Mandriva Linux Security Advisory - An integer overflow vulnerability was reported by iDefense with clamav when parsing Portable Executable (PE) files packed in he MEW format. This could be exploited to cause a heap-based buffer overflow. Toeroek Edwin reported an off-by-one error when decompressing MS-ZIP compressed CAB files. As well, an unspecified vulnerability related to the bzip2 decompression algorithm was also discovered.
37b9a19cb61c4a301b58ab8777a496aecba98b36f31673396fda65b345441908
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2008:003
http://www.mandriva.com/security/
_______________________________________________________________________
Package : clamav
Date : January 8, 2008
Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
An integer overflow vulnerability was reported by iDefense with clamav
when parsing Portable Executable (PE) files packed in he MEW format.
This could be exploited to cause a heap-based buffer overflow
(CVE-2007-6335).
Toeroek Edwin reported an off-by-one error when decompressing MS-ZIP
compressed CAB files (CVE-2007-6336).
As well, an unspecified vulnerability related to the bzip2
decompression algorithm was also discovered (CVE-2007-6337).
Other bugs have also been corrected in 0.92 which is being provided
with this update. Because this new version has increased the major
of the libclamav library, updated dependent packages are also being
provided.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6335
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6336
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6337
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.0:
fc1ed2d6d7e2fa61e004fd494422e22f 2007.0/i586/clamav-0.92-1.2mdv2007.0.i586.rpm
0a7dfdfcdc80018d86f8bae73765eb92 2007.0/i586/clamav-db-0.92-1.2mdv2007.0.i586.rpm
ab2486ddadf2802c9e78430abb4e58fb 2007.0/i586/clamav-milter-0.92-1.2mdv2007.0.i586.rpm
d2194bbac627a8acafd970db80e20412 2007.0/i586/clamd-0.92-1.2mdv2007.0.i586.rpm
399a07092d1d78854d632dbe9817d6a5 2007.0/i586/clamdmon-0.92-1.2mdv2007.0.i586.rpm
47decdf9abd2202411c491e894c79929 2007.0/i586/klamav-0.41-1.2mdv2007.0.i586.rpm
1d943cf9dee68ffa180a71d858a70380 2007.0/i586/libclamav-devel-0.92-1.2mdv2007.0.i586.rpm
d989f8d8b42469a13a6d5fc2688bc9b2 2007.0/i586/libclamav3-0.92-1.2mdv2007.0.i586.rpm
62bfa2e660093513501a33789363d460 2007.0/SRPMS/clamav-0.92-1.2mdv2007.0.src.rpm
55e28787b08fb04beff3116e7f8d6493 2007.0/SRPMS/klamav-0.41-1.2mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
95f5232dc3753516030e8535729ab255 2007.0/x86_64/clamav-0.92-1.2mdv2007.0.x86_64.rpm
e7cebecea23dd203d52d179bf4d134cf 2007.0/x86_64/clamav-db-0.92-1.2mdv2007.0.x86_64.rpm
ef628aa8fe5942d46aa744732506deed 2007.0/x86_64/clamav-milter-0.92-1.2mdv2007.0.x86_64.rpm
183e54911edb0cc44973a8fd536637b0 2007.0/x86_64/clamd-0.92-1.2mdv2007.0.x86_64.rpm
