Mandriva Linux Security Advisory - An off-by-one error was found in ClamAV versions prior to 0.94.1 that could allow remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted VBA project file. Other bugs have also been corrected in 0.94.1 which is being provided with this update.
e1aab69495ae010aa0a9d6938ae571c19e5e88391968e5aa2b5b8c8d698fc850
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2008:229
http://www.mandriva.com/security/
_______________________________________________________________________
Package : clamav
Date : November 14, 2008
Affected: 2008.0, 2008.1, 2009.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
An off-by-one error was found in ClamAV versions prior to 0.94.1 that
could allow remote attackers to cause a denial of service or possibly
execute arbitrary code via a crafted VBA project file (CVE-2008-5050).
Other bugs have also been corrected in 0.94.1 which is being provided
with this update.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5050
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
4a120c7624cd31abdef8406545e30910 2008.0/i586/clamav-0.94.1-2.1mdv2008.0.i586.rpm
4f612c8fc5080e892130cf2aa30e51a2 2008.0/i586/clamav-db-0.94.1-2.1mdv2008.0.i586.rpm
1044a1caf1d247fe25deddb22a603597 2008.0/i586/clamd-0.94.1-2.1mdv2008.0.i586.rpm
bd02ba446db1634c1945c3fd41a3cf89 2008.0/i586/libclamav5-0.94.1-2.1mdv2008.0.i586.rpm
6bbd77167ef0a624a4d275c4ee5aab63 2008.0/i586/libclamav-devel-0.94.1-2.1mdv2008.0.i586.rpm
0dde713543b21f5ca52c4d58383ecaf3 2008.0/SRPMS/clamav-0.94.1-2.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
a2f94de161f6038ac0d003afc4ecb45e 2008.0/x86_64/clamav-0.94.1-2.1mdv2008.0.x86_64.rpm
458891795f311e5fe9a9572acdc4fad5 2008.0/x86_64/clamav-db-0.94.1-2.1mdv2008.0.x86_64.rpm
b98de6d8e521716d5098629c4b4bff95 2008.0/x86_64/clamd-0.94.1-2.1mdv2008.0.x86_64.rpm
886066f300513623cecd727db5da9c33 2008.0/x86_64/lib64clamav5-0.94.1-2.1mdv2008.0.x86_64.rpm
3de51e959737c3a0982bf705af4fbec1 2008.0/x86_64/lib64clamav-devel-0.94.1-2.1mdv2008.0.x86_64.rpm
0dde713543b21f5ca52c4d58383ecaf3 2008.0/SRPMS/clamav-0.94.1-2.1mdv2008.0.src.rpm
Mandriva Linux 2008.1:
3ed90df7ea9d02f7ff232eb7529f8ba6 2008.1/i586/clamav-0.94.1-2mdv2008.1.i586.rpm
bc3234eca85d90fad74aedcf9d08d6f9 2008.1/i586/clamav-db-0.94.1-2mdv2008.1.i586.rpm
b5936ac8b57b0260b57fa3da2b4a813c 2008.1/i586/clamd-0.94.1-2mdv2008.1.i586.rpm
241e648dc995c03cc62a101cf00f2632 2008.1/i586/libclamav5-0.94.1-2mdv2008.1.i586.rpm
3570a761d50b6d6cf034f9c8c5333e33 2008.1/i586/libclamav-devel-0.94.1-2mdv2008.1.i586.rpm
6c34e5fd82d33489eec50c08666a9285 2008.1/SRPMS/clamav-0.94.1-2mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
bda76080176f91cb58db40227aad8c61 2008.1/x86_64/clamav-0.94.1-2mdv2008.1.x86_64.rpm
dd9050e863bfe2455831180e90fd4928 2008.1/x86_64/clamav-db-0.94.1-2mdv2008.1.x86_64.rpm
dbd0cbdf2bcf8a3a1d8788749a977a62 2008.1/x86_64/clamd-0.94.1-2mdv2008.1.x86_64.rpm
918367efa9d6da46851bdb9a2b50a719 2008.1/x86_64/lib64clamav5-0.94.1-2mdv2008.1.x86_64.rpm
e708a11bf4df78af44022b245ef0a1d0 2008.1/x86_64/lib64clamav-devel-0.94.1-2mdv2008.1.x86_64.rpm
6c34e5fd82d33489eec50c08666a9285 2008.1/SRPMS/clamav-0.94.1-2mdv2008.1.src.rpm
Mandriva Linux 2009.0:
0f778e49185ed0c79196a556ad610fb4 2009.0/i586/clamav-0.94.1-2mdv2009.0.i586.rpm
036d1122a7278cca7e72659fcae305f8 2009.0/i586/clamav-db-0.94.1-2mdv2009.0.i586.rpm
