From: Mandriva Security Team <security@mandriva.com.>
To: [email protected]Subject: MDKSA-2005:125 - Updated clamav packages fix more vulnerabilities
Message-Id: <E1DxwJG-0003wZ-Tg@mercury.mandriva.com.>
Sender: QATeam User <qateam@mercury.mandriva.com.>
Date: Wed, 27 Jul 2005 18:31:38 -0600
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: clamav
Advisory ID: MDKSA-2005:125
Date: July 27th, 2005
Affected versions: 10.1, 10.2, Corporate 3.0
______________________________________________________________________
Problem Description:
Neel Mehta and Alex Wheeler discovered integer overflow vulnerabilites
in Clam AntiVirus when handling the TNEF, CHM, and FSG file formats.
By sending a specially-crafted file, an attacker could execute
arbitrary code with the permissions of the user running Clam AV.
This update provides clamav 0.86.2 which is not vulnerable to these
issues.
_______________________________________________________________________
References:
http://sourceforge.net/project/shownotes.php?release_id=344514
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.1:
3aff45c0ae423b192f01753464b6cfbc 10.1/RPMS/clamav-0.86.2-0.1.101mdk.i586.rpm
0d299b50297ac175acdb7531f84f55ab 10.1/RPMS/clamav-db-0.86.2-0.1.101mdk.i586.rpm
dffea206daadeab2d90a8b68ca4f7fea 10.1/RPMS/clamav-milter-0.86.2-0.1.101mdk.i586.rpm
f3f09c0d2d575b3156cf323ffbbb94db 10.1/RPMS/clamd-0.86.2-0.1.101mdk.i586.rpm
d1b9984b610cce82fcab6d9c4c5a97ca 10.1/RPMS/libclamav1-0.86.2-0.1.101mdk.i586.rpm
46b3844d26743b67e9496052933d705f 10.1/RPMS/libclamav1-devel-0.86.2-0.1.101mdk.i586.rpm
c42e349d54742b783c3003557e3c30cb 10.1/SRPMS/clamav-0.86.2-0.1.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
a423b14654e6942ab17739990dcfae6e x86_64/10.1/RPMS/clamav-0.86.2-0.1.101mdk.x86_64.rpm
aa1b3a15c662321fe2991e1aeeaae68a x86_64/10.1/RPMS/clamav-db-0.86.2-0.1.101mdk.x86_64.rpm
01b1199b3ba12d6feaa5ff1d921fe0e7 x86_64/10.1/RPMS/clamav-milter-0.86.2-0.1.101mdk.x86_64.rpm
60a72c063eab410c282e8ee9d0a362fe x86_64/10.1/RPMS/clamd-0.86.2-0.1.101mdk.x86_64.rpm
02acc55a71e3af52323b8aa340f5521f x86_64/10.1/RPMS/lib64clamav1-0.86.2-0.1.101mdk.x86_64.rpm
9f24abc7804efab4b00799745983e3f1 x86_64/10.1/RPMS/lib64clamav1-devel-0.86.2-0.1.101mdk.x86_64.rpm
c42e349d54742b783c3003557e3c30cb x86_64/10.1/SRPMS/clamav-0.86.2-0.1.101mdk.src.rpm
Mandrakelinux 10.2:
5547710e07946868106e106ef69db7be 10.2/RPMS/clamav-0.86.2-0.1.102mdk.i586.rpm
5ef48f506ceeae734d446482cc301474 10.2/RPMS/clamav-db-0.86.2-0.1.102mdk.i586.rpm
