-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2007:172 http://www.mandriva.com/security/ _______________________________________________________________________ Package : clamav Date : August 31, 2007 Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0 _______________________________________________________________________ Problem Description: A vulnerability in ClamAV was discovered that could allow remote attackers to cause a denial of service via a crafted RTF file or a crafted HTML document with a data: URI, both of which trigger a NULL dereference (CVE-2007-4510). A vulnerability in clamav-milter, when run in black hole mode, could allow remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call (CVE-2007-4560). Other bugs have also been corrected in 0.91.2 which is being provided with this update. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4510 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4560 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: 9cc355cd4581c9e15aed5c059263f201 2007.0/i586/clamav-0.91.2-1.1mdv2007.0.i586.rpm cfcf00e1e77e0945c61fe88f9a47b6be 2007.0/i586/clamav-db-0.91.2-1.1mdv2007.0.i586.rpm c7a2df49aead6c11e6134ce35f2ff39c 2007.0/i586/clamav-milter-0.91.2-1.1mdv2007.0.i586.rpm f9ead23bd0d3b98b58687a02eafa3d18 2007.0/i586/clamd-0.91.2-1.1mdv2007.0.i586.rpm e39d94f73442dbb2e6bd0034bbc242df 2007.0/i586/clamdmon-0.91.2-1.1mdv2007.0.i586.rpm 2c886e10cce4b366a2202c0374550d10 2007.0/i586/libclamav-devel-0.91.2-1.1mdv2007.0.i586.rpm 4b1d3207bfc97d0e75d098e53d227fcf 2007.0/i586/libclamav2-0.91.2-1.1mdv2007.0.i586.rpm 46173382db18fa6776e0c11239d34727 2007.0/SRPMS/clamav-0.91.2-1.1mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 0004b985905afd8cd892d8565d2c6f84 2007.0/x86_64/clamav-0.91.2-1.1mdv2007.0.x86_64.rpm 604ef50bbb41cba7a46998a872cceb5e 2007.0/x86_64/clamav-db-0.91.2-1.1mdv2007.0.x86_64.rpm f451326de1cda70b72f78e799702a714 2007.0/x86_64/clamav-milter-0.91.2-1.1mdv2007.0.x86_64.rpm d459c0ce7eb70fa26f473130b9e2aca3 2007.0/x86_64/clamd-0.91.2-1.1mdv2007.0.x86_64.rpm 7e407178e6b31b27f28ea86a9a812b7e 2007.0/x86_64/clamdmon-0.91.2-1.1mdv2007.0.x86_64.rpm 194efc9b8d8f454a6d40aa02311550ad 2007.0/x86_64/lib64clamav-devel-0.91.2-1.1mdv2007.0.x86_64.rpm 7302c856810696ee9d2da5436a26a5f2 2007.0/x86_64/lib64clamav2-0.91.2-1.1mdv2007.0.x86_64.rpm 46173382db18fa6776e0c11239d34727 2007.0/SRPMS/clamav-0.91.2-1.1mdv2007.0.src.rpm Mandriva Linux 2007.1: b314b45eda90a4fc914f980063b08f16 2007.1/i586/clamav-0.91.2-1.1mdv2007.1.i586.rpm 8bbddc576a178213a167285e676f6367 2007.1/i586/clamav-db-0.91.2-1.1mdv2007.1.i586.rpm d5fc2163cf848f73a686299866bb8e12 2007.1/i586/clamav-milter-0.91.2-1.1mdv2007.1.i586.rpm 0da0d4bdf458feb3a8f01e590603277d 2007.1/i586/clamd-0.91.2-1.1mdv2007.1.i586.rpm 7048492d9a19e3e8805de3838e30efcd 2007.1/i586/clamdmon-0.91.2-1.1mdv2007.1.i586.rpm f1a6165d185c2bc8bacc1f6a3f6f0583 2007.1/i586/libclamav-devel-0.91.2-1.1mdv2007.1.i586.rpm 82626c97b6c4d0ede2affb6dab4bbb20 2007.1/i586/libclamav2-0.91.2-1.1mdv2007.1.i586.rpm 1aa3e75e6fd71c98a85671f7073eef53 2007.1/SRPMS/clamav-0.91.2-1.