Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in clamav
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in clamav
ID: MDVSA-2010:110
Distribution: Mandriva
Plattformen: Mandriva Corporate 4.0, Mandriva 2008.0, Mandriva 2009.0, Mandriva Enterprise Server 5.0
Datum: Do, 27. Mai 2010, 21:26
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1640
Applikationen: Clam Antivirus

Originalnachricht

This is a multi-part message in MIME format...

------------=_1274978712-24326-8293


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2010:110
http://www.mandriva.com/security/
_______________________________________________________________________

Package : clamav
Date : May 27, 2010
Affected: 2008.0, 2009.0, Corporate 4.0, Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities was discovered and fixed in clamav:

The cli_pdf function in libclamav/pdf.c in ClamAV before 0.96.1 allows
remote attackers to cause a denial of service (crash) via a malformed
PDF file, related to an inconsistency in the calculated stream length
and the real stream length (CVE-2010-1639).

Off-by-one error in the parseicon function in libclamav/pe_icons.c
in ClamAV 0.96 allows remote attackers to cause a denial of service
(crash) via a crafted PE icon that triggers an out-of-bounds read,
related to improper rounding during scaling (CVE-2010-1640).

Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

This update provides clamav 0.96.1 which is not vulnerable to these
issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1640
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2008.0:
befa2aace21d5723723bb3a93444fff6
2008.0/i586/clamav-0.96.1-0.1mdv2008.0.i586.rpm
91de0b1b1d3717b02c5ec78f40b60068
2008.0/i586/clamav-db-0.96.1-0.1mdv2008.0.i586.rpm
5e63fa6565cbfaa4cc4000f77524a181
2008.0/i586/clamav-milter-0.96.1-0.1mdv2008.0.i586.rpm
58e46d78bf423fbb1ef84d6073fe1040
2008.0/i586/clamd-0.96.1-0.1mdv2008.0.i586.rpm
f24eadf9d0a1b0a7c733568207743385
2008.0/i586/libclamav6-0.96.1-0.1mdv2008.0.i586.rpm
3fee97d038854d35d18aee05054b6c0d
2008.0/i586/libclamav-devel-0.96.1-0.1mdv2008.0.i586.rpm
ffbe6ca177a8b262e4c6fc0ca0f3669c
2008.0/SRPMS/clamav-0.96.1-0.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
1082117001d058707bdfacc642498a2a
2008.0/x86_64/clamav-0.96.1-0.1mdv2008.0.x86_64.rpm
21bd752b8b431e61c089ccf428d01d29
2008.0/x86_64/clamav-db-0.96.1-0.1mdv2008.0.x86_64.rpm
2f83a0bb14fcefb8717f80964b173894
2008.0/x86_64/clamav-milter-0.96.1-0.1mdv2008.0.x86_64.rpm
a873d1c7e555552e1c3d66b0515f83cb
2008.0/x86_64/clamd-0.96.1-0.1mdv2008.0.x86_64.rpm
7646d23e108a6e14f8d4092415ac02b9
2008.0/x86_64/lib64clamav6-0.96.1-0.1mdv2008.0.x86_64.rpm
658acc18cafe0edfa371ecbc014df8ae
2008.0/x86_64/lib64clamav-devel-0.96.1-0.1mdv2008.0.x86_64.rpm
ffbe6ca177a8b262e4c6fc0ca0f3669c
2008.0/SRPMS/clamav-0.96.1-0.1mdv2008.0.src.rpm

Mandriva Linux 2009.0:
a8d05f37aa91c68aae2085ff732c702b
2009.0/i586/clamav-0.96.1-0.1mdv2009.0.i586.rpm
5ec9f018d0041edb436550c89309171d
2009.0/i586/clamav-db-0.96.1-0.1mdv2009.0.i586.rpm
99628e6c2a48857b8826602c697b16ab
2009.0/i586/clamav-milter-0.96.1-0.1mdv2009.0.i586.rpm
0224610ee1b6329eff5c22d7f39578f0
2009.0/i586/clamd-0.96.1-0.1mdv2009.0.i586.rpm
fca0b7af4f6bb22071c75baab07a35b1
2009.0/i586/libclamav6-0.96.1-0.1mdv2009.0.i586.rpm
bdabf8cdc50a4c5685e6d260afe415b3
2009.0/i586/libclamav-devel-0.96.1-0.1mdv2009.0.i586.rpm
d11af730b3a2c053ba1d6ec23fc564f0
2009.0/SRPMS/clamav-0.96.1-0.1mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64:
60f63c024a8f817dadffa0d89e21eb9f
2009.0/x86_64/clamav-0.96.1-0.1mdv2009.0.x86_64.rpm
18f79b9b586bc80732dd10dbd2a6cc79
2009.0/x86_64/clamav-db-0.96.1-0.1mdv2009.0.x86_64.rpm
a581fe3f1c8361fabaf3cb9f376d59cb
2009.0/x86_64/clamav-milter-0.96.1-0.1mdv2009.0.x86_64.rpm
86a0d9f2a488e4da2fe6b53527b815e7
2009.0/x86_64/clamd-0.96.1-0.1mdv2009.0.x86_64.rpm
7e9bad2cfe4809f985d9d908af327b8d
2009.0/x86_64/lib64clamav6-0.96.1-0.1mdv2009.0.x86_64.rpm
d805cfe2b75d9a0fa2ffa0d31d7d27ec
2009.0/x86_64/lib64clamav-devel-0.96.1-0.1mdv2009.0.x86_64.rpm
d11af730b3a2c053ba1d6ec23fc564f0
2009.0/SRPMS/clamav-0.96.1-0.1mdv2009.0.src.rpm

