To: [email protected]Subject: [ MDVSA-2008:239 ] clamav
Date: Fri, 05 Dec 2008 19:42:00 -0700
From: [email protected]
Reply-To: <xsecurity@mandriva.com.>
Message-Id: <E1L8n7I-0004as-5J@titan.mandriva.com.>
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2008:239
http://www.mandriva.com/security/
_______________________________________________________________________
Package : clamav
Date : December 5, 2008
Affected: 2008.0, 2008.1, 2009.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
Ilja van Sprundel found that ClamAV contained a denial of service
vulnerability in how it handled processing JPEG files, due to it
not limiting the recursion depth when processing JPEG thumbnails
(CVE-2008-5314).
Other bugs have also been corrected in 0.94.2 which is being provided
with this update.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5314
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
76beab75d863d50bba121d855c9b438b 2008.0/i586/clamav-0.94.2-1.1mdv2008.0.i586.rpm
4fd30d06eaae9dd3485d1029b785b5d1 2008.0/i586/clamav-db-0.94.2-1.1mdv2008.0.i586.rpm
3293ae92542961c7aff1270321e42c64 2008.0/i586/clamd-0.94.2-1.1mdv2008.0.i586.rpm
edf97df009a6670637d9259e93e8fa4d 2008.0/i586/libclamav5-0.94.2-1.1mdv2008.0.i586.rpm
a6c8e64a377e3cffe859fa1b9c369ccf 2008.0/i586/libclamav-devel-0.94.2-1.1mdv2008.0.i586.rpm
ad2a6c0a833e798109f7dafefe845c6b 2008.0/SRPMS/clamav-0.94.2-1.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
9be0855b803f6772371c94e613e609cc 2008.0/x86_64/clamav-0.94.2-1.1mdv2008.0.x86_64.rpm
d61d7b9cdc5418209da894c1d557dc2f 2008.0/x86_64/clamav-db-0.94.2-1.1mdv2008.0.x86_64.rpm
51fd1abb8528865ff3930dfbc497293f 2008.0/x86_64/clamd-0.94.2-1.1mdv2008.0.x86_64.rpm
024a6a575ca469dc3f3044e50ff82611 2008.0/x86_64/lib64clamav5-0.94.2-1.1mdv2008.0.x86_64.rpm
986d1b076adf3bed18a37fb7ffbb938b 2008.0/x86_64/lib64clamav-devel-0.94.2-1.1mdv2008.0.x86_64.rpm
ad2a6c0a833e798109f7dafefe845c6b 2008.0/SRPMS/clamav-0.94.2-1.1mdv2008.0.src.rpm
Mandriva Linux 2008.1:
cc37662a9b26623fbacdd49f6bd552f1 2008.1/i586/clamav-0.94.2-1.1mdv2008.1.i586.rpm
447c0735aa918d5c8ba9dc603a830e84 2008.1/i586/clamav-db-0.94.2-1.1mdv2008.1.i586.rpm
612c1311f2ec78ea72a821fcb5f69e9e 2008.1/i586/clamd-0.94.2-1.1mdv2008.1.i586.rpm
d1cda95e0b38da35f601a21adf8a83ea 2008.1/i586/libclamav5-0.94.2-1.1mdv2008.1.i586.rpm
e6debecc5127af9c9b6a1ce1b6856a14 2008.1/i586/libclamav-devel-0.94.2-1.1mdv2008.1.i586.rpm
4a85173474e49d304c0055cc4f9a50ee 2008.1/SRPMS/clamav-0.94.2-1.1mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
666d401ee9a3e5386c39dae18b706736 2008.1/x86_64/clamav-0.94.2-1.1mdv2008.1.x86_64.rpm
f1e7e07f56c9ffa8671adc066ecd88d9 2008.1/x86_64/clamav-db-0.94.2-1.1mdv2008.1.x86_64.rpm
68831cc7365c47c630df5edb1838206d 2008.1/x86_64/clamd-0.94.2-1.1mdv2008.1.x86_64.rpm
23a274e8c5f558ae53a306bd00fee12e 2008.1/x86_64/lib64clamav5-0.94.2-1.1mdv2008.1.x86_64.rpm
79196d7b4f6c0e7df71d2d6430be21ab 2008.1/x86_64/lib64clamav-devel-0.94.2-1.1mdv2008.1.x86_64.rpm
4a85173474e49d304c0055cc4f9a50ee 2008.1/SRPMS/clamav-0.94.2-1.1mdv2008.1.src.rpm
Mandriva Linux 2009.0:
e3bb00e5435ee0bc4e3ba34377cee784 2009.0/i586/clamav-0.94.2-1.1mdv2009.0.i586.rpm
a2cd7d757a336f34058a55098dc600e8 2009.0/i586/clamav-db-0.94.2-1.1mdv2009.0.i586.rpm
6904d7d8f7a35d2a65a4cfe40ef48bfa 2009.0/i586/clamd-0.94.2-1.1mdv2009.0.i586.rpm