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: ce936aaf4aac71db278525b626f7db71 2007.1/x86_64/clamav-0.91.2-1.1mdv2007.1.x86_64.rpm ab831b70524ef3e7e49ad2e421965d10 2007.1/x86_64/clamav-db-0.91.2-1.1mdv2007.1.x86_64.rpm 053f0b5017f2107edc95e33d77827854 2007.1/x86_64/clamav-milter-0.91.2-1.1mdv2007.1.x86_64.rpm 29d1c23377beda7601da3bf160620d75 2007.1/x86_64/clamd-0.91.2-1.1mdv2007.1.x86_64.rpm f917158048deac5163697c6dbb5882c9 2007.1/x86_64/clamdmon-0.91.2-1.1mdv2007.1.x86_64.rpm b0e2b52d8d538f29ffbcfe266a540b67 2007.1/x86_64/lib64clamav-devel-0.91.2-1.1mdv2007.1.x86_64.rpm 5e3cd3617c0e719bc7af09781e0dfcb6 2007.1/x86_64/lib64clamav2-0.91.2-1.1mdv2007.1.x86_64.rpm 1aa3e75e6fd71c98a85671f7073eef53 2007.1/SRPMS/clamav-0.91.2-1.1mdv2007.1.src.rpm Corporate 3.0: 3f54f8a01c5926fe7b5285e1aa5bd8a0 corporate/3.0/i586/clamav-0.91.2-0.1.C30mdk.i586.rpm e4f84e94bb49ae6a30db55c0eb3e1f37 corporate/3.0/i586/clamav-db-0.91.2-0.1.C30mdk.i586.rpm 62b32759d1ef5100c7a9d4df5662df4e corporate/3.0/i586/clamav-milter-0.91.2-0.1.C30mdk.i586.rpm da52811fa2422350fb10aa66b82e7345 corporate/3.0/i586/clamd-0.91.2-0.1.C30mdk.i586.rpm 5b479b2416b7b2a3185a1ea1444e871d corporate/3.0/i586/clamdmon-0.91.2-0.1.C30mdk.i586.rpm 9dac547edcaadc6d91e049dfcfd4c8ef corporate/3.0/i586/libclamav-devel-0.91.2-0.1.C30mdk.i586.rpm 549d6c10620fb7440dbf28df5c8a21de corporate/3.0/i586/libclamav2-0.91.2-0.1.C30mdk.i586.rpm 161aad73d855e835420c4e2cc4d37867 corporate/3.0/SRPMS/clamav-0.91.2-0.1.C30mdk.src.rpm Corporate 3.0/X86_64: 8558b7b8084cd0b0c3d23c1289830947 corporate/3.0/x86_64/clamav-0.91.2-0.1.C30mdk.x86_64.rpm 62376f79cde45931384e81f267205b54 corporate/3.0/x86_64/clamav-db-0.91.2-0.1.C30mdk.x86_64.rpm 57d93dd2c249d800de1fa22324b4b688 corporate/3.0/x86_64/clamav-milter-0.91.2-0.1.C30mdk.x86_64.rpm 5f7cc43fc89623177e3864194d86dd62 corporate/3.0/x86_64/clamd-0.91.2-0.1.C30mdk.x86_64.rpm dafb5a003f164d742bcfc2775b1a72ec corporate/3.0/x86_64/clamdmon-0.91.2-0.1.C30mdk.x86_64.rpm 29c3fc98485a4912179438b66be722dc corporate/3.0/x86_64/lib64clamav-devel-0.91.2-0.1.C30mdk.x86_64.rpm 4a49f8d6b1e652a58216d6f20f9d11e8 corporate/3.0/x86_64/lib64clamav2-0.91.2-0.1.C30mdk.x86_64.rpm 161aad73d855e835420c4e2cc4d37867 corporate/3.0/SRPMS/clamav-0.91.2-0.1.C30mdk.src.rpm Corporate 4.0: 77469fc267c49b8727e9c8d7dfbe1dbe corporate/4.0/i586/clamav-0.91.2-0.1.20060mlcs4.i586.rpm 524a97ee0a548a61503a3d2805148adb corporate/4.0/i586/clamav-db-0.91.2-0.1.20060mlcs4.i586.rpm b30b5e2ecc63f527a270df87fb236235 corporate/4.0/i586/clamav-milter-0.91.2-0.1.20060mlcs4.i586.rpm 6fdb3fb5e172ac5142cf668013e18f2a corporate/4.0/i586/clamd-0.91.2-0.1.20060mlcs4.i586.rpm 63862acdb343759ad132eb7851de094f corporate/4.0/i586/clamdmon-0.91.2-0.1.20060mlcs4.i586.rpm d8410aeca30a43ef80dba02181eab604 corporate/4.0/i586/libclamav-devel-0.91.2-0.1.20060mlcs4.i586.rpm 28c9e2d2058116c19230b46686f211af corporate/4.0/i586/libclamav2-0.91.2-0.1.20060mlcs4.i586.rpm e28ad7b384a7df0d3a457b9cab2e45a5 corporate/4.0/SRPMS/clamav-0.91.2-0.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: 23813b996a2fde23ffb7d34c50464576 corporate/4.0/x86_64/clamav-0.91.2-0.1.20060mlcs4.x86_64.rpm 9de86112dede4437ec8de4792602c697 corporate/4.0/x86_64/clamav-db-0.91.2-0.1.20060mlcs4.x86_64.rpm d7c4ca09b53acf38161206b9b0288f50 corporate/4.0/x86_64/clamav-milter-0.91.2-0.1.20060mlcs4.x86_64.rpm cc043effd109ea56c076ade68e642007 corporate/4.0/x86_64/clamd-0.91.2-0.1.20060mlcs4.x86_64.rpm d84d812febc122043602a7cbef4025f7 corporate/4.0/x86_64/clamdmon-0.91.2-0.1.20060mlcs4.x86_64.rpm 7d64c08753f48cd26932b0a047a841c6 corporate/4.0/x86_64/lib64clamav-devel-0.91.2-0.1.20060mlcs4.x86_64.rpm 4c33eb78a714a00844e918c18179ce27 corporate/4.0/x86_64/lib64clamav2-0.91.2-0.1.20060mlcs4.x86_64.rpm e28ad7b384a7df0d3a457b9cab2e45a5 corporate/4.0/SRPMS/clamav-0.91.2-0.1.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFG2JaAmqjQ0CJFipgRAnI0AJ9fgAIDhVfdbipB/oUayk0fVNyMJQCgq/Do qkx9vOAIP/sETiOBojGnhkQ= =6TkG -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/