Mandriva 1273 Published by

The Mandriva Security Team published a new security update: MDKSA-2005:205 - Updated clamav packages fix multiple vulnerabilities for Mandriva Linux. Here the announcement:



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2005:205
http://www.mandriva.com/security/
_______________________________________________________________________

Package : clamav
Date : November 7, 2005
Affected: 10.1, 10.2, 2006.0, Corporate 3.0
_______________________________________________________________________

Problem Description:

A number of vulnerabilities were discovered in ClamAV versions prior
to 0.87.1:

The OLE2 unpacker in clamd allows remote attackers to cause a DoS
(segfault) via a DOC file with an invalid property tree (CVE-2005-3239)

The FSG unpacker allows remote attackers to cause "memory corruption"
and execute arbitrary code via a crafted FSG 1.33 file (CVE-2005-3303)

The tnef_attachment() function allows remote attackers to cause a DoS
(infinite loop and memory exhaustion) via a crafted value in a CAB file
that causes ClamAV to repeatedly scan the same block (CVE-2005-3500)

Remote attackers could cause a DoS (infinite loop) via a crafted CAB
file (CVE-2005-3501)

This update provides ClamAV 0.87.1 which corrects all of these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3239
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3303
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3501
_______________________________________________________________________

Updated Packages:

Mandriva Linux 10.1:
2c8a8799bda10e6695bc2ee6d1f76936 10.1/RPMS/clamav-0.87.1-0.1.101mdk.i586.rpm
6e31a793ae79cb40064c52fe64c11155 10.1/RPMS/clamav-db-0.87.1-0.1.101mdk.i586.rpm
e58b5816114176f8c4ff7984e5a8295e 10.1/RPMS/clamav-milter-0.87.1-0.1.101mdk.i586.rpm
d1604de5950ed1060c327cea79060546 10.1/RPMS/clamd-0.87.1-0.1.101mdk.i586.rpm
ca64314db8e86e57ba76c1c569058122 10.1/RPMS/libclamav1-0.87.1-0.1.101mdk.i586.rpm
c99ffb5b095e8e83acd218b679435c03 10.1/RPMS/libclamav1-devel-0.87.1-0.1.101mdk.i586.rpm
ecddf8805cbae3e8f52719d97af50290 10.1/SRPMS/clamav-0.87.1-0.1.101mdk.src.rpm

Mandriva Linux 10.1/X86_64:
f8df2fa1ec1538d3c691462ece32459e x86_64/10.1/RPMS/clamav-0.87.1-0.1.101mdk.x86_64.rpm
c8d3c45be5696671b4e968d923048250 x86_64/10.1/RPMS/clamav-db-0.87.1-0.1.101mdk.x86_64.rpm
5a1d8f5bf844b9d17fc6daeac3d9980f x86_64/10.1/RPMS/clamav-milter-0.87.1-0.1.101mdk.x86_64.rpm
f29cf94d9bf5aed77fed89b62c3a31bd x86_64/10.1/RPMS/clamd-0.87.1-0.1.101mdk.x86_64.rpm
af1d5f8be95f46fee78d441a9a9ef1d5 x86_64/10.1/RPMS/lib64clamav1-0.87.1-0.1.101mdk.x86_64.rpm
f6dd47c525bfda31472aeeb130b44b04 x86_64/10.1/RPMS/lib64clamav1-devel-0.87.1-0.1.101mdk.x86_64.rpm
ecddf8805cbae3e8f52719d97af50290 x86_64/10.1/SRPMS/clamav-0.87.1-0.1.101mdk.src.rpm

Mandriva Linux 10.2:
3da7284615847be748e0ee755ab56963 10.2/RPMS/clamav-0.87.1-0.1.102mdk.i586.rpm
cbe42a738a4008a559c56e51b9a6fe47 10.2/RPMS/clamav-db-0.87.1-0.1.102mdk.i586.rpm
1778a62fe729d77234ef1c1bde7f3cd0 10.2/RPMS/clamav-milter-0.87.1-0.1.102mdk.i586.rpm
ae2d916c80f50f5386bd70e06c0b2fd2 10.2/RPMS/clamd-0.87.1-0.1.102mdk.i586.rpm
d08c87436e20faf977f1ad059bc233b4 10.2/RPMS/libclamav1-0.87.1-0.1.102mdk.i586.rpm
74ee8b845b1c7a41ccdbf1c1e04591a5 10.2/RPMS/libclamav1-devel-0.87.1-0.1.102mdk.i586.rpm
dd72cdbb564bf27c8f745b198cdbc99f 10.2/SRPMS/clamav-0.87.1-0.1.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
10de2a9bf399f3a1c93732a9ef664664 x86_64/10.2/RPMS/clamav-0.87.1-0.1.102mdk.x86_64.rpm
0c87818d634084a023584d1c7146093f x86_64/10.2/RPMS/clamav-db-0.87.1-0.1.102mdk.x86_64.rpm
9ed0aaf9bf139c11a6641b073c35aecd x86_64/10.2/RPMS/clamav-milter-0.87.1-0.1.102mdk.x86_64.rpm
3c2d858b3fb039c735cb0cc0cb109e92 x86_64/10.2/RPMS/clamd-0.87.1-0.1.102mdk.x86_64.rpm
6b9d20e975ed97fc68f812189bfb86e8 x86_64/10.2/RPMS/lib64clamav1-0.87.1-0.1.102mdk.x86_64.rpm
4515067e6c33151d6555ed217914e696 x86_64/10.2/RPMS/lib64clamav1-devel-0.87.1-0.1.102mdk.x86_64.rpm
dd72cdbb564bf27c8f745b198cdbc99f x86_64/10.2/SRPMS/clamav-0.87.1-0.1.102mdk.src.rpm

