-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2007:115 http://www.mandriva.com/security/ _______________________________________________________________________ Package : clamav Date : June 4, 2007 Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0 _______________________________________________________________________ Problem Description: A vulnerability in the OLE2 parser in ClamAV was found that could allow a remote attacker to cause a denial of service via resource consumption with a carefully crafted OLE2 file. Other vulnerabilities and bugs have also been corrected in 0.90.3 which is being provided with this update. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2650 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: 8f807a16b18ddd17fdcbbf563f0b225c 2007.0/i586/clamav-0.90.3-0.1mdv2007.0.i586.rpm afcb2de5f26cc1fc07499cea6e5f4ffd 2007.0/i586/clamav-db-0.90.3-0.1mdv2007.0.i586.rpm 3ea7af875ea79a1efb2aec03e4e70e7e 2007.0/i586/clamav-milter-0.90.3-0.1mdv2007.0.i586.rpm 498a8e05cb31451382562c22dd8c6ca8 2007.0/i586/clamd-0.90.3-0.1mdv2007.0.i586.rpm 90cecf4adbf717672b54e5a18250447d 2007.0/i586/clamdmon-0.90.3-0.1mdv2007.0.i586.rpm 4c2b036b761d67aef27349f3bf6de11d 2007.0/i586/libclamav2-0.90.3-0.1mdv2007.0.i586.rpm 667c354d70642e8663edd469506fb488 2007.0/i586/libclamav2-devel-0.90.3-0.1mdv2007.0.i586.rpm e472e368da522072b20a7773f4db5d22 2007.0/SRPMS/clamav-0.90.3-0.1mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 15636a6d8f3fd6537350b0a1b67741c3 2007.0/x86_64/clamav-0.90.3-0.1mdv2007.0.x86_64.rpm 097ede19d694a7f2d8d103bd16f9864b 2007.0/x86_64/clamav-db-0.90.3-0.1mdv2007.0.x86_64.rpm 68ebe1e39a0b25211e6c9dbeddcdefa6 2007.0/x86_64/clamav-milter-0.90.3-0.1mdv2007.0.x86_64.rpm f0bd264bfdadc816759a438308b82cd7 2007.0/x86_64/clamd-0.90.3-0.1mdv2007.0.x86_64.rpm 30b6eb173aa40c39b6cd191433387a26 2007.0/x86_64/clamdmon-0.90.3-0.1mdv2007.0.x86_64.rpm 5164562d6affcacc64ade14d3acd23cd 2007.0/x86_64/lib64clamav2-0.90.3-0.1mdv2007.0.x86_64.rpm b86a1162638401a101a08b52689df150 2007.0/x86_64/lib64clamav2-devel-0.90.3-0.1mdv2007.0.x86_64.rpm e472e368da522072b20a7773f4db5d22 2007.0/SRPMS/clamav-0.90.3-0.1mdv2007.0.src.rpm Mandriva Linux 2007.1: 378ad782e37e018e1e553d7c351ea358 2007.1/i586/clamav-0.90.3-0.1mdv2007.1.i586.rpm d083214002090ae15d36c9463c78c29c 2007.1/i586/clamav-db-0.90.3-0.1mdv2007.1.i586.rpm 5316d47473a5c284f40fdb21c08b9d28 2007.1/i586/clamav-milter-0.90.3-0.1mdv2007.1.i586.rpm ff430af11f2ba37bbcb521f93d71030a 2007.1/i586/clamd-0.90.3-0.1mdv2007.1.i586.rpm ab9cac6d55dc192b5ffcaa5f356f6821 2007.1/i586/clamdmon-0.90.3-0.1mdv2007.1.i586.rpm 06daf5c409b7931ca02e88f85048225a 2007.1/i586/libclamav2-0.90.3-0.1mdv2007.1.i586.rpm eb59ec3314ae85a0a2c400d725c1d984 2007.1/i586/libclamav2-devel-0.90.3-0.1mdv2007.1.i586.rpm 22132cc15d14520edd635019d06b874e 2007.1/SRPMS/clamav-0.90.3-0.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 03d79b409aa5c87570222a600ac92915 2007.1/x86_64/clamav-0.90.3-0.1mdv2007.1.x86_64.rpm 7cb3f180fa1bfc6cdaae4a7ae4088dc2 2007.1/x86_64/clamav-db-0.90.3-0.1mdv2007.1.x86_64.rpm 850deaafd4bb64b4c6a35772fffbd369 2007.1/x86_64/clamav-milter-0.90.3-0.1mdv2007.1.x86_64.rpm 9f3e3f88497ce3b769f5f6f7e05fd8ca 2007.1/x86_64/clamd-0.90.3-0.1mdv2007.1.x86_64.rpm 6f38934bee43286ecf2b8f7049c6dd1f 2007.1/x86_64/clamdmon-0.90.3-0.1mdv2007.1.x86_64.rpm 94f315377e8f33b936fff253eaa4e847 2007.1/x86_64/lib64clamav2-0.90.3-0.1mdv2007.1.x86_64.rpm c7c1458f005b09c23bb2affb7b9aae0c 2007.1/x86_64/lib64clamav2-devel-0.90.3-0.1mdv2007.1.x86_64.rpm 22132cc15d14520edd635019d06b874e 2007.1/SRPMS/clamav-0.90.3-0.1mdv2007.1.src.rpm Corporate 3.0: d173ea9451a336aa56e834f1cd3d4882 corporate/3.0/i586/clamav-0.90.3-0.1.C30mdk.i586.rpm 2694fbbd622a5b312a523bc16993ff1c corporate/3.0/i586/clamav-db-0.90.3-0.1.C30mdk.i586.rpm 647afdc7fcec85cc9190e2680b35000c corporate/3.0/i586/clamav-milter-0.90.3-0.1.C30mdk.i586.rpm 2646c5e3f81c8d0b35229205bbba5344 corporate/3.0/i586/clamd-0.90.3-0.1.C30mdk.i586.rpm bfd73b522c6d7cda7e7dd995a6e7e79b corporate/3.0/i586/clamdmon-0.90.3-0.1.C30mdk.i586.rpm aeca41b4f44f1f7ccbee306816f34259 corporate/3.0/i586/libclamav2-0.90.3-0.1.C30mdk.i586.rpm 78e8398b8f4b8663b0a0684acd6bd938 corporate/3.0/i586/libclamav2-devel-0.90.3-0.1.C30mdk.i586.rpm 3bdca91be114543785b82ff8da904c16 corporate/3.0/SRPMS/clamav-0.90.3-0.1.C30mdk.src.rpm Corporate 3.0/X86_64: 9d3ee2af6dbb5595bdbb1db33344bda5 corporate/3.0/x86_64/clamav-0.90.3-0.1.C30mdk.x86_64.rpm 22b70bcf86a90f84702f722a5eb5dbf1 corporate/3.0/x86_64/clamav-db-0.90.3-0.1.C30mdk.x86_64.rpm 6b9e3874400f1417318cac606a13bdec corporate/3.0/x86_64/clamav-milter-0.90.3-0.1.C30mdk.x86_64.rpm e18e2aab82234f1d6c4441e20fea15f0 corporate/3.0/x86_64/clamd-0.90.3-0.1.C30mdk.x86_64.rpm 0deb01240f12850c04b68e1b664fbb6a corporate/3.0/x86_64/clamdmon-0.90.3-0.1.C30mdk.x86_64.rpm e47416fc1e17beb2b99b804181272c79 corporate/3.0/x86_64/lib64clamav2-0.90.3-0.1.C30mdk.x86_64.rpm 5c90229eb99e94aa932fb33290ec555b corporate/3.0/x86_64/lib64clamav2-devel-0.90.3-0.1.C30mdk.x86_64.rpm 3bdca91be114543785b82ff8da904c16 corporate/3.0/SRPMS/clamav-0.90.3-0.1.C30mdk.src.rpm Corporate 4.0: a21c2b1fb87e9fffacd85820727e2ffe corporate/4.0/i586/clamav-0.90.3-0.1.20060mlcs4.i586.rpm a7ae50da3c78dde47323fec240aa36d3 corporate/4.0/i586/clamav-db-0.90.3-0.1.20060mlcs4.i586.rpm 8ec25cea1228b0ba1bf15c9eea095de3 corporate/4.0/i586/clamav-milter-0.90.3-0.1.20060mlcs4.i586.rpm c8dfe521c3578b1df2d1e0a2c5e71e4f corporate/4.0/i586/clamd-0.90.3-0.1.20060mlcs4.i586.rpm 32dfdd00de21829792926c8c004f3cde corporate/4.0/i586/clamdmon-0.90.3-0.1.20060mlcs4.i586.rpm 23849d5c8ab87ba99e746e4b3f28542c corporate/4.0/i586/libclamav2-0.90.3-0.1.20060mlcs4.i586.rpm 8fc0841ab5d68e340e1fbe1289b407bb corporate/4.0/i586/libclamav2-devel-0.90.3-0.1.20060mlcs4.i586.rpm 0b3f79671ad392182f4dbc810862565f corporate/4.0/SRPMS/clamav-0.90.3-0.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: 8ad7c2d47152f95df1a85603bed0ed6f corporate/4.0/x86_64/clamav-0.90.3-0.1.20060mlcs4.x86_64.rpm ee676819dcdcc147f4464892751113a6 corporate/4.0/x86_64/clamav-db-0.90.3-0.1.20060mlcs4.x86_64.rpm 4e6f85c45c5acad11628a2f6246ddd7c corporate/4.0/x86_64/clamav-milter-0.90.3-0.1.20060mlcs4.x86_64.rpm a1fe3eb1c616bd40f0d289a1ba17969d corporate/4.0/x86_64/clamd-0.90.3-0.1.20060mlcs4.x86_64.rpm d982b68a08dd7937518a2586ec01f0d7 corporate/4.0/x86_64/clamdmon-0.90.3-0.1.20060mlcs4.x86_64.rpm 31b0aa61a5c53209d9958b99118fbc44 corporate/4.0/x86_64/lib64clamav2-0.90.3-0.1.20060mlcs4.x86_64.rpm dc14036a8b0862eff5db9da5f6622c87 corporate/4.0/x86_64/lib64clamav2-devel-0.90.3-0.1.20060mlcs4.x86_64.rpm 0b3f79671ad392182f4dbc810862565f corporate/4.0/SRPMS/clamav-0.90.3-0.1.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGZIvVmqjQ0CJFipgRAqKFAJ9NN5N1g9d5BVPImqTEpuNLuCWE3gCgnQZH nA89R8r/ADEJybA3wf+crQ0= =Y8wF -----END PGP SIGNATURE-----
