-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2006:067 http://www.mandriva.com/security/ _______________________________________________________________________ Package : clamav Date : April 7, 2006 Affected: 10.2, 2006.0, Corporate 3.0 _______________________________________________________________________ Problem Description: Damian Put discovered an integer overflow in the PE header parser in ClamAV that could be exploited if the ArchiveMaxFileSize option was disabled (CVE-2006-1614). Format strings in the logging code could possibly lead to the execution of arbitrary code (CVE-2006-1615). David Luyer found that ClamAV could be tricked into an invalid memory access in the cli_bitset_set() function, which could lead to a Denial of Service (CVE-2006-1630). This update provides ClamAV 0.88.1 which corrects this issue and also fixes some other bugs. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1614 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1615 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1630 _______________________________________________________________________ Updated Packages: Mandriva Linux 10.2: 78af90cdd26037ecc4753cc223ef1b46 10.2/RPMS/clamav-0.88.1-0.1.102mdk.i586.rpm 386742ea0d3fa49e7d4116c883632c40 10.2/RPMS/clamav-db-0.88.1-0.1.102mdk.i586.rpm 162bac111e036526638c9556404f84ef 10.2/RPMS/clamav-milter-0.88.1-0.1.102mdk.i586.rpm 790cae6bca4f206d0d41ccdc9aab4172 10.2/RPMS/clamd-0.88.1-0.1.102mdk.i586.rpm f4ec987f6de8dbe0fa0a370a8513576c 10.2/RPMS/libclamav1-0.88.1-0.1.102mdk.i586.rpm 4cf47fde81840efb4c17e24181587fad 10.2/RPMS/libclamav1-devel-0.88.1-0.1.102mdk.i586.rpm 4ae4f91cb63670f018c84644685708d1 10.2/SRPMS/clamav-0.88.1-0.1.102mdk.src.rpm Mandriva Linux 10.2/X86_64: d67ab22811cc7329d889fd2953ff98e4 x86_64/10.2/RPMS/clamav-0.88.1-0.1.102mdk.x86_64.rpm 1750f5d9e63d9e37a170114cee64fe7f x86_64/10.2/RPMS/clamav-db-0.88.1-0.1.102mdk.x86_64.rpm 28310e3fb5eba18cb1312591ee94b747 x86_64/10.2/RPMS/clamav-milter-0.88.1-0.1.102mdk.x86_64.rpm afa8503930c109873deb561d0bf19637 x86_64/10.2/RPMS/clamd-0.88.1-0.1.102mdk.x86_64.rpm 90b6e2108b96abc940309dbdf277c15b x86_64/10.2/RPMS/lib64clamav1-0.88.1-0.1.102mdk.x86_64.rpm 53b7e0d8aa707a2679121c1ee3e3a68d x86_64/10.2/RPMS/lib64clamav1-devel-0.88.1-0.1.102mdk.x86_64.rpm 4ae4f91cb63670f018c84644685708d1 x86_64/10.2/SRPMS/clamav-0.88.1-0.1.102mdk.src.rpm Mandriva Linux 2006.0: 604deb9acc669892e83889e21003da72 2006.0/RPMS/clamav-0.88.1-0.1.20060mdk.i586.rpm 130c0cd5592f794dff01c816da87a22c 2006.0/RPMS/clamav-db-0.88.1-0.1.20060mdk.i586.rpm c70b05eb926c8de70e8c61404ffe878d 2006.0/RPMS/clamav-milter-0.88.1-0.1.20060mdk.i586.rpm 744662b01972ca7d4e8cf319778f5e70 2006.0/RPMS/clamd-0.88.1-0.1.20060mdk.i586.rpm b33e83e43cf31b1cf8b01d4ae0140cb6 2006.0/RPMS/libclamav1-0.88.1-0.1.20060mdk.i586.rpm 494e3c588012bb49c7539379a1ed7d04 2006.0/RPMS/libclamav1-devel-0.88.1-0.1.20060mdk.i586.rpm ee0dad2e6693a49018772d523b31caf7 2006.0/SRPMS/clamav-0.88.1-0.1.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 9ed21b8dfaf3cc0e97642c01a60cb77e x86_64/2006.0/RPMS/clamav-0.88.1-0.1.20060mdk.x86_64.rpm 6c9774f949aa4d6543fe73465fa18fd3 x86_64/2006.0/RPMS/clamav-db-0.88.1-0.1.20060mdk.x86_64.rpm 7da7ff8ca78611296e2a9deeb13f3c21 x86_64/2006.0/RPMS/clamav-milter-0.88.1-0.1.20060mdk.x86_64.rpm 0cdd6ea74f17fb4179d86005a0ee74a0 x86_64/2006.0/RPMS/clamd-0.88.1-0.1.20060mdk.x86_64.rpm e029708922271f57d28fb04fbfbc670e x86_64/2006.0/RPMS/lib64clamav1-0.88.1-0.1.20060mdk.x86_64.rpm 0c6075c66b0fc5aa791d661e4b356f7e x86_64/2006.0/RPMS/lib64clamav1-devel-0.88.1-0.1.20060mdk.x86_64.rpm ee0dad2e6693a49018772d523b31caf7 x86_64/2006.0/SRPMS/clamav-0.88.1-0.1.20060mdk.src.rpm Corporate 3.0: 338f4fde8dc1b3c025a0aafe7e3f1d16 corporate/3.0/RPMS/clamav-0.88.1-0.1.C30mdk.i586.rpm 0b103f86de58322decb7eab357ae8303 corporate/3.0/RPMS/clamav-db-0.88.1-0.1.C30mdk.i586.rpm 872ff963443a695f7339925e17751fb4 corporate/3.0/RPMS/clamav-milter-0.88.1-0.1.C30mdk.i586.rpm 4398815889ab571ef8a88aaa1cd96d0c corporate/3.0/RPMS/clamd-0.88.1-0.1.C30mdk.i586.rpm 422f5145947d02532671885b115a6ef6 corporate/3.0/RPMS/libclamav1-0.88.1-0.1.C30mdk.i586.rpm 8b14d93a15408fb129c66d1395c3595c corporate/3.0/RPMS/libclamav1-devel-0.88.1-0.1.C30mdk.i586.rpm ad723ef00c23c3b8c36be5aee40abb15 corporate/3.0/SRPMS/clamav-0.88.1-0.1.C30mdk.src.rpm Corporate 3.0/X86_64: 01fd41e817e1d96789b1b9dc43cbd760 x86_64/corporate/3.0/RPMS/clamav-0.88.1-0.1.C30mdk.x86_64.rpm 434648110ef5603f85049ae02e44b7e4 x86_64/corporate/3.0/RPMS/clamav-db-0.88.1-0.1.C30mdk.x86_64.rpm 10a1d45e5d53d170112b1698fcdb66ba x86_64/corporate/3.0/RPMS/clamav-milter-0.88.1-0.1.C30mdk.x86_64.rpm c1f38d2e0d753997b096c5e0fbf4f575 x86_64/corporate/3.0/RPMS/clamd-0.88.1-0.1.C30mdk.x86_64.rpm b1bd0032ab359f4a25b48675df76e1be x86_64/corporate/3.0/RPMS/lib64clamav1-0.88.1-0.1.C30mdk.x86_64.rpm bc9dfa91d651edaf6957def3c502ec21 x86_64/corporate/3.0/RPMS/lib64clamav1-devel-0.88.1-0.1.C30mdk.x86_64.rpm ad723ef00c23c3b8c36be5aee40abb15 x86_64/corporate/3.0/SRPMS/clamav-0.88.1-0.1.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFENquymqjQ0CJFipgRAv1PAKDWy48nobAGlEt7Zy8IYnosPSt52ACgj2jv itI9Qf3vHSG+ead8P1Sjzvc= =Nzey -----END PGP SIGNATURE-----