4f64fcc53200e73828959577eafe7035 10.2/RPMS/clamav-milter-0.86.2-0.1.102mdk.i586.rpm
6a7a2f0e4d02ea303617351af05a5770 10.2/RPMS/clamd-0.86.2-0.1.102mdk.i586.rpm
956ecafdf4be2be4da8e9f2f0ea7d9c3 10.2/RPMS/libclamav1-0.86.2-0.1.102mdk.i586.rpm
b51aec4894ad6d5a950188bc5ec7a8c3 10.2/RPMS/libclamav1-devel-0.86.2-0.1.102mdk.i586.rpm
be8dccab0884da69dd52c62abbab35fd 10.2/SRPMS/clamav-0.86.2-0.1.102mdk.src.rpm
Mandrakelinux 10.2/X86_64:
7b22b558e2e0e48cb3f8e137c74982b8 x86_64/10.2/RPMS/clamav-0.86.2-0.1.102mdk.x86_64.rpm
3e0f6b63b114ffeb10b5f2ac2e5be66f x86_64/10.2/RPMS/clamav-db-0.86.2-0.1.102mdk.x86_64.rpm
4a68fe06f2c665135d979a2d385079ab x86_64/10.2/RPMS/clamav-milter-0.86.2-0.1.102mdk.x86_64.rpm
1b580f573bf00a934c7a7702815776e8 x86_64/10.2/RPMS/clamd-0.86.2-0.1.102mdk.x86_64.rpm
6a30cc951870872319cd85ae597859f1 x86_64/10.2/RPMS/lib64clamav1-0.86.2-0.1.102mdk.x86_64.rpm
7ecb12fa41abe3154ab70bdeb19e07c2 x86_64/10.2/RPMS/lib64clamav1-devel-0.86.2-0.1.102mdk.x86_64.rpm
be8dccab0884da69dd52c62abbab35fd x86_64/10.2/SRPMS/clamav-0.86.2-0.1.102mdk.src.rpm
Corporate 3.0:
6f0a3bb18f7d61a16417a98fa69cdacb corporate/3.0/RPMS/clamav-0.86.2-0.1.C30mdk.i586.rpm
69588b59e762b1d03ac5a3cf9dbfa8b0 corporate/3.0/RPMS/clamav-db-0.86.2-0.1.C30mdk.i586.rpm
1eafaa2b6137d98c8cf194f2f58bc3d0 corporate/3.0/RPMS/clamav-milter-0.86.2-0.1.C30mdk.i586.rpm
3a267af54b0eeabd001c3451986ed15c corporate/3.0/RPMS/clamd-0.86.2-0.1.C30mdk.i586.rpm
1f76c41366fc33e3af89dd78accb1274 corporate/3.0/RPMS/libclamav1-0.86.2-0.1.C30mdk.i586.rpm
4bde87b4bcbf9d10930ad0e2eaba4098 corporate/3.0/RPMS/libclamav1-devel-0.86.2-0.1.C30mdk.i586.rpm
55acc738815c806b4432771588499a8e corporate/3.0/SRPMS/clamav-0.86.2-0.1.C30mdk.src.rpm
Corporate 3.0/X86_64:
a22408fe6beb9b8bda8ff23afe644192 x86_64/corporate/3.0/RPMS/clamav-0.86.2-0.1.C30mdk.x86_64.rpm
8b4166f392d03770be85d515ed3ba380 x86_64/corporate/3.0/RPMS/clamav-db-0.86.2-0.1.C30mdk.x86_64.rpm
2521821041564175cea3baf9f7b87694 x86_64/corporate/3.0/RPMS/clamav-milter-0.86.2-0.1.C30mdk.x86_64.rpm
fd479aa012e2fd92b18cdf57adaba9e6 x86_64/corporate/3.0/RPMS/clamd-0.86.2-0.1.C30mdk.x86_64.rpm
4bdf0fa5cb4e8cb179038fd35340ca14 x86_64/corporate/3.0/RPMS/lib64clamav1-0.86.2-0.1.C30mdk.x86_64.rpm
d7141c38c4c01ce2fd9c7a7f361bca72 x86_64/corporate/3.0/RPMS/lib64clamav1-devel-0.86.2-0.1.C30mdk.x86_64.rpm
55acc738815c806b4432771588499a8e x86_64/corporate/3.0/SRPMS/clamav-0.86.2-0.1.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFC6CdqmqjQ0CJFipgRAtdvAKDjWIZoDFM7vgBBirtrKzZ5gtav+QCgrhDY
0XoqT2+UgWbVLQ3tVwSKS8U=
=9Qeu
-----END PGP SIGNATURE-----