-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:189 http://www.mandriva.com/security/ _______________________________________________________________________ Package : clamav Date : September 9, 2008 Affected: 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities were discovered in ClamAV and corrected with the 0.94 release, including: A vulnerability in ClamAV's chm-parser allowed remote attackers to cause a denial of service (application crash) via a malformed CHM file (CVE-2008-1389). A vulnerability in libclamav would allow attackers to cause a denial of service via vectors related to an out-of-memory condition (CVE-2008-3912). Multiple memory leaks were found in ClamAV that could possibly allow attackers to cause a denial of service via excessive memory consumption (CVE-2008-3913). A number of unspecified vulnerabilities in ClamAV were reported that have an unknown impact and attack vectors related to file descriptor leaks (CVE-2008-3914). Other bugs have also been corrected in 0.94 which is being provided with this update. Because this new version has increased the major of the libclamav library, updated dependent packages are also being provided. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3912 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3913 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3914 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.1: 5a59d6fe5e4fc3dfeffa930bf1bfbade 2007.1/i586/clamav-0.94-1.1mdv2007.1.i586.rpm 6699ae8d7a278a4546bd16b8edd92b80 2007.1/i586/clamav-db-0.94-1.1mdv2007.1.i586.rpm 369affe714278781d07748aa9aa3282d 2007.1/i586/clamav-milter-0.94-1.1mdv2007.1.i586.rpm a34884b3416c7039bfe0307329a75469 2007.1/i586/clamd-0.94-1.1mdv2007.1.i586.rpm 326099a42cc04963de5a4e6c32d9295e 2007.1/i586/klamav-0.44-1.1mdv2007.1.i586.rpm 3dac3a08b8077d6367ca22bf9b8b5731 2007.1/i586/libclamav5-0.94-1.1mdv2007.1.i586.rpm 329b46ef055ea610b9baa0a364cce0b0 2007.1/i586/libclamav-devel-0.94-1.1mdv2007.1.i586.rpm 685aea74c200241fdf8ef9fc6f4e4e7b 2007.1/SRPMS/clamav-0.94-1.1mdv2007.1.src.rpm 25b939eb3abfe70374edf4f314f7d2bc 2007.1/SRPMS/klamav-0.44-1.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 19b119eeae8187c820a56681ec003bd2 2007.1/x86_64/clamav-0.94-1.1mdv2007.1.x86_64.rpm 44f1c6f2729a154a4d5b92b9b0185b37 2007.1/x86_64/clamav-db-0.94-1.1mdv2007.1.x86_64.rpm c4a07f4bd14120db422b196f32c491fe 2007.1/x86_64/clamav-milter-0.94-1.1mdv2007.1.x86_64.rpm 4ac4af22079d824c87f83224bb0a5e0a 2007.1/x86_64/clamd-0.94-1.1mdv2007.1.x86_64.rpm 577fa90a30d5b2f47fbd730bf6abcd1f 2007.1/x86_64/klamav-0.44-1.1mdv2007.1.x86_64.rpm 