Corporate 4.0:
1f908bfa4cbe1232569026efcf034b12
corporate/4.0/i586/clamav-0.96.1-0.1.20060mlcs4.i586.rpm
647ff93c4169583e606987983de6f938
corporate/4.0/i586/clamav-db-0.96.1-0.1.20060mlcs4.i586.rpm
a1bd815b64388a6a04fd14f423970c70
corporate/4.0/i586/clamav-milter-0.96.1-0.1.20060mlcs4.i586.rpm
fe0f9d33df3d9127161a8551dbb7e6c7
corporate/4.0/i586/clamd-0.96.1-0.1.20060mlcs4.i586.rpm
2faa8d0b9553999d5b18314ce63bf06b
corporate/4.0/i586/libclamav6-0.96.1-0.1.20060mlcs4.i586.rpm
e4728f4fa514d353279521d8ae782c0a
corporate/4.0/i586/libclamav-devel-0.96.1-0.1.20060mlcs4.i586.rpm
517ac78ca08fe3ccd80ccd0e160c4f02
corporate/4.0/SRPMS/clamav-0.96.1-0.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
6848c1a8b646e217c290e4a557cf6a7d
corporate/4.0/x86_64/clamav-0.96.1-0.1.20060mlcs4.x86_64.rpm
205ce302337f02c1ce74539f65d95901
corporate/4.0/x86_64/clamav-db-0.96.1-0.1.20060mlcs4.x86_64.rpm
d788499888b228f17d34d707f99d399f
corporate/4.0/x86_64/clamav-milter-0.96.1-0.1.20060mlcs4.x86_64.rpm
31f2d05f1fda805f2a95a68f0742e460
corporate/4.0/x86_64/clamd-0.96.1-0.1.20060mlcs4.x86_64.rpm
e553aec47a2d26e41662593697b10ed9
corporate/4.0/x86_64/lib64clamav6-0.96.1-0.1.20060mlcs4.x86_64.rpm
383fe32d703c2c99d7102dfa78061a06
corporate/4.0/x86_64/lib64clamav-devel-0.96.1-0.1.20060mlcs4.x86_64.rpm
517ac78ca08fe3ccd80ccd0e160c4f02
corporate/4.0/SRPMS/clamav-0.96.1-0.1.20060mlcs4.src.rpm

Mandriva Enterprise Server 5:
6239df4cb3848f6d0e623ca388537808
mes5/i586/clamav-0.96.1-0.1mdvmes5.1.i586.rpm
d5bdcebae3ce25c8314cd91729df1891
mes5/i586/clamav-db-0.96.1-0.1mdvmes5.1.i586.rpm
32f0750aed27bd140bf5da065f1e1ebe
mes5/i586/clamav-milter-0.96.1-0.1mdvmes5.1.i586.rpm
dd545fdb4cf27d717d589beb3787ff11 mes5/i586/clamd-0.96.1-0.1mdvmes5.1.i586.rpm
8a191c540f7228a36a4301c0442e3a68
mes5/i586/libclamav6-0.96.1-0.1mdvmes5.1.i586.rpm
f3b1106a99b6161553cf83812231cae5
mes5/i586/libclamav-devel-0.96.1-0.1mdvmes5.1.i586.rpm
bc8e69f99a4837cb5c7127604addaa74
mes5/SRPMS/clamav-0.96.1-0.1mdvmes5.1.src.rpm

Mandriva Enterprise Server 5/X86_64:
0c4c0c12601d5539497cf25c429ce553
mes5/x86_64/clamav-0.96.1-0.1mdvmes5.1.x86_64.rpm
6ea9c8f7d8383e9e5623eb2fd7b56d03
mes5/x86_64/clamav-db-0.96.1-0.1mdvmes5.1.x86_64.rpm
ec4ef11b9a1cb4e89cd36d8aa8788071
mes5/x86_64/clamav-milter-0.96.1-0.1mdvmes5.1.x86_64.rpm
6a5e85303ae96eb1123aabf4a72c1014
mes5/x86_64/clamd-0.96.1-0.1mdvmes5.1.x86_64.rpm
8b070d1b989a43b0145614dff41881ae
mes5/x86_64/lib64clamav6-0.96.1-0.1mdvmes5.1.x86_64.rpm
cbee60050896a187b449647fa7f4e330
mes5/x86_64/lib64clamav-devel-0.96.1-0.1mdvmes5.1.x86_64.rpm
bc8e69f99a4837cb5c7127604addaa74
mes5/SRPMS/clamav-0.96.1-0.1mdvmes5.1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFL/nI8mqjQ0CJFipgRApflAJ0aWGQPfjtPbacIlezjVyoQqG1smgCfcqGT
yM1hw8RzpdyMgTUHfdx4UEI=
=KQZ3
-----END PGP SIGNATURE-----


------------=_1274978712-24326-8293
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1274978712-24326-8293--
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung