-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:003 http://www.mandriva.com/security/ _______________________________________________________________________ Package : clamav Date : January 8, 2008 Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0 _______________________________________________________________________ Problem Description: An integer overflow vulnerability was reported by iDefense with clamav when parsing Portable Executable (PE) files packed in he MEW format. This could be exploited to cause a heap-based buffer overflow (CVE-2007-6335). Toeroek Edwin reported an off-by-one error when decompressing MS-ZIP compressed CAB files (CVE-2007-6336). As well, an unspecified vulnerability related to the bzip2 decompression algorithm was also discovered (CVE-2007-6337). Other bugs have also been corrected in 0.92 which is being provided with this update. Because this new version has increased the major of the libclamav library, updated dependent packages are also being provided. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6335 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6336 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6337 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: fc1ed2d6d7e2fa61e004fd494422e22f 2007.0/i586/clamav-0.92-1.2mdv2007.0.i586.rpm 0a7dfdfcdc80018d86f8bae73765eb92 2007.0/i586/clamav-db-0.92-1.2mdv2007.0.i586.rpm ab2486ddadf2802c9e78430abb4e58fb 2007.0/i586/clamav-milter-0.92-1.2mdv2007.0.i586.rpm d2194bbac627a8acafd970db80e20412 2007.0/i586/clamd-0.92-1.2mdv2007.0.i586.rpm 399a07092d1d78854d632dbe9817d6a5 2007.0/i586/clamdmon-0.92-1.2mdv2007.0.i586.rpm 47decdf9abd2202411c491e894c79929 2007.0/i586/klamav-0.41-1.2mdv2007.0.i586.rpm 1d943cf9dee68ffa180a71d858a70380 2007.0/i586/libclamav-devel-0.92-1.2mdv2007.0.i586.rpm d989f8d8b42469a13a6d5fc2688bc9b2 2007.0/i586/libclamav3-0.92-1.2mdv2007.0.i586.rpm 62bfa2e660093513501a33789363d460 2007.0/SRPMS/clamav-0.92-1.2mdv2007.0.src.rpm 55e28787b08fb04beff3116e7f8d6493 2007.0/SRPMS/klamav-0.41-1.2mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 95f5232dc3753516030e8535729ab255 2007.0/x86_64/clamav-0.92-1.2mdv2007.0.x86_64.rpm e7cebecea23dd203d52d179bf4d134cf 2007.0/x86_64/clamav-db-0.92-1.2mdv2007.0.x86_64.rpm ef628aa8fe5942d46aa744732506deed 2007.0/x86_64/clamav-milter-0.92-1.2mdv2007.0.x86_64.rpm 183e54911edb0cc44973a8fd536637b0 2007.0/x86_64/clamd-0.92-1.2mdv2007.0.x86_64.rpm b4518d6bb8613c99a790fe7f38b137c8 2007.0/x86_64/clamdmon-0.92-1.2mdv2007.0.x86_64.rpm 42f54d20f5532e816129b31cf60413a9 2007.0/x86_64/klamav-0.41-1.2mdv2007.0.x86_64.rpm a50b759ceb63183e37f5763b4d1bd717 2007.0/x86_64/lib64clamav-devel-0.92-1.2mdv2007.0.x86_64.rpm dafdf9a64ead071f9f04bdf2d4a58e6e 2007.0/x86_64/lib64clamav3-0.92-1.2mdv2007.0.x86_64.rpm 