7bcfa45a9c5b60eb9a1a6eac3a9e475c 2007.1/x86_64/lib64clamav5-0.94-1.1mdv2007.1.x86_64.rpm f2aaa85f2e0504a380dec20f644efecc 2007.1/x86_64/lib64clamav-devel-0.94-1.1mdv2007.1.x86_64.rpm 685aea74c200241fdf8ef9fc6f4e4e7b 2007.1/SRPMS/clamav-0.94-1.1mdv2007.1.src.rpm 25b939eb3abfe70374edf4f314f7d2bc 2007.1/SRPMS/klamav-0.44-1.1mdv2007.1.src.rpm Mandriva Linux 2008.0: 07c42704f9eb9c8030f801f229304b3e 2008.0/i586/clamav-0.94-1.1mdv2008.0.i586.rpm 5103d15263284af283399e0eeb71296a 2008.0/i586/clamav-db-0.94-1.1mdv2008.0.i586.rpm 2cf2f1d21d5428c8a26a80d6a70e8a34 2008.0/i586/clamav-milter-0.94-1.1mdv2008.0.i586.rpm fc53823cb1b73eb75c008a3ebc21193a 2008.0/i586/clamd-0.94-1.1mdv2008.0.i586.rpm 67b1edd4b40dbc10e3594e79a9016f0e 2008.0/i586/klamav-0.44-1.1mdv2008.0.i586.rpm 779bd44fb23ab3d7c38a0ebef3382938 2008.0/i586/libclamav5-0.94-1.1mdv2008.0.i586.rpm 2ec3fb577dc1da56af0481f197e2000d 2008.0/i586/libclamav-devel-0.94-1.1mdv2008.0.i586.rpm fff2dc6701ea1a7e458e0c7305d7c4b4 2008.0/SRPMS/clamav-0.94-1.1mdv2008.0.src.rpm 790d1fafeb9d594a4ef8b0815f3262b2 2008.0/SRPMS/klamav-0.44-1.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 19a38a3e0dd4b8110978001c9e00983c 2008.0/x86_64/clamav-0.94-1.1mdv2008.0.x86_64.rpm 7d656ec44f2bb5ff2b0fec6bafa7df70 2008.0/x86_64/clamav-db-0.94-1.1mdv2008.0.x86_64.rpm 836b5f5b80d43e8deccc568c4ab13d29 2008.0/x86_64/clamav-milter-0.94-1.1mdv2008.0.x86_64.rpm 3fcf6e4b59d7b7478f54293fcd2ee645 2008.0/x86_64/clamd-0.94-1.1mdv2008.0.x86_64.rpm 2ce435e797aff93eaa669bddd07c80f5 2008.0/x86_64/klamav-0.44-1.1mdv2008.0.x86_64.rpm 24e564b09aa2da8b990341faaaed48e7 2008.0/x86_64/lib64clamav5-0.94-1.1mdv2008.0.x86_64.rpm f3aad5e06843c9b3e2d02ad200061e0e 2008.0/x86_64/lib64clamav-devel-0.94-1.1mdv2008.0.x86_64.rpm fff2dc6701ea1a7e458e0c7305d7c4b4 2008.0/SRPMS/clamav-0.94-1.1mdv2008.0.src.rpm 790d1fafeb9d594a4ef8b0815f3262b2 2008.0/SRPMS/klamav-0.44-1.1mdv2008.0.src.rpm Mandriva Linux 2008.1: d14bdc1a6449db5cc1503bd4d333e8a2 2008.1/i586/clamav-0.94-1.1mdv2008.1.i586.rpm f95700d3c9261ad949057511d3b39387 2008.1/i586/clamav-db-0.94-1.1mdv2008.1.i586.rpm 8cab4ed20a974f34a94072792c453abf 2008.1/i586/clamav-milter-0.94-1.1mdv2008.1.i586.rpm ff0295e9d76ee583ea0c0fb89b40ba6a 2008.1/i586/clamd-0.94-1.1mdv2008.1.i586.rpm 4cfb25dc61c3d00d16d443ac8d71c052 2008.1/i586/klamav-0.44-1.1mdv2008.1.i586.rpm 9abb23ad9e2ec08d6b6148061e7b3e24 2008.1/i586/libclamav5-0.94-1.1mdv2008.1.i586.rpm 20e9761482e5765c383342ddb643dfb9 2008.1/i586/libclamav-devel-0.94-1.1mdv2008.1.i586.rpm 23368e250d024f656f712f5a0b5bc3bc 2008.1/SRPMS/clamav-0.94-1.1mdv2008.1.src.rpm 51eb63fc4854a6c46825a39402147437 