b4518d6bb8613c99a790fe7f38b137c8 2007.0/x86_64/clamdmon-0.92-1.2mdv2007.0.x86_64.rpm
42f54d20f5532e816129b31cf60413a9 2007.0/x86_64/klamav-0.41-1.2mdv2007.0.x86_64.rpm
a50b759ceb63183e37f5763b4d1bd717 2007.0/x86_64/lib64clamav-devel-0.92-1.2mdv2007.0.x86_64.rpm
dafdf9a64ead071f9f04bdf2d4a58e6e 2007.0/x86_64/lib64clamav3-0.92-1.2mdv2007.0.x86_64.rpm
62bfa2e660093513501a33789363d460 2007.0/SRPMS/clamav-0.92-1.2mdv2007.0.src.rpm
55e28787b08fb04beff3116e7f8d6493 2007.0/SRPMS/klamav-0.41-1.2mdv2007.0.src.rpm
Mandriva Linux 2007.1:
98d49b30e7a6b938af5aaef9a472a25c 2007.1/i586/clamav-0.92-1.2mdv2007.1.i586.rpm
9bfdaad1a14b3565be36864193ce9840 2007.1/i586/clamav-db-0.92-1.2mdv2007.1.i586.rpm
4ad6c52459606908986826259d17fa4e 2007.1/i586/clamav-milter-0.92-1.2mdv2007.1.i586.rpm
bfe81d6d31909889f4a1f9822c6f3c87 2007.1/i586/clamd-0.92-1.2mdv2007.1.i586.rpm
77591c75d6176061fa120ad5b5329846 2007.1/i586/clamdmon-0.92-1.2mdv2007.1.i586.rpm
66939dc58639cc283cd4809719379100 2007.1/i586/klamav-0.41-2.1mdv2007.1.i586.rpm
cf7e4f222f7b1992174c52fc9fa5e5e2 2007.1/i586/libclamav-devel-0.92-1.2mdv2007.1.i586.rpm
405f62a1609dc6c8ea527bf2479030c1 2007.1/i586/libclamav3-0.92-1.2mdv2007.1.i586.rpm
b07c73a90d19f1a9d4c34cb586a51d0b 2007.1/SRPMS/clamav-0.92-1.2mdv2007.1.src.rpm
45f42d28eb80611716a514aeed60b147 2007.1/SRPMS/klamav-0.41-2.1mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
0ce7b6c2cc03b1a06812eaa8666a69d7 2007.1/x86_64/clamav-0.92-1.2mdv2007.1.x86_64.rpm
1d5785bb027b8f554d736b6b480755c2 2007.1/x86_64/clamav-db-0.92-1.2mdv2007.1.x86_64.rpm
721eeabf6bc31ac026af9a8971a010ee 2007.1/x86_64/clamav-milter-0.92-1.2mdv2007.1.x86_64.rpm
9d275b05f19ab0fbf8a294345aaf2d46 2007.1/x86_64/clamd-0.92-1.2mdv2007.1.x86_64.rpm
a20c0c41cdd1fb2a68e157eb7b9c6c37 2007.1/x86_64/clamdmon-0.92-1.2mdv2007.1.x86_64.rpm
18d5c2a141e17b054b87d98534c18820 2007.1/x86_64/klamav-0.41-2.1mdv2007.1.x86_64.rpm
bfc5e7ef4a1445d2f529dbd57aec9440 2007.1/x86_64/lib64clamav-devel-0.92-1.2mdv2007.1.x86_64.rpm
1284fd4541adfb80164a40a17bd367c4 2007.1/x86_64/lib64clamav3-0.92-1.2mdv2007.1.x86_64.rpm
b07c73a90d19f1a9d4c34cb586a51d0b 2007.1/SRPMS/clamav-0.92-1.2mdv2007.1.src.rpm
45f42d28eb80611716a514aeed60b147 2007.1/SRPMS/klamav-0.41-2.1mdv2007.1.src.rpm
Mandriva Linux 2008.0:
6845c3727edd9c4cd40ab453433b23de 2008.0/i586/clamav-0.92-1.2mdv2008.0.i586.rpm
be3ee6e6a5507432295ab884b28dd963 2008.0/i586/clamav-db-0.92-1.2mdv2008.0.i586.rpm
b75df65dda486cbff50a07dfc5f67053 2008.0/i586/clamav-milter-0.92-1.2mdv2008.0.i586.rpm
d6c5d54b74df8ad54c8c0166a5dfca5a 2008.0/i586/clamd-0.92-1.2mdv2008.0.i586.rpm
99690d8f46e628ced3d7511c3961d8c8 2008.0/i586/clamdmon-0.92-1.2mdv2008.0.i586.rpm
a761c21b0b0132567e45e005f4b46d59 2008.0/i586/klamav-0.41.1-2.1mdv2008.0.i586.rpm
1eca36b7674292f957de5c7809ef7c8f 2008.0/i586/libclamav-devel-0.92-1.2mdv2008.0.i586.rpm
3b593a73a49128450d7dd0b55d379c87 2008.0/i586/libclamav3-0.92-1.2mdv2008.0.i586.rpm
51dc9ab3b42c323547d03de5db226a84 2008.0/SRPMS/clamav-0.92-1.2mdv2008.0.src.rpm
4257ab503f00c056db9e2d2ec5be92d7 2008.0/SRPMS/klamav-0.41.1-2.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
cde28a6c10e4e649fdc2e76a3c058190 2008.0/x86_64/clamav-0.92-1.2mdv2008.0.x86_64.rpm
cddc66f6bf586632b3b6372a55dd01d9 2008.0/x86_64/clamav-db-0.92-1.2mdv2008.0.x86_64.rpm
0f55d2cd2560725241a599eaf4473b16 2008.0/x86_64/clamav-milter-0.92-1.2mdv2008.0.x86_64.rpm
91c0c8d9a951437a31dce3de060e948e 2008.0/x86_64/clamd-0.92-1.2mdv2008.0.x86_64.rpm
835e414799fd885acb37697e7a94a0ac 2008.0/x86_64/clamdmon-0.92-1.2mdv2008.0.x86_64.rpm
c4bb62543906bd0685ef3dedbd1d1eed 2008.0/x86_64/klamav-0.41.1-2.1mdv2008.0.x86_64.rpm
013062a449726abcdb0e6ac69c0932d1 2008.0/x86_64/lib64clamav-devel-0.92-1.2mdv2008.0.x86_64.rpm
f6b532ea61bf4213123804b00b7e0d40 2008.0/x86_64/lib64clamav3-0.92-1.2mdv2008.0.x86_64.rpm
51dc9ab3b42c323547d03de5db226a84 2008.0/SRPMS/clamav-0.92-1.2mdv2008.0.src.rpm
4257ab503f00c056db9e2d2ec5be92d7 2008.0/SRPMS/klamav-0.41.1-2.1mdv2008.0.src.rpm
Corporate 3.0:
3f2a48e871c6c4a3b0a57d0eaa622a37 corporate/3.0/i586/clamav-0.92-0.2.C30mdk.i586.rpm
ce3f09c9cbbd81bd2f5b035bf29a5b46 corporate/3.0/i586/clamav-db-0.92-0.2.C30mdk.i586.rpm
e60f7417cdeddb012eb8b1f5713d63a3 corporate/3.0/i586/clamav-milter-0.92-0.2.C30mdk.i586.rpm
74f1aee20b5031b0ac067d188f7168fb corporate/3.0/i586/clamd-0.92-0.2.C30mdk.i586.rpm
3bb0b303bef626dc9543310c6fb25696 corporate/3.0/i586/clamdmon-0.92-0.2.C30mdk.i586.rpm
9f6845a740d65133e4ddfc4b3f97c11a corporate/3.0/i586/libclamav-devel-0.92-0.2.C30mdk.i586.rpm
5364bdfc013ade1199cd9e95f1587b20 corporate/3.0/i586/libclamav3-0.92-0.2.C30mdk.i586.rpm
3706e74c9205d888150c74a5310741e0 corporate/3.0/SRPMS/clamav-0.92-0.2.C30mdk.src.rpm
Corporate 3.0/X86_64:
c07a6b3b930907d623ac66abb1b3a599 corporate/3.0/x86_64/clamav-0.92-0.2.C30mdk.x86_64.rpm
dc5a98c4378b9fd58e9c4dcc149d9708 corporate/3.0/x86_64/clamav-db-0.92-0.2.C30mdk.x86_64.rpm
93bc3c83d173c8fa6b5f8fba96df8847 corporate/3.0/x86_64/clamav-milter-0.92-0.2.C30mdk.x86_64.rpm
3038d4e399a7ee4dd07739e91a10a675 corporate/3.0/x86_64/clamd-0.92-0.2.C30mdk.x86_64.rpm
ed758355a6d8b53bf3a5a5d84124c789 corporate/3.0/x86_64/clamdmon-0.92-0.2.C30mdk.x86_64.rpm
9546306ca59838c1b35fac61a12297b3 corporate/3.0/x86_64/lib64clamav-devel-0.92-0.2.C30mdk.x86_64.rpm
5817803ca6185e173127889ae7640589 corporate/3.0/x86_64/lib64clamav3-0.92-0.2.C30mdk.x86_64.rpm
3706e74c9205d888150c74a5310741e0 corporate/3.0/SRPMS/clamav-0.92-0.2.C30mdk.src.rpm
Corporate 4.0:
09bc97f6d0c3a507537dd5df5d5a2e9e corporate/4.0/i586/c-icap-client-210205-5.2.20060mlcs4.i586.rpm
c162b402dd359cef918fca6a4ee55dc4 corporate/4.0/i586/c-icap-modules-210205-5.2.20060mlcs4.i586.rpm
4ef1e16aa796f03a35e4fde3b2e73c29 corporate/4.0/i586/c-icap-server-210205-5.2.20060mlcs4.i586.rpm
b300a7fc384f7425c10b5498c703f2c9 corporate/4.0/i586/clamav-0.92-0.2.20060mlcs4.i586.rpm