Mandriva Linux 2006.0:
64044555942d783f59191af6bb051fe6 2006.0/RPMS/clamav-0.87.1-0.1.20060mdk.i586.rpm
3b090dc5a8a700c8dd58478201041384 2006.0/RPMS/clamav-db-0.87.1-0.1.20060mdk.i586.rpm
cffbc77a4bd7fec42d4807863d7b74f0 2006.0/RPMS/clamav-milter-0.87.1-0.1.20060mdk.i586.rpm
74bfb1f658a39d3989e14879467f3f22 2006.0/RPMS/clamd-0.87.1-0.1.20060mdk.i586.rpm
9ee1b202bc72d72d2ec743a96bb6cffa 2006.0/RPMS/libclamav1-0.87.1-0.1.20060mdk.i586.rpm
3c292c33d6386278dec59b4ea79a595b 2006.0/RPMS/libclamav1-devel-0.87.1-0.1.20060mdk.i586.rpm
6df60c1704c68f55c4340ef390031a45 2006.0/SRPMS/clamav-0.87.1-0.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
180c192924ea9682c6b9038b374b6b03 x86_64/2006.0/RPMS/clamav-0.87.1-0.1.20060mdk.x86_64.rpm
0c9f263914cda45b4ca018f11f955707 x86_64/2006.0/RPMS/clamav-db-0.87.1-0.1.20060mdk.x86_64.rpm
1df55cff65a82a0cf8f2aae8382f0887 x86_64/2006.0/RPMS/clamav-milter-0.87.1-0.1.20060mdk.x86_64.rpm
17355b44d623045954ef63674a1fc0c4 x86_64/2006.0/RPMS/clamd-0.87.1-0.1.20060mdk.x86_64.rpm
e8540c821cf357e1fe11658479a6f987 x86_64/2006.0/RPMS/lib64clamav1-0.87.1-0.1.20060mdk.x86_64.rpm
af0724e8ae0a0fe5da725a5ea715a590 x86_64/2006.0/RPMS/lib64clamav1-devel-0.87.1-0.1.20060mdk.x86_64.rpm
6df60c1704c68f55c4340ef390031a45 x86_64/2006.0/SRPMS/clamav-0.87.1-0.1.20060mdk.src.rpm

Corporate 3.0:
050c7d954ed3989ad4147a88249badeb corporate/3.0/RPMS/clamav-0.87.1-0.1.C30mdk.i586.rpm
a0d523b33847321b3d4e2bcb4871b1c7 corporate/3.0/RPMS/clamav-db-0.87.1-0.1.C30mdk.i586.rpm
8aaa9765087b36666aa3278f5a46d78e corporate/3.0/RPMS/clamav-milter-0.87.1-0.1.C30mdk.i586.rpm
58c653b2328ee65d7cdf1965db708e07 corporate/3.0/RPMS/clamd-0.87.1-0.1.C30mdk.i586.rpm
ab6e8b876b55c02e6eba1c81b64992d8 corporate/3.0/RPMS/libclamav1-0.87.1-0.1.C30mdk.i586.rpm
096b42b70415f52cbce650b0a89760aa corporate/3.0/RPMS/libclamav1-devel-0.87.1-0.1.C30mdk.i586.rpm
0645c9be8c4e7d4b1ec8afea8f19d394 corporate/3.0/SRPMS/clamav-0.87.1-0.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
5d6e4bf645c047e7336b2a6d9bbf400a x86_64/corporate/3.0/RPMS/clamav-0.87.1-0.1.C30mdk.x86_64.rpm
48c8a2961fa704d6953ea5889f105921 x86_64/corporate/3.0/RPMS/clamav-db-0.87.1-0.1.C30mdk.x86_64.rpm
da4c207e3c56196d847570bb29e1832b x86_64/corporate/3.0/RPMS/clamav-milter-0.87.1-0.1.C30mdk.x86_64.rpm
b75e29b3640c7751dd33deb67738d111 x86_64/corporate/3.0/RPMS/clamd-0.87.1-0.1.C30mdk.x86_64.rpm
a792a67e4ee111a62bfbadc509c3a9e4 x86_64/corporate/3.0/RPMS/lib64clamav1-0.87.1-0.1.C30mdk.x86_64.rpm
8d332c974aa7c208de3c1eb506f57f46 x86_64/corporate/3.0/RPMS/lib64clamav1-devel-0.87.1-0.1.C30mdk.x86_64.rpm
0645c9be8c4e7d4b1ec8afea8f19d394 x86_64/corporate/3.0/SRPMS/clamav-0.87.1-0.1.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDb/avmqjQ0CJFipgRAhxaAKCljzEjvPifL9QES8uwp30UfHUQ0gCdH0nW
v7gLyAOESkJBj2VLYmfFMIw=
=Smy7
-----END PGP SIGNATURE-----