2008.1/SRPMS/klamav-0.44-1.1mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: d88cf6080b3a47b047eaf3e827be42b1 2008.1/x86_64/clamav-0.94-1.1mdv2008.1.x86_64.rpm c321391a081c4984d8d1d4af58fbffbf 2008.1/x86_64/clamav-db-0.94-1.1mdv2008.1.x86_64.rpm 70de3af2a8328433a6f4d72f61a660f5 2008.1/x86_64/clamav-milter-0.94-1.1mdv2008.1.x86_64.rpm 4fe6e4e61ed33e410c42a4fdcb2777da 2008.1/x86_64/clamd-0.94-1.1mdv2008.1.x86_64.rpm 358502ecc7472c604ddf3866babed94c 2008.1/x86_64/klamav-0.44-1.1mdv2008.1.x86_64.rpm 1bb70d6027a0dcaafe8c912da2564c01 2008.1/x86_64/lib64clamav5-0.94-1.1mdv2008.1.x86_64.rpm 72a395c410a865baf22039dd818cfb5d 2008.1/x86_64/lib64clamav-devel-0.94-1.1mdv2008.1.x86_64.rpm 23368e250d024f656f712f5a0b5bc3bc 2008.1/SRPMS/clamav-0.94-1.1mdv2008.1.src.rpm 51eb63fc4854a6c46825a39402147437 2008.1/SRPMS/klamav-0.44-1.1mdv2008.1.src.rpm Corporate 3.0: e93f24829e71cbb4c6973212a4cb5c1d corporate/3.0/i586/clamav-0.94-0.1.C30mdk.i586.rpm 01110930b9a011ec3c2b869fd530ca85 corporate/3.0/i586/clamav-db-0.94-0.1.C30mdk.i586.rpm 8b324ab6f153cd7759970419835c5ba1 corporate/3.0/i586/clamav-milter-0.94-0.1.C30mdk.i586.rpm da5919de6d6af23a15f01d2c10395816 corporate/3.0/i586/clamd-0.94-0.1.C30mdk.i586.rpm a4744ab31ab50dd4a6d59ef8e2210577 corporate/3.0/i586/libclamav5-0.94-0.1.C30mdk.i586.rpm 2006ba6b8290823b02845ccca756bda5 corporate/3.0/i586/libclamav-devel-0.94-0.1.C30mdk.i586.rpm df19860c88af93ae2275e4b527bda574 corporate/3.0/SRPMS/clamav-0.94-0.1.C30mdk.src.rpm Corporate 3.0/X86_64: 061e89b360cb74b9698f0b666b01343e corporate/3.0/x86_64/clamav-0.94-0.1.C30mdk.x86_64.rpm 7ec8f85eb723e4b9bd2dca8d5795e126 corporate/3.0/x86_64/clamav-db-0.94-0.1.C30mdk.x86_64.rpm f63a221901108574637658fed82f57cf corporate/3.0/x86_64/clamav-milter-0.94-0.1.C30mdk.x86_64.rpm c4c56997738d082e962e861a7405c210 corporate/3.0/x86_64/clamd-0.94-0.1.C30mdk.x86_64.rpm c471da2ab426a2577f3888da6bf77df9 corporate/3.0/x86_64/lib64clamav5-0.94-0.1.C30mdk.x86_64.rpm 041c58953f77a64e20b9edeb1221c73c corporate/3.0/x86_64/lib64clamav-devel-0.94-0.1.C30mdk.x86_64.rpm df19860c88af93ae2275e4b527bda574 corporate/3.0/SRPMS/clamav-0.94-0.1.C30mdk.src.rpm Corporate 4.0: 84f0a6d8c90804b06c8074cb9a7ab621 corporate/4.0/i586/c-icap-client-210205-5.4.20060mlcs4.i586.rpm 23afb1e453c7077a251b661d5dea808a corporate/4.0/i586/c-icap-modules-210205-5.4.20060mlcs4.i586.rpm a75af557cae299cd1f8a278edbc9d64d corporate/4.0/i586/c-icap-server-210205-5.4.20060mlcs4.i586.rpm a8edffaa0508064336ee47ea3b7d99be corporate/4.0/i586/clamav-0.94-0.1.20060mlcs4.i586.rpm 30dc5ee939826f645dab35982c73573a corporate/4.0/i586/clamav-db-0.94-0.1.20060mlcs4.i586.rpm