MDKSA-2005:113 - Updated clamav packages fix vulnerability
From: Mandriva Security Team <security@mandriva.com.>
To: [email protected]
Subject: MDKSA-2005:113 - Updated clamav packages fix vulnerability
Message-Id: <E1DsAO0-00054i-83@mercury.mandriva.com.>
Sender: QATeam User <qateam@mercury.mandriva.com.>
Date: Mon, 11 Jul 2005 20:20:40 -0600
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: clamav
Advisory ID: MDKSA-2005:113
Date: July 11th, 2005
Affected versions: 10.1, 10.2, Corporate 3.0
______________________________________________________________________
Problem Description:
Andrew Toller and Stefan Kanthak discovered that a flaw in libmspack's
Quantum archive decompressor renders Clam AntiVirus vulnerable to a
Denial of Service attack.
The updated packages have been patched to correct the problem.
_______________________________________________________________________
References:
http://sourceforge.net/project/shownotes.php?release_id=337279
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.1:
d1a61855ca50e53018e5c65ef380d8dd 10.1/RPMS/clamav-0.81-0.3.101mdk.i586.rpm
4a73d4428b1c8288192e1880882114f1 10.1/RPMS/clamav-db-0.81-0.3.101mdk.i586.rpm
ead89b02938223716b68ce51047fd193 10.1/RPMS/clamav-milter-0.81-0.3.101mdk.i586.rpm
69ab5c876524188f382cb7649949ebcf 10.1/RPMS/clamd-0.81-0.3.101mdk.i586.rpm
f682ad9ceaab4b22deacce071f685dd7 10.1/RPMS/libclamav1-0.81-0.3.101mdk.i586.rpm
f74afc4b092506d942bc1c33e978143a 10.1/RPMS/libclamav1-devel-0.81-0.3.101mdk.i586.rpm
5427d070911966721a7a74e43d5115d1 10.1/SRPMS/clamav-0.81-0.3.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
cef11c2c75f3d931e2fef9018895e410 x86_64/10.1/RPMS/clamav-0.81-0.3.101mdk.x86_64.rpm
097aa32fc592727a5355872a91f2e53e x86_64/10.1/RPMS/clamav-db-0.81-0.3.101mdk.x86_64.rpm
e205ca0a534f2ca20afee6c311c927f2 x86_64/10.1/RPMS/clamav-milter-0.81-0.3.101mdk.x86_64.rpm
dd5e7b49cc8b442b3ce9285b3b065217 x86_64/10.1/RPMS/clamd-0.81-0.3.101mdk.x86_64.rpm
1c5d18841912089a2c0788103c81fd47 x86_64/10.1/RPMS/lib64clamav1-0.81-0.3.101mdk.x86_64.rpm
b4ed80c808515aa78c5b64a90badc208 x86_64/10.1/RPMS/lib64clamav1-devel-0.81-0.3.101mdk.x86_64.rpm
5427d070911966721a7a74e43d5115d1 x86_64/10.1/SRPMS/clamav-0.81-0.3.101mdk.src.rpm
Mandrakelinux 10.2:
40ebaed7490c8c4609d175898a4524a5 10.2/RPMS/clamav-0.83-6.1.102mdk.i586.rpm
ecba8225d04b3d56b367cd12d1b18041 10.2/RPMS/clamav-db-0.83-6.1.102mdk.i586.rpm
4c3f83da2c21d5b438fa87c2fc9c2510 10.2/RPMS/clamav-milter-0.83-6.1.102mdk.i586.rpm