62bfa2e660093513501a33789363d460 2007.0/SRPMS/clamav-0.92-1.2mdv2007.0.src.rpm 55e28787b08fb04beff3116e7f8d6493 2007.0/SRPMS/klamav-0.41-1.2mdv2007.0.src.rpm Mandriva Linux 2007.1: 98d49b30e7a6b938af5aaef9a472a25c 2007.1/i586/clamav-0.92-1.2mdv2007.1.i586.rpm 9bfdaad1a14b3565be36864193ce9840 2007.1/i586/clamav-db-0.92-1.2mdv2007.1.i586.rpm 4ad6c52459606908986826259d17fa4e 2007.1/i586/clamav-milter-0.92-1.2mdv2007.1.i586.rpm bfe81d6d31909889f4a1f9822c6f3c87 2007.1/i586/clamd-0.92-1.2mdv2007.1.i586.rpm 77591c75d6176061fa120ad5b5329846 2007.1/i586/clamdmon-0.92-1.2mdv2007.1.i586.rpm 66939dc58639cc283cd4809719379100 2007.1/i586/klamav-0.41-2.1mdv2007.1.i586.rpm cf7e4f222f7b1992174c52fc9fa5e5e2 2007.1/i586/libclamav-devel-0.92-1.2mdv2007.1.i586.rpm 405f62a1609dc6c8ea527bf2479030c1 2007.1/i586/libclamav3-0.92-1.2mdv2007.1.i586.rpm b07c73a90d19f1a9d4c34cb586a51d0b 2007.1/SRPMS/clamav-0.92-1.2mdv2007.1.src.rpm 45f42d28eb80611716a514aeed60b147 2007.1/SRPMS/klamav-0.41-2.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 0ce7b6c2cc03b1a06812eaa8666a69d7 2007.1/x86_64/clamav-0.92-1.2mdv2007.1.x86_64.rpm 1d5785bb027b8f554d736b6b480755c2 2007.1/x86_64/clamav-db-0.92-1.2mdv2007.1.x86_64.rpm 721eeabf6bc31ac026af9a8971a010ee 2007.1/x86_64/clamav-milter-0.92-1.2mdv2007.1.x86_64.rpm 9d275b05f19ab0fbf8a294345aaf2d46 2007.1/x86_64/clamd-0.92-1.2mdv2007.1.x86_64.rpm a20c0c41cdd1fb2a68e157eb7b9c6c37 2007.1/x86_64/clamdmon-0.92-1.2mdv2007.1.x86_64.rpm 18d5c2a141e17b054b87d98534c18820 2007.1/x86_64/klamav-0.41-2.1mdv2007.1.x86_64.rpm bfc5e7ef4a1445d2f529dbd57aec9440 2007.1/x86_64/lib64clamav-devel-0.92-1.2mdv2007.1.x86_64.rpm 1284fd4541adfb80164a40a17bd367c4 2007.1/x86_64/lib64clamav3-0.92-1.2mdv2007.1.x86_64.rpm b07c73a90d19f1a9d4c34cb586a51d0b 2007.1/SRPMS/clamav-0.92-1.2mdv2007.1.src.rpm 45f42d28eb80611716a514aeed60b147 2007.1/SRPMS/klamav-0.41-2.1mdv2007.1.src.rpm Mandriva Linux 2008.0: 6845c3727edd9c4cd40ab453433b23de 2008.0/i586/clamav-0.92-1.2mdv2008.0.i586.rpm be3ee6e6a5507432295ab884b28dd963 2008.0/i586/clamav-db-0.92-1.2mdv2008.0.i586.rpm b75df65dda486cbff50a07dfc5f67053 2008.0/i586/clamav-milter-0.92-1.2mdv2008.0.i586.rpm d6c5d54b74df8ad54c8c0166a5dfca5a 2008.0/i586/clamd-0.92-1.2mdv2008.0.i586.rpm 99690d8f46e628ced3d7511c3961d8c8 2008.0/i586/clamdmon-0.92-1.2mdv2008.0.i586.rpm a761c21b0b0132567e45e005f4b46d59 2008.0/i586/klamav-0.41.1-2.1mdv2008.0.i586.rpm 1eca36b7674292f957de5c7809ef7c8f 2008.0/i586/libclamav-devel-0.92-1.2mdv2008.0.i586.rpm 3b593a73a49128450d7dd0b55d379c87 2008.0/i586/libclamav3-0.92-1.2mdv2008.0.i586.rpm 51dc9ab3b42c323547d03de5db226a84 2008.0/SRPMS/clamav-0.92-1.2mdv2008.0.src.rpm 4257ab503f00c056db9e2d2ec5be92d7 2008.0/SRPMS/klamav-0.41.1-2.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: cde28a6c10e4e649fdc2e76a3c058190 2008.0/x86_64/clamav-0.92-1.2mdv2008.0.x86_64.rpm cddc66f6bf586632b3b6372a55dd01d9 2008.0/x86_64/clamav-db-0.92-1.2mdv2008.0.x86_64.rpm 0f55d2cd2560725241a599eaf4473b16 2008.0/x86_64/clamav-milter-0.92-1.2mdv2008.0.x86_64.rpm 91c0c8d9a951437a31dce3de060e948e 2008.0/x86_64/clamd-0.92-1.2mdv2008.0.x86_64.rpm 835e414799fd885acb37697e7a94a0ac 2008.0/x86_64/clamdmon-0.92-1.2mdv2008.0.x86_64.rpm c4bb62543906bd0685ef3dedbd1d1eed 2008.0/x86_64/klamav-0.41.1-2.1mdv2008.0.x86_64.rpm 013062a449726abcdb0e6ac69c0932d1 2008.0/x86_64/lib64clamav-devel-0.92-1.2mdv2008.0.x86_64.rpm f6b532ea61bf4213123804b00b7e0d40 2008.0/x86_64/lib64clamav3-0.92-1.2mdv2008.0.x86_64.rpm 51dc9ab3b42c323547d03de5db226a84 2008.0/SRPMS/clamav-0.92-1.2mdv2008.0.src.rpm 4257ab503f00c056db9e2d2ec5be92d7 2008.0/SRPMS/klamav-0.41.1-2.1mdv2008.0.src.rpm Corporate 3.0: 3f2a48e871c6c4a3b0a57d0eaa622a37 corporate/3.0/i586/clamav-0.92-0.2.C30mdk.i586.rpm ce3f09c9cbbd81bd2f5b035bf29a5b46 corporate/3.0/i586/clamav-db-0.92-0.2.C30mdk.i586.rpm e60f7417cdeddb012eb8b1f5713d63a3 corporate/3.0/i586/clamav-milter-0.92-0.2.C30mdk.i586.rpm 74f1aee20b5031b0ac067d188f7168fb corporate/3.0/i586/clamd-0.92-0.2.C30mdk.i586.rpm 3bb0b303bef626dc9543310c6fb25696 corporate/3.0/i586/clamdmon-0.92-0.2.C30mdk.i586.rpm 9f6845a740d65133e4ddfc4b3f97c11a corporate/3.0/i586/libclamav-devel-0.92-0.2.C30mdk.i586.rpm 5364bdfc013ade1199cd9e95f1587b20 corporate/3.0/i586/libclamav3-0.92-0.2.C30mdk.i586.rpm 3706e74c9205d888150c74a5310741e0 corporate/3.0/SRPMS/clamav-0.92-0.2.C30mdk.src.rpm Corporate 3.0/X86_64: c07a6b3b930907d623ac66abb1b3a599 corporate/3.0/x86_64/clamav-0.92-0.2.C30mdk.x86_64.rpm dc5a98c4378b9fd58e9c4dcc149d9708 corporate/3.0/x86_64/clamav-db-0.92-0.2.C30mdk.x86_64.rpm 93bc3c83d173c8fa6b5f8fba96df8847 corporate/3.0/x86_64/clamav-milter-0.92-0.2.C30mdk.x86_64.rpm 3038d4e399a7ee4dd07739e91a10a675 corporate/3.0/x86_64/clamd-0.92-0.2.C30mdk.x86_64.rpm ed758355a6d8b53bf3a5a5d84124c789 corporate/3.0/x86_64/clamdmon-0.92-0.2.C30mdk.x86_64.rpm 9546306ca59838c1b35fac61a12297b3 corporate/3.0/x86_64/lib64clamav-devel-0.92-0.2.C30mdk.x86_64.rpm 5817803ca6185e173127889ae7640589 corporate/3.0/x86_64/lib64clamav3-0.92-0.2.C30mdk.x86_64.rpm 3706e74c9205d888150c74a5310741e0 corporate/3.0/SRPMS/clamav-0.92-0.2.C30mdk.src.rpm Corporate 4.0: 09bc97f6d0c3a507537dd5df5d5a2e9e corporate/4.0/i586/c-icap-client-210205-5.2.20060mlcs4.i586.rpm c162b402dd359cef918fca6a4ee55dc4 corporate/4.0/i586/c-icap-modules-210205-5.2.20060mlcs4.i586.rpm 4ef1e16aa796f03a35e4fde3b2e73c29 corporate/4.0/i586/c-icap-server-210205-5.2.20060mlcs4.i586.rpm b300a7fc384f7425c10b5498c703f2c9 corporate/4.0/i586/clamav-0.92-0.2.20060mlcs4.i586.rpm 2445d34f9632fa547ae0a1884152e7f2 corporate/4.0/i586/clamav-db-0.92-0.2.20060mlcs4.i586.rpm 