fd93ef196d826ef6f25cbc6a03b57a19 corporate/4.0/i586/clamav-milter-0.94-0.1.20060mlcs4.i586.rpm 6e47ad078994176a38981d4f74bd9287 corporate/4.0/i586/clamd-0.94-0.1.20060mlcs4.i586.rpm d50fdc2cb0cf4164f285f5ef95765181 corporate/4.0/i586/libc-icap0-210205-5.4.20060mlcs4.i586.rpm 95c97459c5f13eba7abfc1c596c38b80 corporate/4.0/i586/libc-icap0-devel-210205-5.4.20060mlcs4.i586.rpm 1c99feb33772166e3df3b75c4df89e1c corporate/4.0/i586/libclamav5-0.94-0.1.20060mlcs4.i586.rpm dd88b657b21629ad8fe1c771342e33ef corporate/4.0/i586/libclamav-devel-0.94-0.1.20060mlcs4.i586.rpm b159933a3ce58f7b391a19ebdf75942b corporate/4.0/i586/php-clamav-0.12a-8.4.20060mlcs4.i586.rpm 62d716a3300fb873d47434d641f4f7ad corporate/4.0/SRPMS/c-icap-210205-5.4.20060mlcs4.src.rpm dd77e56abc4257fb59763d82d3117298 corporate/4.0/SRPMS/clamav-0.94-0.1.20060mlcs4.src.rpm bd5a8bd48df696c6418005569e4d1507 corporate/4.0/SRPMS/php-clamav-0.12a-8.4.20060mlcs4.src.rpm Corporate 4.0/X86_64: 6e8ff3ecc2727cb734bcf68180a3fb4c corporate/4.0/x86_64/c-icap-client-210205-5.4.20060mlcs4.x86_64.rpm f3d8f2f3bd1042d689270bf00ef3f252 corporate/4.0/x86_64/c-icap-modules-210205-5.4.20060mlcs4.x86_64.rpm f5a52f8c00b6d80f69f93ec0fe87de26 corporate/4.0/x86_64/c-icap-server-210205-5.4.20060mlcs4.x86_64.rpm 276bb5c9a8aec3e352c355afa0481c72 corporate/4.0/x86_64/clamav-0.94-0.1.20060mlcs4.x86_64.rpm f4f71f69e34638e62b1c04697dc05bac corporate/4.0/x86_64/clamav-db-0.94-0.1.20060mlcs4.x86_64.rpm 6dc12eff63f75ea48f2451f59698fba1 corporate/4.0/x86_64/clamav-milter-0.94-0.1.20060mlcs4.x86_64.rpm 3cd934074f8d9154f7056e89ba431fde corporate/4.0/x86_64/clamd-0.94-0.1.20060mlcs4.x86_64.rpm 4e5bd806c6d28ccf575041515c39b3bd corporate/4.0/x86_64/lib64c-icap0-210205-5.4.20060mlcs4.x86_64.rpm 5f81b7013bc43fca8d9d3a3e9f7373c9 corporate/4.0/x86_64/lib64c-icap0-devel-210205-5.4.20060mlcs4.x86_64.rpm fa45fbd491723c28d3a431d75d98391b corporate/4.0/x86_64/lib64clamav5-0.94-0.1.20060mlcs4.x86_64.rpm 199b59888f0db12c05a669d0d9f12688 corporate/4.0/x86_64/lib64clamav-devel-0.94-0.1.20060mlcs4.x86_64.rpm dc9a2900fa35e6eed3b65fead293b161 corporate/4.0/x86_64/php-clamav-0.12a-8.4.20060mlcs4.x86_64.rpm 62d716a3300fb873d47434d641f4f7ad corporate/4.0/SRPMS/c-icap-210205-5.4.20060mlcs4.src.rpm dd77e56abc4257fb59763d82d3117298 corporate/4.0/SRPMS/clamav-0.94-0.1.20060mlcs4.src.rpm bd5a8bd48df696c6418005569e4d1507 corporate/4.0/SRPMS/php-clamav-0.12a-8.4.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFIxyZYmqjQ0CJFipgRAjkUAJ4qLTbQKMwCijUO8yt3hZeKPIZxsQCfQuKL s8pgnFPooN4iKraqvbGh3cA= =TNvu -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/