Exploit the possiblities

Mandriva Linux Security Advisory 2012-094

Mandriva Linux Security Advisory 2012-094
Posted Jun 19, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-094 - This is a bugfix release that upgrades clamav to the latest version The TAR file parser in ClamAV 0.96.4 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. The Microsoft CHM file parser in ClamAV 0.96.4 allows remote attackers to bypass malware detection via a crafted reset interval in the LZXC header of a CHM file. The TAR file parser in ClamAV 0.96.4 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2012-1457, CVE-2012-1458, CVE-2012-1459
MD5 | 9f2a55c5cf58d35e60e15c844a8c86bc

Mandriva Linux Security Advisory 2012-094

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2012:094
http://www.mandriva.com/security/
_______________________________________________________________________

Package : clamav
Date : June 18, 2012
Affected: Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

This is a bugfix release that upgrades clamav to the latest version
(0.97.5) that resolves the following security issues:

The TAR file parser in ClamAV 0.96.4 allows remote attackers to bypass
malware detection via a TAR archive entry with a length field that
exceeds the total TAR file size. NOTE: this may later be SPLIT into
multiple CVEs if additional information is published showing that the
error occurred independently in different TAR parser implementations
(CVE-2012-1457).

The Microsoft CHM file parser in ClamAV 0.96.4 allows remote attackers
to bypass malware detection via a crafted reset interval in the LZXC
header of a CHM file. NOTE: this may later be SPLIT into multiple CVEs
if additional information is published showing that the error occurred
independently in different CHM parser implementations (CVE-2012-1458).

The TAR file parser in ClamAV 0.96.4 allows remote attackers to
bypass malware detection via a TAR archive entry with a length field
corresponding to that entire entry, plus part of the header of the
next entry. NOTE: this may later be SPLIT into multiple CVEs if
additional information is published showing that the error occurred
independently in different TAR parser implementations (CVE-2012-1459).
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1459
http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.97.5
_______________________________________________________________________

Updated Packages:

Mandriva Enterprise Server 5:
d82d78601290e2f6073974170c81841a mes5/i586/clamav-0.97.5-0.1mdvmes5.2.i586.rpm
80f0475472c0217afd3727019bf27e53 mes5/i586/clamav-db-0.97.5-0.1mdvmes5.2.i586.rpm
c13835eadea8d2af15b628fba3159e8b mes5/i586/clamav-milter-0.97.5-0.1mdvmes5.2.i586.rpm
d7c058fae32f1a081b1d4ca31157df0e mes5/i586/clamd-0.97.5-0.1mdvmes5.2.i586.rpm
5ad153709c7eb510c2be2e82bfa5ac52 mes5/i586/libclamav6-0.97.5-0.1mdvmes5.2.i586.rpm
96e3d3f3e9bea802c4109c155c9d1465 mes5/i586/libclamav-devel-0.97.5-0.1mdvmes5.2.i586.rpm
203cde43731b63729d1f7f6497033184 mes5/SRPMS/clamav-0.97.5-0.1mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
b30f5aafd9aaff0a7743fb62f33ccbea mes5/x86_64/clamav-0.97.5-0.1mdvmes5.2.x86_64.rpm
1508801239427c0ac72734f52cb4451c mes5/x86_64/clamav-db-0.97.5-0.1mdvmes5.2.x86_64.rpm
92b4c5ca6db656801b5b6ae217c6e171 mes5/x86_64/clamav-milter-0.97.5-0.1mdvmes5.2.x86_64.rpm
94fad12df2cc900309087bbda13c826a mes5/x86_64/clamd-0.97.5-0.1mdvmes5.2.x86_64.rpm
8ec166a457d0512479adaaf5f80d487f mes5/x86_64/lib64clamav6-0.97.5-0.1mdvmes5.2.x86_64.rpm
19bc2758175bcde28ebf7783d68a9b98 mes5/x86_64/lib64clamav-devel-0.97.5-0.1mdvmes5.2.x86_64.rpm
203cde43731b63729d1f7f6497033184 mes5/SRPMS/clamav-0.97.5-0.1mdvmes5.2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFP3tnKmqjQ0CJFipgRAj4wAJ9eURS1mZYCZhkmUTVE/U8QAH47MwCgxQzf
OUr1QL5Wsvt3KboLKCdYUhE=
=1QL7
-----END PGP SIGNATURE-----

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    4 Files
  • 19
    Nov 19th
    2 Files
  • 20
    Nov 20th
    9 Files
  • 21
    Nov 21st
    15 Files
  • 22
    Nov 22nd
    23 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close