Home / vulnerabilitiesPDF  

MDVSA-2008-122.txt

Posted on 24 June 2008
Source : packetstormsecurity.org Link

 


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2008:122
http://www.mandriva.com/security/
_______________________________________________________________________

Package : clamav
Date : June 24, 2008
Affected: 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0
_______________________________________________________________________

Problem Description:

A vulnerability was discovered in ClamAV and corrected with the
0.93.1 release:

libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers
to cause a denial of service via a crafted Petite file that triggers
an out-of-bounds read. (CVE-2008-2713)

Other bugs have also been corrected in 0.93.1 which is being provided
with this update.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2713
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.1:
d6e6d5fd080ce50027ef69af38f44a50 2007.1/i586/clamav-0.93.1-1.1mdv2007.1.i586.rpm
91e412d5f2b30b49fddb09104ddf6bad 2007.1/i586/clamav-db-0.93.1-1.1mdv2007.1.i586.rpm
c396b6cced87ba57938da86a79e63469 2007.1/i586/clamav-milter-0.93.1-1.1mdv2007.1.i586.rpm
d79020b041aa6a7956348c799f0e0f8b 2007.1/i586/clamd-0.93.1-1.1mdv2007.1.i586.rpm
b4c74f702d97e569c4ac3350b5216246 2007.1/i586/libclamav4-0.93.1-1.1mdv2007.1.i586.rpm
9481877bd226e02ea263df47535d685f 2007.1/i586/libclamav-devel-0.93.1-1.1mdv2007.1.i586.rpm
bfeb68ce738cc1c44c89e2e84774a7f6 2007.1/SRPMS/clamav-0.93.1-1.1mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
dc70398b743d54094b2c9307686de01d 2007.1/x86_64/clamav-0.93.1-1.1mdv2007.1.x86_64.rpm
5860690f58edb1c7f0a78a46fbb881ed 2007.1/x86_64/clamav-db-0.93.1-1.1mdv2007.1.x86_64.rpm
a23d6ad5a58dab98d12c93e95d1fdfe9 2007.1/x86_64/clamav-milter-0.93.1-1.1mdv2007.1.x86_64.rpm
e3be58ba2ce45b05274471a177ef2c6b 2007.1/x86_64/clamd-0.93.1-1.1mdv2007.1.x86_64.rpm
0f747e4fe79afc573c739cfc4fba3604 2007.1/x86_64/lib64clamav4-0.93.1-1.1mdv2007.1.x86_64.rpm
d7e202d2f083f1a7672380486eddb63f 2007.1/x86_64/lib64clamav-devel-0.93.1-1.1mdv2007.1.x86_64.rpm
bfeb68ce738cc1c44c89e2e84774a7f6 2007.1/SRPMS/clamav-0.93.1-1.1mdv2007.1.src.rpm

Mandriva Linux 2008.0:
58ebbfd98e8a588581fe00ecb872fc27 2008.0/i586/clamav-0.93.1-1.1mdv2008.0.i586.rpm
33b0fdde3505f6a3e64790ae8d49c131 2008.0/i586/clamav-db-0.93.1-1.1mdv2008.0.i586.rpm
318c705eadeb8d0ae72fb997b1b652d9 2008.0/i586/clamav-milter-0.93.1-1.1mdv2008.0.i586.rpm
a5bcba636bc5a0abb93a6bb62f9666dc 2008.0/i586/clamd-0.93.1-1.1mdv2008.0.i586.rpm
36fe2a64f4dd63b6787587cee1d2f6d7 2008.0/i586/libclamav4-0.93.1-1.1mdv2008.0.i586.rpm
64e7f239d476d967e744ec98e8bbaaaf 2008.0/i586/libclamav-devel-0.93.1-1.1mdv2008.0.i586.rpm
31794216eeb43c8acde7f66c3c90a407 2008.0/SRPMS/clamav-0.93.1-1.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
841b6933ced6c1bcb4d8df1fe09d9e30 2008.0/x86_64/clamav-0.93.1-1.1mdv2008.0.x86_64.rpm
773e720c69159676e8187f132c447a51 2008.0/x86_64/clamav-db-0.93.1-1.1mdv2008.0.x86_64.rpm
1473b1bd46f2d266b9b426cc08c3bd11 2008.0/x86_64/clamav-milter-0.93.1-1.1mdv2008.0.x86_64.rpm
67665907f1716da0c3d4e31728d2a26d 2008.0/x86_64/clamd-0.93.1-1.1mdv2008.0.x86_64.rpm
5706994b50ed7b5703b1b455b91d1ee1 2008.0/x86_64/lib64clamav4-0.93.1-1.1mdv2008.0.x86_64.rpm
cfa7bd1e44c43ecdece379b08baa42d5 2008.0/x86_64/lib64clamav-devel-0.93.1-1.1mdv2008.0.x86_64.rpm
31794216eeb43c8acde7f66c3c90a407 2008.0/SRPMS/clamav-0.93.1-1.1mdv2008.0.src.rpm

Mandriva Linux 2008.1:
bfb1edc3b761c6d630fb1e4bc5a21684 2008.1/i586/clamav-0.93.1-1.1mdv2008.1.i586.rpm
0b2bde219f099d8ee612b6ba3578b729 2008.1/i586/clamav-db-0.93.1-1.1mdv2008.1.i586.rpm
c7a28b464db932b55ee6ea2b37ffa801 2008.1/i586/clamav-milter-0.93.1-1.1mdv2008.1.i586.rpm
f5516462a89259bb2720872cbff8a773 2008.1/i586/clamd-0.93.1-1.1mdv2008.1.i586.rpm
4075f7b927cc5a2782170fa189d4061c 2008.1/i586/libclamav4-0.93.1-1.1mdv2008.1.i586.rpm
b2cac58aa4c6fa30f51f253a1d76d73c 2008.1/i586/libclamav-devel-0.93.1-1.1mdv2008.1.i586.rpm
bbcef70312d273a5d64396f547a1b267 2008.1/SRPMS/clamav-0.93.1-1.1mdv2008.1.src.rpm

Mandriva Linux 2008.1/X86_64:
25954d96b34972f1eff9f8d5d6131070 2008.1/x86_64/clamav-0.93.1-1.1mdv2008.1.x86_64.rpm
7f80d7579e298971e218a2b7c55fadd1 2008.1/x86_64/clamav-db-0.93.1-1.1mdv2008.1.x86_64.rpm
d7b71a1ac5d4776175f54085843e86ff 2008.1/x86_64/clamav-milter-0.93.1-1.1mdv2008.1.x86_64.rpm
417cc63a86c768f3746c61c6ac2ec756 2008.1/x86_64/clamd-0.93.1-1.1mdv2008.1.x86_64.rpm
897c52373d843fd8d6913b190008755d 2008.1/x86_64/lib64clamav4-0.93.1-1.1mdv2008.1.x86_64.rpm
53498a5bcac565ef5bde747fb777a02f 2008.1/x86_64/lib64clamav-devel-0.93.1-1.1mdv2008.1.x86_64.rpm
bbcef70312d273a5d64396f547a1b267 2008.1/SRPMS/clamav-0.93.1-1.1mdv2008.1.src.rpm

Corporate 3.0:
f0dba56ce30fe45c3182fef7aabeb78a corporate/3.0/i586/clamav-0.93.1-0.1.C30mdk.i586.rpm
b2b6b6e8115fb26f1dcbf5d91c964c43 corporate/3.0/i586/clamav-db-0.93.1-0.1.C30mdk.i586.rpm
8d9abd25a8a10f1a997371773643baae corporate/3.0/i586/clamav-milter-0.93.1-0.1.C30mdk.i586.rpm
19180f2835b6fc0d45bc141a71c16f5e corporate/3.0/i586/clamd-0.93.1-0.1.C30mdk.i586.rpm
f5fd464df26d56eef9871e389e303961 corporate/3.0/i586/libclamav4-0.93.1-0.1.C30mdk.i586.rpm
45018ae43f0ae03f792c92ff9a461063 corporate/3.0/i586/libclamav-devel-0.93.1-0.1.C30mdk.i586.rpm
c04af720f4cd7977ce56fd8df74aa760 corporate/3.0/SRPMS/clamav-0.93.1-0.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
7c90dbfd62be67c5b80a66851c850115 corporate/3.0/x86_64/clamav-0.93.1-0.1.C30mdk.x86_64.rpm
9de87454215778b01cf19d28c7f12455 corporate/3.0/x86_64/clamav-db-0.93.1-0.1.C30mdk.x86_64.rpm
44fa657f08f4002c57a6e285a707fe9a corporate/3.0/x86_64/clamav-milter-0.93.1-0.1.C30mdk.x86_64.rpm
dc400142582e2a71c457b5ebc0910d7d corporate/3.0/x86_64/clamd-0.93.1-0.1.C30mdk.x86_64.rpm
6b1b886bc76a5d74bbce14b940cfc041 corporate/3.0/x86_64/lib64clamav4-0.93.1-0.1.C30mdk.x86_64.rpm
38209d7e42fee1ed11b546d3051e9469 corporate/3.0/x86_64/lib64clamav-devel-0.93.1-0.1.C30mdk.x86_64.rpm
c04af720f4cd7977ce56fd8df74aa760 corporate/3.0/SRPMS/clamav-0.93.1-0.1.C30mdk.src.rpm

Corporate 4.0:
60f05b344ae9cce445e0dca85ab2c81e corporate/4.0/i586/clamav-0.93.1-0.1.20060mlcs4.i586.rpm
bf703aa241b7f4b6bb6d8c7c3ebe3ea1 corporate/4.0/i586/clamav-db-0.93.1-0.1.20060mlcs4.i586.rpm
380accf13269177a90345c43f5747493 corporate/4.0/i586/clamav-milter-0.93.1-0.1.20060mlcs4.i586.rpm
f07c62afc0fae6bef7b70c1a8ff41bff corporate/4.0/i586/clamd-0.93.1-0.1.20060mlcs4.i586.rpm
c320f5224c4c58a7cbc4e089c6ccd23c corporate/4.0/i586/libclamav4-0.93.1-0.1.20060mlcs4.i586.rpm
85bf45fcda26e4604c805dda06525949 corporate/4.0/i586/libclamav-devel-0.93.1-0.1.20060mlcs4.i586.rpm
4aed1ebe1a76e5ab5b82f7a473089f16 corporate/4.0/SRPMS/clamav-0.93.1-0.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
4ec940e0deecd0ee8e1d40e6e3677f7e corporate/4.0/x86_64/clamav-0.93.1-0.1.20060mlcs4.x86_64.rpm
93b41555ee924c7d121e2c1bf45cd197 corporate/4.0/x86_64/clamav-db-0.93.1-0.1.20060mlcs4.x86_64.rpm
704f979eb6e9685ea75e3b4f68006cd9 corporate/4.0/x86_64/clamav-milter-0.93.1-0.1.20060mlcs4.x86_64.rpm
6d77b053863261b147cfbba7a769cedc corporate/4.0/x86_64/clamd-0.93.1-0.1.20060mlcs4.x86_64.rpm
6920e123961a36b004938ba3356a3875 corporate/4.0/x86_64/lib64clamav4-0.93.1-0.1.20060mlcs4.x86_64.rpm
a63edc2a6f9e36bdfb372baa0c2eab99 corporate/4.0/x86_64/lib64clamav-devel-0.93.1-0.1.20060mlcs4.x86_64.rpm
4aed1ebe1a76e5ab5b82f7a473089f16 corporate/4.0/SRPMS/clamav-0.93.1-0.1.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIYRxRmqjQ0CJFipgRAu/IAJ0dVKtK+0T0C9izy9ZwAoNNqnqm0QCeL0Yz
+ycX4AzT0q2FQrJAj70RJbU=
=/9gL
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

 

TOP