NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Full-Disclosure> 2007-06

[Full-disclosure] [ MDKSA-2007:115 ] - Updated clamav packages fix vulnerabilities

securitymandriva.com
Date: Mon Jun 04 2007 - 20:07:23 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2007:115
http://www.mandriva.com/security/
_______________________________________________________________________

Package : clamav
Date : June 4, 2007
Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0
_______________________________________________________________________

Problem Description:

A vulnerability in the OLE2 parser in ClamAV was found that could
allow a remote attacker to cause a denial of service via resource
consumption with a carefully crafted OLE2 file.

Other vulnerabilities and bugs have also been corrected in 0.90.3
which is being provided with this update.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2650
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.0:
8f807a16b18ddd17fdcbbf563f0b225c 2007.0/i586/clamav-0.90.3-0.1mdv2007.0.i586.rpm
afcb2de5f26cc1fc07499cea6e5f4ffd 2007.0/i586/clamav-db-0.90.3-0.1mdv2007.0.i586.rpm
3ea7af875ea79a1efb2aec03e4e70e7e 2007.0/i586/clamav-milter-0.90.3-0.1mdv2007.0.i586.rpm
498a8e05cb31451382562c22dd8c6ca8 2007.0/i586/clamd-0.90.3-0.1mdv2007.0.i586.rpm
90cecf4adbf717672b54e5a18250447d 2007.0/i586/clamdmon-0.90.3-0.1mdv2007.0.i586.rpm
4c2b036b761d67aef27349f3bf6de11d 2007.0/i586/libclamav2-0.90.3-0.1mdv2007.0.i586.rpm
667c354d70642e8663edd469506fb488 2007.0/i586/libclamav2-devel-0.90.3-0.1mdv2007.0.i586.rpm
e472e368da522072b20a7773f4db5d22 2007.0/SRPMS/clamav-0.90.3-0.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
15636a6d8f3fd6537350b0a1b67741c3 2007.0/x86_64/clamav-0.90.3-0.1mdv2007.0.x86_64.rpm
097ede19d694a7f2d8d103bd16f9864b 2007.0/x86_64/clamav-db-0.90.3-0.1mdv2007.0.x86_64.rpm
68ebe1e39a0b25211e6c9dbeddcdefa6 2007.0/x86_64/clamav-milter-0.90.3-0.1mdv2007.0.x86_64.rpm
f0bd264bfdadc816759a438308b82cd7 2007.0/x86_64/clamd-0.90.3-0.1mdv2007.0.x86_64.rpm
30b6eb173aa40c39b6cd191433387a26 2007.0/x86_64/clamdmon-0.90.3-0.1mdv2007.0.x86_64.rpm
5164562d6affcacc64ade14d3acd23cd 2007.0/x86_64/lib64clamav2-0.90.3-0.1mdv2007.0.x86_64.rpm
b86a1162638401a101a08b52689df150 2007.0/x86_64/lib64clamav2-devel-0.90.3-0.1mdv2007.0.x86_64.rpm
e472e368da522072b20a7773f4db5d22 2007.0/SRPMS/clamav-0.90.3-0.1mdv2007.0.src.rpm

Mandriva Linux 2007.1:
378ad782e37e018e1e553d7c351ea358 2007.1/i586/clamav-0.90.3-0.1mdv2007.1.i586.rpm
d083214002090ae15d36c9463c78c29c 2007.1/i586/clamav-db-0.90.3-0.1mdv2007.1.i586.rpm
5316d47473a5c284f40fdb21c08b9d28 2007.1/i586/clamav-milter-0.90.3-0.1mdv2007.1.i586.rpm
ff430af11f2ba37bbcb521f93d71030a 2007.1/i586/clamd-0.90.3-0.1mdv2007.1.i586.rpm
ab9cac6d55dc192b5ffcaa5f356f6821 2007.1/i586/clamdmon-0.90.3-0.1mdv2007.1.i586.rpm
06daf5c409b7931ca02e88f85048225a 2007.1/i586/libclamav2-0.90.3-0.1mdv2007.1.i586.rpm
eb59ec3314ae85a0a2c400d725c1d984 2007.1/i586/libclamav2-devel-0.90.3-0.1mdv2007.1.i586.rpm
22132cc15d14520edd635019d06b874e 2007.1/SRPMS/clamav-0.90.3-0.1mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
03d79b409aa5c87570222a600ac92915 2007.1/x86_64/clamav-0.90.3-0.1mdv2007.1.x86_64.rpm
7cb3f180fa1bfc6cdaae4a7ae4088dc2 2007.1/x86_64/clamav-db-0.90.3-0.1mdv2007.1.x86_64.rpm
850deaafd4bb64b4c6a35772fffbd369 2007.1/x86_64/clamav-milter-0.90.3-0.1mdv2007.1.x86_64.rpm
9f3e3f88497ce3b769f5f6f7e05fd8ca 2007.1/x86_64/clamd-0.90.3-0.1mdv2007.1.x86_64.rpm
6f38934bee43286ecf2b8f7049c6dd1f 2007.1/x86_64/clamdmon-0.90.3-0.1mdv2007.1.x86_64.rpm
94f315377e8f33b936fff253eaa4e847 2007.1/x86_64/lib64clamav2-0.90.3-0.1mdv2007.1.x86_64.rpm
c7c1458f005b09c23bb2affb7b9aae0c 2007.1/x86_64/lib64clamav2-devel-0.90.3-0.1mdv2007.1.x86_64.rpm
22132cc15d14520edd635019d06b874e 2007.1/SRPMS/clamav-0.90.3-0.1mdv2007.1.src.rpm

