.rpm
f0079a03a83690746c47eaac22a58585 corporate/3.0/i586/clamav-db-0.88.5-0.1.C30mdk.i586.rpm
c27d329d0801f0c7d164c0e569c68e2b corporate/3.0/i586/clamav-milter-0.88.5-0.1.C30mdk.i586.rpm
df44fa4ceda48f1cf7c3053ee1891e65 corporate/3.0/i586/clamd-0.88.5-0.1.C30mdk.i586.rpm
f1e11299f2083a1a52b68bf0ee89037a corporate/3.0/i586/libclamav1-0.88.5-0.1.C30mdk.i586.rpm
6b2fe309926b86b83ca29b76ad611672 corporate/3.0/i586/libclamav1-devel-0.88.5-0.1.C30mdk.i586.rpm
683a0d9c4efe743a6cc9d07b818f067a corporate/3.0/SRPMS/clamav-0.88.5-0.1.C30mdk.src.rpm
Corporate 3.0/X86_64:
b3544b024bf20115b62d3d209c5bc087 corporate/3.0/x86_64/clamav-0.88.5-0.1.C30mdk.x86_64.rpm
03a9fddd95374f6f77dff6cca8b99524 corporate/3.0/x86_64/clamav-db-0.88.5-0.1.C30mdk.x86_64.rpm
810a7025eff37a6a1382299dd643eb7d corporate/3.0/x86_64/clamav-milter-0.88.5-0.1.C30mdk.x86_64.rpm
70ac3e42511e94348f7abc519a33b486 corporate/3.0/x86_64/clamd-0.88.5-0.1.C30mdk.x86_64.rpm
b73cc847f492ebaeb4be946eeafb8727 corporate/3.0/x86_64/lib64clamav1-0.88.5-0.1.C30mdk.x86_64.rpm
13ae64b28effa69f671d1ba15f66ad36 corporate/3.0/x86_64/lib64clamav1-devel-0.88.5-0.1.C30mdk.x86_64.rpm
683a0d9c4efe743a6cc9d07b818f067a corporate/3.0/SRPMS/clamav-0.88.5-0.1.C30mdk.src.rpm
Corporate 4.0:
08675f7f9190ece69a25710adaecf4f7 corporate/4.0/i586/clamav-0.88.5-0.1.20060mlcs4.i586.rpm
25334fa761a4fabdf54a58e7b0f816c9 corporate/4.0/i586/clamav-db-0.88.5-0.1.20060mlcs4.i586.rpm
eb2f5b811c13df00bcb6d8cbd48ddd56 corporate/4.0/i586/clamav-milter-0.88.5-0.1.20060mlcs4.i586.rpm
136398c2a827e64e9090fb54d09038af corporate/4.0/i586/clamd-0.88.5-0.1.20060mlcs4.i586.rpm
ce07174bf64d73244eece879a30cbd24 corporate/4.0/i586/libclamav1-0.88.5-0.1.20060mlcs4.i586.rpm
2ab18a6b380c61528afc8300c63ce69a corporate/4.0/i586/libclamav1-devel-0.88.5-0.1.20060mlcs4.i586.rpm
f4cb68b37b1866f70520881d89fd3718 corporate/4.0/SRPMS/clamav-0.88.5-0.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
6b08a2c1b74209be1b2eb024f868687f corporate/4.0/x86_64/clamav-0.88.5-0.1.20060mlcs4.x86_64.rpm
2b566bb7262e0d81c8443953d974c69f corporate/4.0/x86_64/clamav-db-0.88.5-0.1.20060mlcs4.x86_64.rpm
6d16860abac0a7fb31992ca3ef21052c corporate/4.0/x86_64/clamav-milter-0.88.5-0.1.20060mlcs4.x86_64.rpm
eab31907b6561495acb164328c272ce0 corporate/4.0/x86_64/clamd-0.88.5-0.1.20060mlcs4.x86_64.rpm
7a260e2c3a524d259027c8e54c63adb4 corporate/4.0/x86_64/lib64clamav1-0.88.5-0.1.20060mlcs4.x86_64.rpm
3ba6065a13cfd18d7b73366872ea8ccd corporate/4.0/x86_64/lib64clamav1-devel-0.88.5-0.1.20060mlcs4.x86_64.rpm
f4cb68b37b1866f70520881d89fd3718 corporate/4.0/SRPMS/clamav-0.88.5-0.1.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
lt;security*mandriva.comgt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFFNSuKmqjQ0CJFipgRAisVAKDL332h+poNjniQ+sr0FoGO9Zx7LQCgjQx9
6FE0xddk5MrCZvz/NulZeGk=
=VdLo
-----END PGP SIGNATURE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2006:184
http://www.mandriva.com/security/
_______________________________________________________________________
Package : clamav
Date : October 17, 2006
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
An integer overflow in previous versions of ClamAV could allow a remote
attacker to cause a Denial of Service (scanning service crash) and
execute arbitrary code via a Portable Executable (PE) file
(CVE-2006-4182).