9af96c3025518c85b71382ade35b34c2 10.2/RPMS/clamd-0.83-6.1.102mdk.i586.rpm
617a8776560de95a5feebdb18beb2f74 10.2/RPMS/libclamav1-0.83-6.1.102mdk.i586.rpm
bb629f7ef414de49be3bf2fff4fdd949 10.2/RPMS/libclamav1-devel-0.83-6.1.102mdk.i586.rpm
c1aa9d888990112d8db675a67d65d612 10.2/SRPMS/clamav-0.83-6.1.102mdk.src.rpm
Mandrakelinux 10.2/X86_64:
73b4b991f4b44ff648f4f9730608988c x86_64/10.2/RPMS/clamav-0.83-6.1.102mdk.x86_64.rpm
78da41faaaf4a67ecebb2155d20681b8 x86_64/10.2/RPMS/clamav-db-0.83-6.1.102mdk.x86_64.rpm
104687d7dcd6258e5737e90c6814a0c0 x86_64/10.2/RPMS/clamav-milter-0.83-6.1.102mdk.x86_64.rpm
afc85c501b6a9aed7f967ed35f2e4540 x86_64/10.2/RPMS/clamd-0.83-6.1.102mdk.x86_64.rpm
9f831708f8a44ccba75bd0cafc926e0d x86_64/10.2/RPMS/lib64clamav1-0.83-6.1.102mdk.x86_64.rpm
f76da72a62e0d94451c5bcfdd4a5ff56 x86_64/10.2/RPMS/lib64clamav1-devel-0.83-6.1.102mdk.x86_64.rpm
c1aa9d888990112d8db675a67d65d612 x86_64/10.2/SRPMS/clamav-0.83-6.1.102mdk.src.rpm
Corporate 3.0:
154457f3913dc4bfcd349e8d7f3d9ed1 corporate/3.0/RPMS/clamav-0.81-0.3.C30mdk.i586.rpm
aa6d83e73d03464aee591658721017db corporate/3.0/RPMS/clamav-db-0.81-0.3.C30mdk.i586.rpm
79ffb7195506c5b0914e10dda8eac35a corporate/3.0/RPMS/clamav-milter-0.81-0.3.C30mdk.i586.rpm
1232f43b5272369f1c11ed6c4c173091 corporate/3.0/RPMS/clamd-0.81-0.3.C30mdk.i586.rpm
05d298da13d32180fcc1c20344b5b8d1 corporate/3.0/RPMS/libclamav1-0.81-0.3.C30mdk.i586.rpm
f7035cc164562e19743d7be91d6d1a43 corporate/3.0/RPMS/libclamav1-devel-0.81-0.3.C30mdk.i586.rpm
86bc352ab413fa6232a997d57adf1d1d corporate/3.0/SRPMS/clamav-0.81-0.3.C30mdk.src.rpm
Corporate 3.0/X86_64:
934b40e521ea1419a9ff4d886feddbf7 x86_64/corporate/3.0/RPMS/clamav-0.81-0.3.C30mdk.x86_64.rpm
3e133b0bbe1135ef2e3e8092b1a2b499 x86_64/corporate/3.0/RPMS/clamav-db-0.81-0.3.C30mdk.x86_64.rpm
c8a51fa7450234d845e5b278b13e1eb7 x86_64/corporate/3.0/RPMS/clamav-milter-0.81-0.3.C30mdk.x86_64.rpm
dc4500f7c4b0bf29d8cb9ca41688965c x86_64/corporate/3.0/RPMS/clamd-0.81-0.3.C30mdk.x86_64.rpm
d1e99a1f9accbfc1702c0c3dc1a8dd4c x86_64/corporate/3.0/RPMS/lib64clamav1-0.81-0.3.C30mdk.x86_64.rpm
050a0ee0bf1511f62e59b2f42893c580 x86_64/corporate/3.0/RPMS/lib64clamav1-devel-0.81-0.3.C30mdk.x86_64.rpm
86bc352ab413fa6232a997d57adf1d1d x86_64/corporate/3.0/SRPMS/clamav-0.81-0.3.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFC0yj4mqjQ0CJFipgRAsQJAJ48ZmIrft5xWvKAPpTW9s4nQosTdACgxCvo
WE7YDPVHivWiOHBM/N9SI4Q=
=zQDg
-----END PGP SIGNATURE-----