what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2010-249

Mandriva Linux Security Advisory 2010-249
Posted Dec 8, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-249 - Multiple unspecified vulnerabilities in pdf.c in libclamav in ClamAV before 0.96.5 allow remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted PDF document. Off-by-one error in the icon_cb function in pe_icons.c in libclamav in ClamAV before 0.96.5 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors. NOTE: some of these details are obtained from third party information.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2010-4260, CVE-2010-4261, CVE-2010-4479
SHA-256 | d00420a0965c5f43de48674470f887dcc475ab4ccb679111164c3ca560f27022

Mandriva Linux Security Advisory 2010-249

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2010:249
http://www.mandriva.com/security/
_______________________________________________________________________

Package : clamav
Date : December 7, 2010
Affected: 2009.0, Corporate 4.0, Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities were discovered and corrected in clamav:

Multiple unspecified vulnerabilities in pdf.c in libclamav in ClamAV
before 0.96.5 allow remote attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via a crafted
PDF document (CVE-2010-4260, (CVE-2010-4479).

Off-by-one error in the icon_cb function in pe_icons.c in libclamav
in ClamAV before 0.96.5 allows remote attackers to cause a denial of
service (memory corruption and application crash) or possibly execute
arbitrary code via unspecified vectors. NOTE: some of these details
are obtained from third party information (CVE-2010-4261).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated clamav packages have been upgraded to the 0.96.5 version
that is not vulnerable to these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4260
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4261
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4479
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2009.0:
9ead4a15ce0b94209cd072fdc0210d7c 2009.0/i586/clamav-0.96.5-0.1mdv2009.0.i586.rpm
f07c8219761b696e26282fa852fbe4ad 2009.0/i586/clamav-db-0.96.5-0.1mdv2009.0.i586.rpm
5f3592e1ef8bc479e8791fbf6ed1c5b1 2009.0/i586/clamav-milter-0.96.5-0.1mdv2009.0.i586.rpm
f94e7fff4f175c49da1d74a09074cc05 2009.0/i586/clamd-0.96.5-0.1mdv2009.0.i586.rpm
954bc02f355d263f29a12c450d4b057b 2009.0/i586/libclamav6-0.96.5-0.1mdv2009.0.i586.rpm
82e3c8b870a847b62a889effcf0df5ee 2009.0/i586/libclamav-devel-0.96.5-0.1mdv2009.0.i586.rpm
ecd257622ed55d4990e042c6dd381c42 2009.0/SRPMS/clamav-0.96.5-0.1mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64:
2b84bb3db11ae2b7bfc6fe48a2e07ef7 2009.0/x86_64/clamav-0.96.5-0.1mdv2009.0.x86_64.rpm
8cdd574ed24d552aef5e4d3772963fab 2009.0/x86_64/clamav-db-0.96.5-0.1mdv2009.0.x86_64.rpm
802114d391b05e7c87ab19e2178ca324 2009.0/x86_64/clamav-milter-0.96.5-0.1mdv2009.0.x86_64.rpm
04d1665b37a93391ca619930440065b7 2009.0/x86_64/clamd-0.96.5-0.1mdv2009.0.x86_64.rpm
318b41bcab46e00e28bb627090a1ba0f 2009.0/x86_64/lib64clamav6-0.96.5-0.1mdv2009.0.x86_64.rpm
7e768e6a84594437e2aa901e1e032c89 2009.0/x86_64/lib64clamav-devel-0.96.5-0.1mdv2009.0.x86_64.rpm
ecd257622ed55d4990e042c6dd381c42 2009.0/SRPMS/clamav-0.96.5-0.1mdv2009.0.src.rpm

Corporate 4.0:
f5a8398d84556589b37c7d4b83719526 corporate/4.0/i586/clamav-0.96.5-0.1.20060mlcs4.i586.rpm
2dff852878c15339603b8d90c90d02c9 corporate/4.0/i586/clamav-db-0.96.5-0.1.20060mlcs4.i586.rpm
5223406ce119a25634e7a8b9883f5c1d corporate/4.0/i586/clamav-milter-0.96.5-0.1.20060mlcs4.i586.rpm
9a05c1072414eaa6be27d4cb49c67c38 corporate/4.0/i586/clamd-0.96.5-0.1.20060mlcs4.i586.rpm
2b7b4887e66b5228d70174c7871e0557 corporate/4.0/i586/libclamav6-0.96.5-0.1.20060mlcs4.i586.rpm
fe0f1b51afd4950f5ecd118f8d780990 corporate/4.0/i586/libclamav-devel-0.96.5-0.1.20060mlcs4.i586.rpm
ee9b7ce35ad83dfec3b7ee4b68b1bafc corporate/4.0/SRPMS/clamav-0.96.5-0.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
00f581cf11a21be74865a9884a1f85e0 corporate/4.0/x86_64/clamav-0.96.5-0.1.20060mlcs4.x86_64.rpm
416f4b1f73a168aeac08ee2ec1b86ee2 corporate/4.0/x86_64/clamav-db-0.96.5-0.1.20060mlcs4.x86_64.rpm
6e1939794dbb2d24762323a524d8ef5a corporate/4.0/x86_64/clamav-milter-0.96.5-0.1.20060mlcs4.x86_64.rpm
df4a0f11d30599bd76978650d31bd50c corporate/4.0/x86_64/clamd-0.96.5-0.1.20060mlcs4.x86_64.rpm
e1f72491d2f168aec358f0c9779dded4 corporate/4.0/x86_64/lib64clamav6-0.96.5-0.1.20060mlcs4.x86_64.rpm
db4feea7479714e0ed63df6ece12ffa2 corporate/4.0/x86_64/lib64clamav-devel-0.96.5-0.1.20060mlcs4.x86_64.rpm
ee9b7ce35ad83dfec3b7ee4b68b1bafc corporate/4.0/SRPMS/clamav-0.96.5-0.1.20060mlcs4.src.rpm

Mandriva Enterprise Server 5:
7dbe85e2b4070fa055a58165dd5e2da1 mes5/i586/clamav-0.96.5-0.1mdvmes5.1.i586.rpm
07c0b919ab8bb87e79d285f5afa7184a mes5/i586/clamav-db-0.96.5-0.1mdvmes5.1.i586.rpm
adb539f66833633598f4d421c203d265 mes5/i586/clamav-milter-0.96.5-0.1mdvmes5.1.i586.rpm
f2170ba7bb9d2c23521b4b30dca179d8 mes5/i586/clamd-0.96.5-0.1mdvmes5.1.i586.rpm
6f0bb2908d770bebe256c4f2a49c4ece mes5/i586/libclamav6-0.96.5-0.1mdvmes5.1.i586.rpm
ebc71b9b46a18ce96e17e8982437adca mes5/i586/libclamav-devel-0.96.5-0.1mdvmes5.1.i586.rpm
98af84f0b4f58262ff09c04d21218b92 mes5/SRPMS/clamav-0.96.5-0.1mdvmes5.1.src.rpm

Mandriva Enterprise Server 5/X86_64:
ddeaeacc6e3f22013125eeb5559e894d mes5/x86_64/clamav-0.96.5-0.1mdvmes5.1.x86_64.rpm
256e12003889fdb0489024bccfd84710 mes5/x86_64/clamav-db-0.96.5-0.1mdvmes5.1.x86_64.rpm
4b60cc0711c3a6d493088734cc161879 mes5/x86_64/clamav-milter-0.96.5-0.1mdvmes5.1.x86_64.rpm
a41f5bdce028d9e97e1f9eeeb4416c86 mes5/x86_64/clamd-0.96.5-0.1mdvmes5.1.x86_64.rpm
6555d6c1a3d61d39c901978732068116 mes5/x86_64/lib64clamav6-0.96.5-0.1mdvmes5.1.x86_64.rpm
61205db186f2bcd90ab37f1ba151b465 mes5/x86_64/lib64clamav-devel-0.96.5-0.1mdvmes5.1.x86_64.rpm
98af84f0b4f58262ff09c04d21218b92 mes5/SRPMS/clamav-0.96.5-0.1mdvmes5.1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFM/kSrmqjQ0CJFipgRAvd7AKCoTsh6QGeDUBVNfGMnaha7cqnWmQCfc/DW
fYw0YaBk+kcUHdo3nhye7rs=
=3/8e
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    18 Files
  • 22
    Feb 22nd
    15 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    10 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    37 Files
  • 27
    Feb 27th
    34 Files
  • 28
    Feb 28th
    27 Files
  • 29
    Feb 29th
    8 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close