Login
Newsletter
Werbung

Sicherheit: Zahlenüberläufe in clamav
Aktuelle Meldungen Distributionen
Name: Zahlenüberläufe in clamav
ID: MDKSA-2005:125
Distribution: Mandriva
Plattformen: Mandriva 10.1, Mandriva Corporate 3.0, Mandriva 10.2
Datum: Do, 28. Juli 2005, 13:00
Referenzen: http://sourceforge.net/project/shownotes.php?release_id=344514
Applikationen: Clam Antivirus

Originalnachricht

This is a multi-part message in MIME format...

------------=_1122511306-740-5602

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: clamav
Advisory ID: MDKSA-2005:125
Date: July 27th, 2005

Affected versions: 10.1, 10.2, Corporate 3.0
______________________________________________________________________

Problem Description:

Neel Mehta and Alex Wheeler discovered integer overflow vulnerabilites
in Clam AntiVirus when handling the TNEF, CHM, and FSG file formats.
By sending a specially-crafted file, an attacker could execute
arbitrary code with the permissions of the user running Clam AV.

This update provides clamav 0.86.2 which is not vulnerable to these
issues.
_______________________________________________________________________

References:

http://sourceforge.net/project/shownotes.php?release_id=344514
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.1:
3aff45c0ae423b192f01753464b6cfbc 10.1/RPMS/clamav-0.86.2-0.1.101mdk.i586.rpm
0d299b50297ac175acdb7531f84f55ab
10.1/RPMS/clamav-db-0.86.2-0.1.101mdk.i586.rpm
dffea206daadeab2d90a8b68ca4f7fea
10.1/RPMS/clamav-milter-0.86.2-0.1.101mdk.i586.rpm
f3f09c0d2d575b3156cf323ffbbb94db 10.1/RPMS/clamd-0.86.2-0.1.101mdk.i586.rpm
d1b9984b610cce82fcab6d9c4c5a97ca
10.1/RPMS/libclamav1-0.86.2-0.1.101mdk.i586.rpm
46b3844d26743b67e9496052933d705f
10.1/RPMS/libclamav1-devel-0.86.2-0.1.101mdk.i586.rpm
c42e349d54742b783c3003557e3c30cb 10.1/SRPMS/clamav-0.86.2-0.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
a423b14654e6942ab17739990dcfae6e
x86_64/10.1/RPMS/clamav-0.86.2-0.1.101mdk.x86_64.rpm
aa1b3a15c662321fe2991e1aeeaae68a
x86_64/10.1/RPMS/clamav-db-0.86.2-0.1.101mdk.x86_64.rpm
01b1199b3ba12d6feaa5ff1d921fe0e7
x86_64/10.1/RPMS/clamav-milter-0.86.2-0.1.101mdk.x86_64.rpm
60a72c063eab410c282e8ee9d0a362fe
x86_64/10.1/RPMS/clamd-0.86.2-0.1.101mdk.x86_64.rpm
02acc55a71e3af52323b8aa340f5521f
x86_64/10.1/RPMS/lib64clamav1-0.86.2-0.1.101mdk.x86_64.rpm
9f24abc7804efab4b00799745983e3f1
x86_64/10.1/RPMS/lib64clamav1-devel-0.86.2-0.1.101mdk.x86_64.rpm
c42e349d54742b783c3003557e3c30cb
x86_64/10.1/SRPMS/clamav-0.86.2-0.1.101mdk.src.rpm