f232743d8963dfc84dfff8941970b147 2009.0/i586/clamd-0.94.1-2mdv2009.0.i586.rpm
f44183b1c32fd70418735a8251498ed8 2009.0/i586/libclamav5-0.94.1-2mdv2009.0.i586.rpm
344b38ebe0c65e6d6abaab3706e7c2d6 2009.0/i586/libclamav-devel-0.94.1-2mdv2009.0.i586.rpm
0558907f32571f4ba2820353c01b95cf 2009.0/SRPMS/clamav-0.94.1-2mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
1e7408051f4aacc418f8f6be9943f4e6 2009.0/x86_64/clamav-0.94.1-2mdv2009.0.x86_64.rpm
07114ef73bda272c2f3ba3694250dcb5 2009.0/x86_64/clamav-db-0.94.1-2mdv2009.0.x86_64.rpm
097d65cfa28451572df549a8f6035d7b 2009.0/x86_64/clamd-0.94.1-2mdv2009.0.x86_64.rpm
a6414357665c15a5ba457745fcc5198d 2009.0/x86_64/lib64clamav5-0.94.1-2mdv2009.0.x86_64.rpm
1f3462333c4382bec424711706943641 2009.0/x86_64/lib64clamav-devel-0.94.1-2mdv2009.0.x86_64.rpm
0558907f32571f4ba2820353c01b95cf 2009.0/SRPMS/clamav-0.94.1-2mdv2009.0.src.rpm
Corporate 3.0:
6a4bc1edc194b63ac516342c9a8fd662 corporate/3.0/i586/clamav-0.94.1-1.1.C30mdk.i586.rpm
73a6316315af4df3bfcd9ab3013e7d38 corporate/3.0/i586/clamav-db-0.94.1-1.1.C30mdk.i586.rpm
dac04c7ef47d707ed6d6f1a93ed771e5 corporate/3.0/i586/clamd-0.94.1-1.1.C30mdk.i586.rpm
f27a634805c01f4b630c6e54de41cea6 corporate/3.0/i586/libclamav5-0.94.1-1.1.C30mdk.i586.rpm
be4c0ab9842a4ca264b19f2cd457c825 corporate/3.0/i586/libclamav-devel-0.94.1-1.1.C30mdk.i586.rpm
adddb2c28c6336400adde155122fdeb5 corporate/3.0/SRPMS/clamav-0.94.1-1.1.C30mdk.src.rpm
Corporate 3.0/X86_64:
553fca8ee2b24b098ffe7a69ebf6f7d1 corporate/3.0/x86_64/clamav-0.94.1-1.1.C30mdk.x86_64.rpm
29d4426e96a6d6b17b2c33761578b86d corporate/3.0/x86_64/clamav-db-0.94.1-1.1.C30mdk.x86_64.rpm
65ec3b8aec99fcd5e38664862d2279ba corporate/3.0/x86_64/clamd-0.94.1-1.1.C30mdk.x86_64.rpm
d8bdcd787cf07bdf0899e9cc178bf012 corporate/3.0/x86_64/lib64clamav5-0.94.1-1.1.C30mdk.x86_64.rpm
2c575bc6d82897ae866e2031c3729d99 corporate/3.0/x86_64/lib64clamav-devel-0.94.1-1.1.C30mdk.x86_64.rpm
adddb2c28c6336400adde155122fdeb5 corporate/3.0/SRPMS/clamav-0.94.1-1.1.C30mdk.src.rpm
Corporate 4.0:
7462d619f941c799bc58448b13122271 corporate/4.0/i586/clamav-0.94.1-1.1.20060mlcs4.i586.rpm
7c69f00769c6f285e42a9bae29745758 corporate/4.0/i586/clamav-db-0.94.1-1.1.20060mlcs4.i586.rpm
27991558a673913188cf8d968d1b594b corporate/4.0/i586/clamd-0.94.1-1.1.20060mlcs4.i586.rpm
e32cc6209d42050be9b87eb9e7b50cc6 corporate/4.0/i586/libclamav5-0.94.1-1.1.20060mlcs4.i586.rpm
43a820ed215d1bc3f55c91c9a35668ac corporate/4.0/i586/libclamav-devel-0.94.1-1.1.20060mlcs4.i586.rpm
c8c748cb4ff626c87ec4ec620873516b corporate/4.0/SRPMS/clamav-0.94.1-1.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
acfcee4b7b662b20cbb7339c6874ff4a corporate/4.0/x86_64/clamav-0.94.1-1.1.20060mlcs4.x86_64.rpm
e92cb46b6d371f73eff43b476dcd54f4 corporate/4.0/x86_64/clamav-db-0.94.1-1.1.20060mlcs4.x86_64.rpm
ec10430998e66eb4480b57d2fb6498cb corporate/4.0/x86_64/clamd-0.94.1-1.1.20060mlcs4.x86_64.rpm
fdf5c8befc3d9d1998374f50cb5422e2 corporate/4.0/x86_64/lib64clamav5-0.94.1-1.1.20060mlcs4.x86_64.rpm
e8c7a76407422da2d981c78ceb08d025 corporate/4.0/x86_64/lib64clamav-devel-0.94.1-1.1.20060mlcs4.x86_64.rpm
c8c748cb4ff626c87ec4ec620873516b corporate/4.0/SRPMS/clamav-0.94.1-1.1.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJHcTemqjQ0CJFipgRAlpVAJ0b6pm8UdqWIdKxPfFjTf5TWFsW1wCfdjSr
OpG3ud3BqpP/lBGsycPNuWY=
=AY8S
-----END PGP SIGNATURE-----