Another vulnerability could allow a remote attacker to cause a DoS via
a crafted compressed HTML (CHM) file that causes ClamAV to read an
invalid memory location (CVE-2006-5295).
These issues are corrected in ClamAV 0.88.5 which is provided with this
update.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5295
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2006.0:
7257c6d81308efe7ef181575b87ec174 2006.0/i586/clamav-0.88.5-0.1.20060mdk.i586.rpm
d0d67d3e7532642e12f6cea52ec8e363 2006.0/i586/clamav-db-0.88.5-0.1.20060mdk.i586.rpm
d304e0ffb807bb475e79b237809c46a2 2006.0/i586/clamav-milter-0.88.5-0.1.20060mdk.i586.rpm
a0660e5fb904772f52bdb50d7a6766fb 2006.0/i586/clamd-0.88.5-0.1.20060mdk.i586.rpm
36f0e822513b958144cd4105c706862b 2006.0/i586/libclamav1-0.88.5-0.1.20060mdk.i586.rpm
a5c42f7006936f045ee0ee46b089f0ee 2006.0/i586/libclamav1-devel-0.88.5-0.1.20060mdk.i586.rpm
cc16fc225d1d56d0595874228cd8070b 2006.0/SRPMS/clamav-0.88.5-0.1.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
1ee38fa91df468c30a0b8c071f473fc0 2006.0/x86_64/clamav-0.88.5-0.1.20060mdk.x86_64.rpm
9a1f38a560272945495b4b05cb94578b 2006.0/x86_64/clamav-db-0.88.5-0.1.20060mdk.x86_64.rpm
c35c88d15873ad4ce7a05b743b6842b4 2006.0/x86_64/clamav-milter-0.88.5-0.1.20060mdk.x86_64.rpm
1cd4471b8a3319047625662d1ac07ba4 2006.0/x86_64/clamd-0.88.5-0.1.20060mdk.x86_64.rpm
f4e78be55de9eb6fb235248cbff62f36 2006.0/x86_64/lib64clamav1-0.88.5-0.1.20060mdk.x86_64.rpm
a3e754c122085472bcb693ca31f161c7 2006.0/x86_64/lib64clamav1-devel-0.88.5-0.1.20060mdk.x86_64.rpm
cc16fc225d1d56d0595874228cd8070b 2006.0/SRPMS/clamav-0.88.5-0.1.20060mdk.src.rpm
Mandriva Linux 2007.0:
8432a3683591374c2e9ad286ce6ceb70 2007.0/i586/clamav-0.88.5-1.1mdv2007.0.i586.rpm
2e9e1fb63f250ca953fe06d066968b88 2007.0/i586/clamav-db-0.88.5-1.1mdv2007.0.i586.rpm
e76fc6017f13f8de7927be403d077510 2007.0/i586/clamav-milter-0.88.5-1.1mdv2007.0.i586.rpm
74742fc0f062e71dc23af86fcac8a253 2007.0/i586/clamd-0.88.5-1.1mdv2007.0.i586.rpm
226952cb531ea0fa12347a464714e409 2007.0/i586/libclamav1-0.88.5-1.1mdv2007.0.i586.rpm
8d8bd491ed7dd5be480656d205f8ca69 2007.0/i586/libclamav1-devel-0.88.5-1.1mdv2007.0.i586.rpm
b1473a05737ecf0bf7d4d3ccdb8bbe21 2007.0/SRPMS/clamav-0.88.5-1.1mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
ec998ee65a8c0277446dcf901abbd901 2007.0/x86_64/clamav-0.88.5-1.1mdv2007.0.x86_64.rpm
27a2344aa2a12f4675b5603c80afbbf8 2007.0/x86_64/clamav-db-0.88.5-1.1mdv2007.0.x86_64.rpm
e9107857a1f585ebe285b12656833a00 2007.0/x86_64/clamav-milter-0.88.5-1.1mdv2007.0.x86_64.rpm
cb15222f0d1af2f030defd8fad981a53 2007.0/x86_64/clamd-0.88.5-1.1mdv2007.0.x86_64.rpm
fff09c60e23b76a5d56cf0408309b920 2007.0/x86_64/lib64clamav1-0.88.5-1.1mdv2007.0.x86_64.rpm
54a9559d2577bf834ddb2d269d4da1f4 2007.0/x86_64/lib64clamav1-devel-0.88.5-1.1mdv2007.0.x86_64.rpm
b1473a05737ecf0bf7d4d3ccdb8bbe21 2007.0/SRPMS/clamav-0.88.5-1.1mdv2007.0.src.rpm
Corporate 3.0:
68f85c25ebbe918bad56cedcf995a189 corporate/3.0/i586/clamav-0.88.5-0.1.C30mdk.i586.rpm
f0079a03a83690746c47eaac22a58585 corporate/3.0/i586/clamav-db-0.88.5-0.1.C30mdk.i586.rpm
c27d329d0801f0c7d164c0e569c68e2b corporate/3.0/i586/clamav-milter-0.88.5-0.1.C30mdk.i586.rpm
df44fa4ceda48f1cf7c3053ee1891e65 corporate/3.0/i586/clamd-0.88.5-0.1.C30mdk.i586.rpm
f1e11299f2083a1a52b68bf0ee89037a corporate/3.0/i586/libclamav1-0.88.5-0.1.C30mdk.i586.rpm
6b2fe309926b86b83ca29b76ad611672 corporate/3.0/i586/libclamav1-devel-0.88.5-0.1.C30mdk.i586.rpm
683a0d9c4efe743a6cc9d07b818f067a corporate/3.0/SRPMS/clamav-0.88.5-0.1.C30mdk.src.rpm
Corporate 3.0/X86_64:
b3544b024bf20115b62d3d209c5bc087 corporate/3.0/x86_64/clamav-0.88.5-0.1.C30mdk.x86_64.rpm
03a9fddd95374f6f77dff6cca8b99524 corporate/3.0/x86_64/clamav-db-0.88.5-0.1.C30mdk.x86_64.rpm
810a7025eff37a6a1382299dd643eb7d corporate/3.0/x86_64/clamav-milter-0.88.5-0.1.C30mdk.x86_64.rpm
70ac3e42511e94348f7abc519a33b486 corporate/3.0/x86_64/clamd-0.88.5-0.1.C30mdk.x86_64.rpm
b73cc847f492ebaeb4be946eeafb8727 corporate/3.0/x86_64/lib64clamav1-0.88.5-0.1.C30mdk.x86_64.rpm
13ae64b28effa69f671d1ba15f66ad36 corporate/3.0/x86_64/lib64clamav1-devel-0.88.5-0.1.C30mdk.x86_64.rpm
683a0d9c4efe743a6cc9d07b818f067a corporate/3.0/SRPMS/clamav-0.88.5-0.1.C30mdk.src.rpm
Corporate 4.0:
08675f7f9190ece69a25710adaecf4f7 corporate/4.0/i586/clamav-0.88.5-0.1.20060mlcs4.i586.rpm
25334fa761a4fabdf54a58e7b0f816c9 corporate/4.0/i586/clamav-db-0.88.5-0.1.20060mlcs4.i586.rpm
eb2f5b811c13df00bcb6d8cbd48ddd56 corporate/4.0/i586/clamav-milter-0.88.5-0.1.20060mlcs4.i586.rpm
136398c2a827e64e9090fb54d09038af corporate/4.0/i586/clamd-0.88.5-0.1.20060mlcs4.i586.rpm
ce07174bf64d73244eece879a30cbd24 corporate/4.0/i586/libclamav1-0.88.5-0.1.20060mlcs4.i586.rpm
2ab18a6b380c61528afc8300c63ce69a corporate/4.0/i586/libclamav1-devel-0.88.5-0.1.20060mlcs4.i586.rpm
f4cb68b37b1866f70520881d89fd3718 corporate/4.0/SRPMS/clamav-0.88.5-0.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
6b08a2c1b74209be1b2eb024f868687f corporate/4.0/x86_64/clamav-0.88.5-0.1.20060mlcs4.x86_64.rpm
2b566bb7262e0d81c8443953d974c69f corporate/4.0/x86_64/clamav-db-0.88.5-0.1.20060mlcs4.x86_64.rpm
6d16860abac0a7fb31992ca3ef21052c corporate/4.0/x86_64/clamav-milter-0.88.5-0.1.20060mlcs4.x86_64.rpm
eab31907b6561495acb164328c272ce0 corporate/4.0/x86_64/clamd-0.88.5-0.1.20060mlcs4.x86_64.rpm
7a260e2c3a524d259027c8e54c63adb4 corporate/4.0/x86_64/lib64clamav1-0.88.5-0.1.20060mlcs4.x86_64.rpm
3ba6065a13cfd18d7b73366872ea8ccd corporate/4.0/x86_64/lib64clamav1-devel-0.88.5-0.1.20060mlcs4.x86_64.rpm
f4cb68b37b1866f70520881d89fd3718 corporate/4.0/SRPMS/clamav-0.88.5-0.1.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
lt;security*mandriva.comgt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFFNSuKmqjQ0CJFipgRAisVAKDL332h+poNjniQ+sr0FoGO9Zx7LQCgjQx9
6FE0xddk5MrCZvz/NulZeGk=
=VdLo
-----END PGP SIGNATURE-----