Mandrakelinux 10.2:
5547710e07946868106e106ef69db7be 10.2/RPMS/clamav-0.86.2-0.1.102mdk.i586.rpm
5ef48f506ceeae734d446482cc301474
10.2/RPMS/clamav-db-0.86.2-0.1.102mdk.i586.rpm
4f64fcc53200e73828959577eafe7035
10.2/RPMS/clamav-milter-0.86.2-0.1.102mdk.i586.rpm
6a7a2f0e4d02ea303617351af05a5770 10.2/RPMS/clamd-0.86.2-0.1.102mdk.i586.rpm
956ecafdf4be2be4da8e9f2f0ea7d9c3
10.2/RPMS/libclamav1-0.86.2-0.1.102mdk.i586.rpm
b51aec4894ad6d5a950188bc5ec7a8c3
10.2/RPMS/libclamav1-devel-0.86.2-0.1.102mdk.i586.rpm
be8dccab0884da69dd52c62abbab35fd 10.2/SRPMS/clamav-0.86.2-0.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
7b22b558e2e0e48cb3f8e137c74982b8
x86_64/10.2/RPMS/clamav-0.86.2-0.1.102mdk.x86_64.rpm
3e0f6b63b114ffeb10b5f2ac2e5be66f
x86_64/10.2/RPMS/clamav-db-0.86.2-0.1.102mdk.x86_64.rpm
4a68fe06f2c665135d979a2d385079ab
x86_64/10.2/RPMS/clamav-milter-0.86.2-0.1.102mdk.x86_64.rpm
1b580f573bf00a934c7a7702815776e8
x86_64/10.2/RPMS/clamd-0.86.2-0.1.102mdk.x86_64.rpm
6a30cc951870872319cd85ae597859f1
x86_64/10.2/RPMS/lib64clamav1-0.86.2-0.1.102mdk.x86_64.rpm
7ecb12fa41abe3154ab70bdeb19e07c2
x86_64/10.2/RPMS/lib64clamav1-devel-0.86.2-0.1.102mdk.x86_64.rpm
be8dccab0884da69dd52c62abbab35fd
x86_64/10.2/SRPMS/clamav-0.86.2-0.1.102mdk.src.rpm

Corporate 3.0:
6f0a3bb18f7d61a16417a98fa69cdacb
corporate/3.0/RPMS/clamav-0.86.2-0.1.C30mdk.i586.rpm
69588b59e762b1d03ac5a3cf9dbfa8b0
corporate/3.0/RPMS/clamav-db-0.86.2-0.1.C30mdk.i586.rpm
1eafaa2b6137d98c8cf194f2f58bc3d0
corporate/3.0/RPMS/clamav-milter-0.86.2-0.1.C30mdk.i586.rpm
3a267af54b0eeabd001c3451986ed15c
corporate/3.0/RPMS/clamd-0.86.2-0.1.C30mdk.i586.rpm
1f76c41366fc33e3af89dd78accb1274
corporate/3.0/RPMS/libclamav1-0.86.2-0.1.C30mdk.i586.rpm
4bde87b4bcbf9d10930ad0e2eaba4098
corporate/3.0/RPMS/libclamav1-devel-0.86.2-0.1.C30mdk.i586.rpm
55acc738815c806b4432771588499a8e
corporate/3.0/SRPMS/clamav-0.86.2-0.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
a22408fe6beb9b8bda8ff23afe644192
x86_64/corporate/3.0/RPMS/clamav-0.86.2-0.1.C30mdk.x86_64.rpm
8b4166f392d03770be85d515ed3ba380
x86_64/corporate/3.0/RPMS/clamav-db-0.86.2-0.1.C30mdk.x86_64.rpm
2521821041564175cea3baf9f7b87694
x86_64/corporate/3.0/RPMS/clamav-milter-0.86.2-0.1.C30mdk.x86_64.rpm
fd479aa012e2fd92b18cdf57adaba9e6
x86_64/corporate/3.0/RPMS/clamd-0.86.2-0.1.C30mdk.x86_64.rpm
4bdf0fa5cb4e8cb179038fd35340ca14
x86_64/corporate/3.0/RPMS/lib64clamav1-0.86.2-0.1.C30mdk.x86_64.rpm
d7141c38c4c01ce2fd9c7a7f361bca72
x86_64/corporate/3.0/RPMS/lib64clamav1-devel-0.86.2-0.1.C30mdk.x86_64.rpm
55acc738815c806b4432771588499a8e
x86_64/corporate/3.0/SRPMS/clamav-0.86.2-0.1.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFC6CdqmqjQ0CJFipgRAtdvAKDjWIZoDFM7vgBBirtrKzZ5gtav+QCgrhDY
0XoqT2+UgWbVLQ3tVwSKS8U=
=9Qeu
-----END PGP SIGNATURE-----


------------=_1122511306-740-5602
Content-Disposition: inline; filename="message.footer"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________



------------=_1122511306-740-5602--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung