-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2006:230 http://www.mandriva.com/security/ _______________________________________________________________________ Package : clamav Date : December 13, 2006 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0 _______________________________________________________________________ Problem Description: The latest version of ClamAV, 0.88.7, fixes some bugs, including vulnerabilities with handling base64-encoded MIME attachment files that can lead to either a) a crash (CVE-2006-5874), or b) a bypass of virus detection (CVE-2006-6406). As well, a vulnerability was discovered that allows remote attackers to cause a stack overflow and application crash by wrapping many layers of multipart/mixed content around a document (CVE-2006-6481). The latest ClamAV is being provided to address these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5874 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6406 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6481 _______________________________________________________________________ Updated Packages: Mandriva Linux 2006.0: b62b980e893f31cb4a1868bf654111b1 2006.0/i586/clamav-0.88.7-0.1.20060mdk.i586.rpm 45224507b6eb7548d77d350e49b779bf 2006.0/i586/clamav-db-0.88.7-0.1.20060mdk.i586.rpm 2839e6db4e043c8c5f30242073fd463a 2006.0/i586/clamav-milter-0.88.7-0.1.20060mdk.i586.rpm 1efab3d20fc9a3ee591bca6cd911f432 2006.0/i586/clamd-0.88.7-0.1.20060mdk.i586.rpm a02b321e3540dc8746568ceb89978d8a 2006.0/i586/libclamav1-0.88.7-0.1.20060mdk.i586.rpm a2a63b58aa4799427b10b2ef3df0312a 2006.0/i586/libclamav1-devel-0.88.7-0.1.20060mdk.i586.rpm d0eec42b243ddf7adf64cf64d1220381 2006.0/SRPMS/clamav-0.88.7-0.1.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: c82c856996f6916e538ad1d8108f32ff 2006.0/x86_64/clamav-0.88.7-0.1.20060mdk.x86_64.rpm c14d9d0ff168241afaed73f5835b1e76 2006.0/x86_64/clamav-db-0.88.7-0.1.20060mdk.x86_64.rpm 501ae197ee84e3a9b791bab78e27d744 2006.0/x86_64/clamav-milter-0.88.7-0.1.20060mdk.x86_64.rpm 795e8d155a0b93f3854c2a454f265cbd 2006.0/x86_64/clamd-0.88.7-0.1.20060mdk.x86_64.rpm 94d70db54cb3129082c5c30d294368d9 2006.0/x86_64/lib64clamav1-0.88.7-0.1.20060mdk.x86_64.rpm d130298465adc84967cc4b2f00b7e3ba 2006.0/x86_64/lib64clamav1-devel-0.88.7-0.1.20060mdk.x86_64.rpm d0eec42b243ddf7adf64cf64d1220381 2006.0/SRPMS/clamav-0.88.7-0.1.20060mdk.src.rpm Mandriva Linux 2007.0: 96ed9d67bba561245f73cc69596c4d47 2007.0/i586/clamav-0.88.7-1.1mdv2007.0.i586.rpm 3b0d3b89b0507b6a8c65b675a0fbb67b 2007.0/i586/clamav-db-0.88.7-1.1mdv2007.0.i586.rpm 31a67792b8319f86c1a48d82c78c06a0 2007.0/i586/clamav-milter-0.88.7-1.1mdv2007.0.i586.rpm 3277aa7171b3e4d05d03d7ee7d1c0ed4 2007.0/i586/clamd-0.88.7-1.1mdv2007.0.i586.rpm c25960475a4606bbd910a0200e4cf53f 2007.0/i586/libclamav1-0.88.7-1.1mdv2007.0.i586.rpm 265ac03db8213dd9bfca2723b300a763 2007.0/i586/libclamav1-devel-0.88.7-1.1mdv2007.0.i586.rpm 6a4400d492a1a960b8d92f00552d7d18 2007.0/SRPMS/clamav-0.88.7-1.1mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 88d6558eaedc651f5997a25a303079a5 2007.0/x86_64/clamav-0.88.7-1.1mdv2007.0.x86_64.rpm 78e4cd526a8622b6e12f84fa4ae3d6d0 2007.0/x86_64/clamav-db-0.88.7-1.1mdv2007.0.x86_64.rpm 61e1966f5630a939136957d82acbb4c6 2007.0/x86_64/clamav-milter-0.88.7-1.1mdv2007.0.x86_64.rpm 9d19aefac34f54e499c36733eca73111 2007.0/x86_64/clamd-0.88.7-1.1mdv2007.0.x86_64.rpm bdf0b48ad7b2afb5aa17b57f42482cf8 2007.0/x86_64/lib64clamav1-0.88.7-1.1mdv2007.0.x86_64.rpm 2cd6d0d8d721cf027d0e2bcaebc34cbc 2007.0/x86_64/lib64clamav1-devel-0.88.7-1.1mdv2007.0.x86_64.rpm 6a4400d492a1a960b8d92f00552d7d18 2007.0/SRPMS/clamav-0.88.7-1.1mdv2007.0.src.rpm Corporate 3.0: feaa3bc3bf4a008ebe28be198d00fdf3 corporate/3.0/i586/clamav-0.88.7-0.1.C30mdk.i586.rpm 07d17cdbf4f6037211a6ccd8fa19dacb corporate/3.0/i586/clamav-db-0.88.7-0.1.C30mdk.i586.rpm 86d5d1ba6a021918dfec382d363f1b6c corporate/3.0/i586/clamav-milter-0.88.7-0.1.C30mdk.i586.rpm cd6b3538836b38a4280bc87b8973622f corporate/3.0/i586/clamd-0.88.7-0.1.C30mdk.i586.rpm 9267bc8bfe596439de8886223bad26e9 corporate/3.0/i586/libclamav1-0.88.7-0.1.C30mdk.i586.rpm 4682ad4e008c5ce93429034abe40d5d6 corporate/3.0/i586/libclamav1-devel-0.88.7-0.1.C30mdk.i586.rpm 98f8117362b50ca3e775894d45a5fcfb corporate/3.0/SRPMS/clamav-0.88.7-0.1.C30mdk.src.rpm Corporate 3.0/X86_64: cfa59847b3868d67dac9c61ce07a310d corporate/3.0/x86_64/clamav-0.88.7-0.1.C30mdk.x86_64.rpm 53d4c93840bb02b1092b2a8122e555e5 corporate/3.0/x86_64/clamav-db-0.88.7-0.1.C30mdk.x86_64.rpm 893ef35e464ef5e9b1f7bad7ce1b1842 corporate/3.0/x86_64/clamav-milter-0.88.7-0.1.C30mdk.x86_64.rpm dfa01a642a5b00c298a6bd85a82d7a5d corporate/3.0/x86_64/clamd-0.88.7-0.1.C30mdk.x86_64.rpm 0ee7a5c70a4f3d2e01e19a3abda229fb corporate/3.0/x86_64/lib64clamav1-0.88.7-0.1.C30mdk.x86_64.rpm 7007fdd4b7c038c85947cda87c5262d3 corporate/3.0/x86_64/lib64clamav1-devel-0.88.7-0.1.C30mdk.x86_64.rpm 98f8117362b50ca3e775894d45a5fcfb corporate/3.0/SRPMS/clamav-0.88.7-0.1.C30mdk.src.rpm Corporate 4.0: 1fc7dc3770ca0a6aa16c6213d5d19fcc corporate/4.0/i586/clamav-0.88.7-0.1.20060mlcs4.i586.rpm aa5259c487956b9de144fe12710f3f1c corporate/4.0/i586/clamav-db-0.88.7-0.1.20060mlcs4.i586.rpm 15fca428565d2dd9f2c169359826a95a corporate/4.0/i586/clamav-milter-0.88.7-0.1.20060mlcs4.i586.rpm 6a2ad1ede1e2d686c6d894e8c8b1e441 corporate/4.0/i586/clamd-0.88.7-0.1.20060mlcs4.i586.rpm 87a1ad35fa480c91a769351bb9571698 corporate/4.0/i586/libclamav1-0.88.7-0.1.20060mlcs4.i586.rpm 1c3f598674665c6c399e7799103dc4b7 corporate/4.0/i586/libclamav1-devel-0.88.7-0.1.20060mlcs4.i586.rpm bbbd149e943f327577eba98d7c5dce0a corporate/4.0/SRPMS/clamav-0.88.7-0.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: 5941452de407b4f4d0e5631d57cea1b8 corporate/4.0/x86_64/clamav-0.88.7-0.1.20060mlcs4.x86_64.rpm 86dca13c238afc9ccb7683542ad12b44 corporate/4.0/x86_64/clamav-db-0.88.7-0.1.20060mlcs4.x86_64.rpm 249703cc4d464ef85067b4659d0e6757 corporate/4.0/x86_64/clamav-milter-0.88.7-0.1.20060mlcs4.x86_64.rpm bf8037a275cf6e28a1a1227b5a9e5777 corporate/4.0/x86_64/clamd-0.88.7-0.1.20060mlcs4.x86_64.rpm 7b507bda94614b3f4547415df052af0f corporate/4.0/x86_64/lib64clamav1-0.88.7-0.1.20060mlcs4.x86_64.rpm 2778dd446bbd8b0e7f8e756bd8d8634f corporate/4.0/x86_64/lib64clamav1-devel-0.88.7-0.1.20060mlcs4.x86_64.rpm bbbd149e943f327577eba98d7c5dce0a corporate/4.0/SRPMS/clamav-0.88.7-0.1.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFFgKmimqjQ0CJFipgRAo1UAKD1yGF4pBsvp0qCiA8d6+Y1fOqnRQCeLXip wqTUVda/tbDQwDjyJK5R76c= =onOo -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/