2445d34f9632fa547ae0a1884152e7f2 corporate/4.0/i586/clamav-db-0.92-0.2.20060mlcs4.i586.rpm
4fbf33fa8581f1e9149064bf98286d76 corporate/4.0/i586/clamav-milter-0.92-0.2.20060mlcs4.i586.rpm
d7975bcedccf63ad68fa1003c39ea38f corporate/4.0/i586/clamd-0.92-0.2.20060mlcs4.i586.rpm
1a36e1a5f049193ebc4183116b0efba1 corporate/4.0/i586/clamdmon-0.92-0.2.20060mlcs4.i586.rpm
d65e1dc78894367ec8778cdd4b3dcaab corporate/4.0/i586/libc-icap0-210205-5.2.20060mlcs4.i586.rpm
557e71c20126d3e8e2b3761d618e81b2 corporate/4.0/i586/libc-icap0-devel-210205-5.2.20060mlcs4.i586.rpm
7547cb16781ef5864049bdbe3be066ca corporate/4.0/i586/libclamav-devel-0.92-0.2.20060mlcs4.i586.rpm
8670164705db11dab33cf01aecee05b5 corporate/4.0/i586/libclamav3-0.92-0.2.20060mlcs4.i586.rpm
4bdc08d830df3e0b8ddc2eada232a83d corporate/4.0/i586/php-clamav-0.12a-8.2.20060mlcs4.i586.rpm
ab588a94a6ae104f6a379dd164fdbb9b corporate/4.0/SRPMS/c-icap-210205-5.2.20060mlcs4.src.rpm
f62afc45435fb35b7a24b5a1a9827099 corporate/4.0/SRPMS/clamav-0.92-0.2.20060mlcs4.src.rpm
1fdbb8cab6b50d1648dcc162f1e9aad8 corporate/4.0/SRPMS/php-clamav-0.12a-8.2.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
f84c1bd0a6e0794991262915dd73682c corporate/4.0/x86_64/c-icap-client-210205-5.2.20060mlcs4.x86_64.rpm
1a4cea375f8278d8fa74e578e05b99f8 corporate/4.0/x86_64/c-icap-modules-210205-5.2.20060mlcs4.x86_64.rpm
c86cf3a99cb02b60686cfafebdabc427 corporate/4.0/x86_64/c-icap-server-210205-5.2.20060mlcs4.x86_64.rpm
ac36226fb9c603e53c6b8ae0cc834106 corporate/4.0/x86_64/clamav-0.92-0.2.20060mlcs4.x86_64.rpm
8b6b8043edb52c9510e634a6f5549ffc corporate/4.0/x86_64/clamav-db-0.92-0.2.20060mlcs4.x86_64.rpm
80313735603168fa6d4d1cee550b4461 corporate/4.0/x86_64/clamav-milter-0.92-0.2.20060mlcs4.x86_64.rpm
5edc55a2746cdbfbc9dab0c138cd7904 corporate/4.0/x86_64/clamd-0.92-0.2.20060mlcs4.x86_64.rpm
bf4df46b323a4184726b02b8551fbb74 corporate/4.0/x86_64/clamdmon-0.92-0.2.20060mlcs4.x86_64.rpm
3bd7ab884f9e1dce5d127ded6b81cddc corporate/4.0/x86_64/lib64c-icap0-210205-5.2.20060mlcs4.x86_64.rpm
6f688ee2b22016964b46dc81c8a075a0 corporate/4.0/x86_64/lib64c-icap0-devel-210205-5.2.20060mlcs4.x86_64.rpm
a8f718d57e5533e8df7c47cd26f5b2a4 corporate/4.0/x86_64/lib64clamav-devel-0.92-0.2.20060mlcs4.x86_64.rpm
a7e2bca01fdf9ec52bb277b85260a6f4 corporate/4.0/x86_64/lib64clamav3-0.92-0.2.20060mlcs4.x86_64.rpm
a0eff3d2addb10828672f26d1ef9aebf corporate/4.0/x86_64/php-clamav-0.12a-8.2.20060mlcs4.x86_64.rpm
ab588a94a6ae104f6a379dd164fdbb9b corporate/4.0/SRPMS/c-icap-210205-5.2.20060mlcs4.src.rpm
f62afc45435fb35b7a24b5a1a9827099 corporate/4.0/SRPMS/clamav-0.92-0.2.20060mlcs4.src.rpm
1fdbb8cab6b50d1648dcc162f1e9aad8 corporate/4.0/SRPMS/php-clamav-0.12a-8.2.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
iD8DBQFHhEmcmqjQ0CJFipgRAvVeAJ45qzu/QLzIfZj6gtC30oXmGzl8/wCePF5A
vIfEl5eWay4ZlBdo5q23Y4M=
=9O4q
-----END PGP SIGNATURE-----