Corporate 3.0:
d173ea9451a336aa56e834f1cd3d4882 corporate/3.0/i586/clamav-0.90.3-0.1.C30mdk.i586.rpm
2694fbbd622a5b312a523bc16993ff1c corporate/3.0/i586/clamav-db-0.90.3-0.1.C30mdk.i586.rpm
647afdc7fcec85cc9190e2680b35000c corporate/3.0/i586/clamav-milter-0.90.3-0.1.C30mdk.i586.rpm
2646c5e3f81c8d0b35229205bbba5344 corporate/3.0/i586/clamd-0.90.3-0.1.C30mdk.i586.rpm
bfd73b522c6d7cda7e7dd995a6e7e79b corporate/3.0/i586/clamdmon-0.90.3-0.1.C30mdk.i586.rpm
aeca41b4f44f1f7ccbee306816f34259 corporate/3.0/i586/libclamav2-0.90.3-0.1.C30mdk.i586.rpm
78e8398b8f4b8663b0a0684acd6bd938 corporate/3.0/i586/libclamav2-devel-0.90.3-0.1.C30mdk.i586.rpm
3bdca91be114543785b82ff8da904c16 corporate/3.0/SRPMS/clamav-0.90.3-0.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
9d3ee2af6dbb5595bdbb1db33344bda5 corporate/3.0/x86_64/clamav-0.90.3-0.1.C30mdk.x86_64.rpm
22b70bcf86a90f84702f722a5eb5dbf1 corporate/3.0/x86_64/clamav-db-0.90.3-0.1.C30mdk.x86_64.rpm
6b9e3874400f1417318cac606a13bdec corporate/3.0/x86_64/clamav-milter-0.90.3-0.1.C30mdk.x86_64.rpm
e18e2aab82234f1d6c4441e20fea15f0 corporate/3.0/x86_64/clamd-0.90.3-0.1.C30mdk.x86_64.rpm
0deb01240f12850c04b68e1b664fbb6a corporate/3.0/x86_64/clamdmon-0.90.3-0.1.C30mdk.x86_64.rpm
e47416fc1e17beb2b99b804181272c79 corporate/3.0/x86_64/lib64clamav2-0.90.3-0.1.C30mdk.x86_64.rpm
5c90229eb99e94aa932fb33290ec555b corporate/3.0/x86_64/lib64clamav2-devel-0.90.3-0.1.C30mdk.x86_64.rpm
3bdca91be114543785b82ff8da904c16 corporate/3.0/SRPMS/clamav-0.90.3-0.1.C30mdk.src.rpm

Corporate 4.0:
a21c2b1fb87e9fffacd85820727e2ffe corporate/4.0/i586/clamav-0.90.3-0.1.20060mlcs4.i586.rpm
a7ae50da3c78dde47323fec240aa36d3 corporate/4.0/i586/clamav-db-0.90.3-0.1.20060mlcs4.i586.rpm
8ec25cea1228b0ba1bf15c9eea095de3 corporate/4.0/i586/clamav-milter-0.90.3-0.1.20060mlcs4.i586.rpm
c8dfe521c3578b1df2d1e0a2c5e71e4f corporate/4.0/i586/clamd-0.90.3-0.1.20060mlcs4.i586.rpm
32dfdd00de21829792926c8c004f3cde corporate/4.0/i586/clamdmon-0.90.3-0.1.20060mlcs4.i586.rpm
23849d5c8ab87ba99e746e4b3f28542c corporate/4.0/i586/libclamav2-0.90.3-0.1.20060mlcs4.i586.rpm
8fc0841ab5d68e340e1fbe1289b407bb corporate/4.0/i586/libclamav2-devel-0.90.3-0.1.20060mlcs4.i586.rpm
0b3f79671ad392182f4dbc810862565f corporate/4.0/SRPMS/clamav-0.90.3-0.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
8ad7c2d47152f95df1a85603bed0ed6f corporate/4.0/x86_64/clamav-0.90.3-0.1.20060mlcs4.x86_64.rpm
ee676819dcdcc147f4464892751113a6 corporate/4.0/x86_64/clamav-db-0.90.3-0.1.20060mlcs4.x86_64.rpm
4e6f85c45c5acad11628a2f6246ddd7c corporate/4.0/x86_64/clamav-milter-0.90.3-0.1.20060mlcs4.x86_64.rpm
a1fe3eb1c616bd40f0d289a1ba17969d corporate/4.0/x86_64/clamd-0.90.3-0.1.20060mlcs4.x86_64.rpm
d982b68a08dd7937518a2586ec01f0d7 corporate/4.0/x86_64/clamdmon-0.90.3-0.1.20060mlcs4.x86_64.rpm
31b0aa61a5c53209d9958b99118fbc44 corporate/4.0/x86_64/lib64clamav2-0.90.3-0.1.20060mlcs4.x86_64.rpm
dc14036a8b0862eff5db9da5f6622c87 corporate/4.0/x86_64/lib64clamav2-devel-0.90.3-0.1.20060mlcs4.x86_64.rpm
0b3f79671ad392182f4dbc810862565f corporate/4.0/SRPMS/clamav-0.90.3-0.1.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGZIvVmqjQ0CJFipgRAqKFAJ9NN5N1g9d5BVPImqTEpuNLuCWE3gCgnQZH
nA89R8r/ADEJybA3wf+crQ0=
=Y8wF
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]