4fbf33fa8581f1e9149064bf98286d76 corporate/4.0/i586/clamav-milter-0.92-0.2.20060mlcs4.i586.rpm d7975bcedccf63ad68fa1003c39ea38f corporate/4.0/i586/clamd-0.92-0.2.20060mlcs4.i586.rpm 1a36e1a5f049193ebc4183116b0efba1 corporate/4.0/i586/clamdmon-0.92-0.2.20060mlcs4.i586.rpm d65e1dc78894367ec8778cdd4b3dcaab corporate/4.0/i586/libc-icap0-210205-5.2.20060mlcs4.i586.rpm 557e71c20126d3e8e2b3761d618e81b2 corporate/4.0/i586/libc-icap0-devel-210205-5.2.20060mlcs4.i586.rpm 7547cb16781ef5864049bdbe3be066ca corporate/4.0/i586/libclamav-devel-0.92-0.2.20060mlcs4.i586.rpm 8670164705db11dab33cf01aecee05b5 corporate/4.0/i586/libclamav3-0.92-0.2.20060mlcs4.i586.rpm 4bdc08d830df3e0b8ddc2eada232a83d corporate/4.0/i586/php-clamav-0.12a-8.2.20060mlcs4.i586.rpm ab588a94a6ae104f6a379dd164fdbb9b corporate/4.0/SRPMS/c-icap-210205-5.2.20060mlcs4.src.rpm f62afc45435fb35b7a24b5a1a9827099 corporate/4.0/SRPMS/clamav-0.92-0.2.20060mlcs4.src.rpm 1fdbb8cab6b50d1648dcc162f1e9aad8 corporate/4.0/SRPMS/php-clamav-0.12a-8.2.20060mlcs4.src.rpm Corporate 4.0/X86_64: f84c1bd0a6e0794991262915dd73682c corporate/4.0/x86_64/c-icap-client-210205-5.2.20060mlcs4.x86_64.rpm 1a4cea375f8278d8fa74e578e05b99f8 corporate/4.0/x86_64/c-icap-modules-210205-5.2.20060mlcs4.x86_64.rpm c86cf3a99cb02b60686cfafebdabc427 corporate/4.0/x86_64/c-icap-server-210205-5.2.20060mlcs4.x86_64.rpm ac36226fb9c603e53c6b8ae0cc834106 corporate/4.0/x86_64/clamav-0.92-0.2.20060mlcs4.x86_64.rpm 8b6b8043edb52c9510e634a6f5549ffc corporate/4.0/x86_64/clamav-db-0.92-0.2.20060mlcs4.x86_64.rpm 80313735603168fa6d4d1cee550b4461 corporate/4.0/x86_64/clamav-milter-0.92-0.2.20060mlcs4.x86_64.rpm 5edc55a2746cdbfbc9dab0c138cd7904 corporate/4.0/x86_64/clamd-0.92-0.2.20060mlcs4.x86_64.rpm bf4df46b323a4184726b02b8551fbb74 corporate/4.0/x86_64/clamdmon-0.92-0.2.20060mlcs4.x86_64.rpm 3bd7ab884f9e1dce5d127ded6b81cddc corporate/4.0/x86_64/lib64c-icap0-210205-5.2.20060mlcs4.x86_64.rpm 6f688ee2b22016964b46dc81c8a075a0 corporate/4.0/x86_64/lib64c-icap0-devel-210205-5.2.20060mlcs4.x86_64.rpm a8f718d57e5533e8df7c47cd26f5b2a4 corporate/4.0/x86_64/lib64clamav-devel-0.92-0.2.20060mlcs4.x86_64.rpm a7e2bca01fdf9ec52bb277b85260a6f4 corporate/4.0/x86_64/lib64clamav3-0.92-0.2.20060mlcs4.x86_64.rpm a0eff3d2addb10828672f26d1ef9aebf corporate/4.0/x86_64/php-clamav-0.12a-8.2.20060mlcs4.x86_64.rpm ab588a94a6ae104f6a379dd164fdbb9b corporate/4.0/SRPMS/c-icap-210205-5.2.20060mlcs4.src.rpm f62afc45435fb35b7a24b5a1a9827099 corporate/4.0/SRPMS/clamav-0.92-0.2.20060mlcs4.src.rpm 1fdbb8cab6b50d1648dcc162f1e9aad8 corporate/4.0/SRPMS/php-clamav-0.12a-8.2.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) iD8DBQFHhEmcmqjQ0CJFipgRAvVeAJ45qzu/QLzIfZj6gtC30oXmGzl8/wCePF5A vIfEl5eWay4ZlBdo5q23Y4M= =9O4q -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/