36c1e37a32f65cb96d24fd8b0db5f7e5 2009.0/i586/libclamav5-0.94.2-1.1mdv2009.0.i586.rpm
f4f89d2acb7237ba6135ba54dccacaf9 2009.0/i586/libclamav-devel-0.94.2-1.1mdv2009.0.i586.rpm
d9954bb8eac45821b9f13e655fb7839e 2009.0/SRPMS/clamav-0.94.2-1.1mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
2355d0d75b0199682e71657db724e295 2009.0/x86_64/clamav-0.94.2-1.1mdv2009.0.x86_64.rpm
3432b677b2a72802432cc96d92014f5b 2009.0/x86_64/clamav-db-0.94.2-1.1mdv2009.0.x86_64.rpm
7bebc82ca05fecdc1768892dbd812c17 2009.0/x86_64/clamd-0.94.2-1.1mdv2009.0.x86_64.rpm
ba9fdd676bb4ce545072a14e8e96f86c 2009.0/x86_64/lib64clamav5-0.94.2-1.1mdv2009.0.x86_64.rpm
6e1c88a5a086126ea6df74fa0642e45f 2009.0/x86_64/lib64clamav-devel-0.94.2-1.1mdv2009.0.x86_64.rpm
d9954bb8eac45821b9f13e655fb7839e 2009.0/SRPMS/clamav-0.94.2-1.1mdv2009.0.src.rpm
Corporate 3.0:
0de774b0b919eaf9269bff1f9dbcc502 corporate/3.0/i586/clamav-0.94.2-0.1.C30mdk.i586.rpm
79b305aa810908fa3e30b32a9ddc0a9a corporate/3.0/i586/clamav-db-0.94.2-0.1.C30mdk.i586.rpm
bcb7357561fb229201fa415dbbe1ba10 corporate/3.0/i586/clamd-0.94.2-0.1.C30mdk.i586.rpm
a889cd1fa54443ed7f84b03a599b5dd7 corporate/3.0/i586/libclamav5-0.94.2-0.1.C30mdk.i586.rpm
04895e0ca3f5f112562b3352bdd4e522 corporate/3.0/i586/libclamav-devel-0.94.2-0.1.C30mdk.i586.rpm
a307df060dcaa0c7d93c7cbd9f58e842 corporate/3.0/SRPMS/clamav-0.94.2-0.1.C30mdk.src.rpm
Corporate 3.0/X86_64:
a56708d3e7bf8c6111a1f1b4b44d2571 corporate/3.0/x86_64/clamav-0.94.2-0.1.C30mdk.x86_64.rpm
095bd1aa2b2295d555ca13c36f5778b4 corporate/3.0/x86_64/clamav-db-0.94.2-0.1.C30mdk.x86_64.rpm
0c80591bfdccc63fe3818583b5fcb829 corporate/3.0/x86_64/clamd-0.94.2-0.1.C30mdk.x86_64.rpm
1311da34900cd15ce38c14ff16b2c0dc corporate/3.0/x86_64/lib64clamav5-0.94.2-0.1.C30mdk.x86_64.rpm
fe66fd2f698a27b014b1c68e2bd019d8 corporate/3.0/x86_64/lib64clamav-devel-0.94.2-0.1.C30mdk.x86_64.rpm
a307df060dcaa0c7d93c7cbd9f58e842 corporate/3.0/SRPMS/clamav-0.94.2-0.1.C30mdk.src.rpm
Corporate 4.0:
392911d388217b1d55cf31a7bb2586ab corporate/4.0/i586/clamav-0.94.2-0.1.20060mlcs4.i586.rpm
77d8232d30d440220faf79d979fae533 corporate/4.0/i586/clamav-db-0.94.2-0.1.20060mlcs4.i586.rpm
866326eaf820b549877f2c3126cdf2ba corporate/4.0/i586/clamd-0.94.2-0.1.20060mlcs4.i586.rpm
f2ba2c12b43ec1979424cddf8bb6c475 corporate/4.0/i586/libclamav5-0.94.2-0.1.20060mlcs4.i586.rpm
6557632e03d2a4863326b49404dbdcd7 corporate/4.0/i586/libclamav-devel-0.94.2-0.1.20060mlcs4.i586.rpm
54d43f922df6e0ece09ec3c3ece7364a corporate/4.0/SRPMS/clamav-0.94.2-0.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
72f5f30c460683914b27d257e2125688 corporate/4.0/x86_64/clamav-0.94.2-0.1.20060mlcs4.x86_64.rpm
169f086d64243420757efd885c931a99 corporate/4.0/x86_64/clamav-db-0.94.2-0.1.20060mlcs4.x86_64.rpm
cd2ac76205e5a866a0083a8aa741a052 corporate/4.0/x86_64/clamd-0.94.2-0.1.20060mlcs4.x86_64.rpm
5b2ec74d5d3b07f0546d7e4c76072bb4 corporate/4.0/x86_64/lib64clamav5-0.94.2-0.1.20060mlcs4.x86_64.rpm
c506b06df4cb84b77d626525d5c05025 corporate/4.0/x86_64/lib64clamav-devel-0.94.2-0.1.20060mlcs4.x86_64.rpm
54d43f922df6e0ece09ec3c3ece7364a corporate/4.0/SRPMS/clamav-0.94.2-0.1.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJObfTmqjQ0CJFipgRAtM0AKCJYtlHyOIaSKU/vTnqy6euklannwCg4o9r
kxD6kNYfUfrH+9OQcCbhks0=
=HAZR
-----END PGP SIGNATURE-----