-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:229 http://www.mandriva.com/security/ _______________________________________________________________________ Package : clamav Date : November 14, 2008 Affected: 2008.0, 2008.1, 2009.0, Corporate 3.0, Corporate 4.0 _______________________________________________________________________ Problem Description: An off-by-one error was found in ClamAV versions prior to 0.94.1 that could allow remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted VBA project file (CVE-2008-5050). Other bugs have also been corrected in 0.94.1 which is being provided with this update. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5050 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 4a120c7624cd31abdef8406545e30910 2008.0/i586/clamav-0.94.1-2.1mdv2008.0.i586.rpm 4f612c8fc5080e892130cf2aa30e51a2 2008.0/i586/clamav-db-0.94.1-2.1mdv2008.0.i586.rpm 1044a1caf1d247fe25deddb22a603597 2008.0/i586/clamd-0.94.1-2.1mdv2008.0.i586.rpm bd02ba446db1634c1945c3fd41a3cf89 2008.0/i586/libclamav5-0.94.1-2.1mdv2008.0.i586.rpm 6bbd77167ef0a624a4d275c4ee5aab63 2008.0/i586/libclamav-devel-0.94.1-2.1mdv2008.0.i586.rpm 0dde713543b21f5ca52c4d58383ecaf3 2008.0/SRPMS/clamav-0.94.1-2.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: a2f94de161f6038ac0d003afc4ecb45e 2008.0/x86_64/clamav-0.94.1-2.1mdv2008.0.x86_64.rpm 458891795f311e5fe9a9572acdc4fad5 2008.0/x86_64/clamav-db-0.94.1-2.1mdv2008.0.x86_64.rpm b98de6d8e521716d5098629c4b4bff95 2008.0/x86_64/clamd-0.94.1-2.1mdv2008.0.x86_64.rpm 886066f300513623cecd727db5da9c33 2008.0/x86_64/lib64clamav5-0.94.1-2.1mdv2008.0.x86_64.rpm 3de51e959737c3a0982bf705af4fbec1 2008.0/x86_64/lib64clamav-devel-0.94.1-2.1mdv2008.0.x86_64.rpm 0dde713543b21f5ca52c4d58383ecaf3 2008.0/SRPMS/clamav-0.94.1-2.1mdv2008.0.src.rpm Mandriva Linux 2008.1: 3ed90df7ea9d02f7ff232eb7529f8ba6 2008.1/i586/clamav-0.94.1-2mdv2008.1.i586.rpm bc3234eca85d90fad74aedcf9d08d6f9 2008.1/i586/clamav-db-0.94.1-2mdv2008.1.i586.rpm b5936ac8b57b0260b57fa3da2b4a813c 2008.1/i586/clamd-0.94.1-2mdv2008.1.i586.rpm 241e648dc995c03cc62a101cf00f2632 2008.1/i586/libclamav5-0.94.1-2mdv2008.1.i586.rpm 3570a761d50b6d6cf034f9c8c5333e33 2008.1/i586/libclamav-devel-0.94.1-2mdv2008.1.i586.rpm 6c34e5fd82d33489eec50c08666a9285 2008.1/SRPMS/clamav-0.94.1-2mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: bda76080176f91cb58db40227aad8c61 2008.1/x86_64/clamav-0.94.1-2mdv2008.1.x86_64.rpm dd9050e863bfe2455831180e90fd4928 2008.1/x86_64/clamav-db-0.94.1-2mdv2008.1.x86_64.rpm dbd0cbdf2bcf8a3a1d8788749a977a62 2008.1/x86_64/clamd-0.94.1-2mdv2008.1.x86_64.rpm 918367efa9d6da46851bdb9a2b50a719 2008.1/x86_64/lib64clamav5-0.94.1-2mdv2008.1.x86_64.rpm e708a11bf4df78af44022b245ef0a1d0 2008.1/x86_64/lib64clamav-devel-0.94.1-2mdv2008.1.x86_64.rpm 6c34e5fd82d33489eec50c08666a9285 2008.1/SRPMS/clamav-0.94.1-2mdv2008.1.src.rpm Mandriva Linux 2009.0: 0f778e49185ed0c79196a556ad610fb4 2009.0/i586/clamav-0.94.1-2mdv2009.0.i586.rpm 036d1122a7278cca7e72659fcae305f8 2009.0/i586/clamav-db-0.94.1-2mdv2009.0.i586.rpm f232743d8963dfc84dfff8941970b147 2009.0/i586/clamd-0.94.1-2mdv2009.0.i586.rpm f44183b1c32fd70418735a8251498ed8 2009.0/i586/libclamav5-0.94.1-2mdv2009.0.i586.rpm 344b38ebe0c65e6d6abaab3706e7c2d6 2009.0/i586/libclamav-devel-0.94.1-2mdv2009.0.i586.rpm 0558907f32571f4ba2820353c01b95cf 2009.0/SRPMS/clamav-0.94.1-2mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 1e7408051f4aacc418f8f6be9943f4e6 2009.0/x86_64/clamav-0.94.1-2mdv2009.0.x86_64.rpm 07114ef73bda272c2f3ba3694250dcb5 2009.0/x86_64/clamav-db-0.94.1-2mdv2009.0.x86_64.rpm 097d65cfa28451572df549a8f6035d7b 2009.0/x86_64/clamd-0.94.1-2mdv2009.0.x86_64.rpm a6414357665c15a5ba457745fcc5198d 2009.0/x86_64/lib64clamav5-0.94.1-2mdv2009.0.x86_64.rpm 1f3462333c4382bec424711706943641 2009.0/x86_64/lib64clamav-devel-0.94.1-2mdv2009.0.x86_64.rpm 0558907f32571f4ba2820353c01b95cf 2009.0/SRPMS/clamav-0.94.1-2mdv2009.0.src.rpm Corporate 3.0: 6a4bc1edc194b63ac516342c9a8fd662 corporate/3.0/i586/clamav-0.94.1-1.1.C30mdk.i586.rpm 73a6316315af4df3bfcd9ab3013e7d38 corporate/3.0/i586/clamav-db-0.94.1-1.1.C30mdk.i586.rpm dac04c7ef47d707ed6d6f1a93ed771e5 corporate/3.0/i586/clamd-0.94.1-1.1.C30mdk.i586.rpm f27a634805c01f4b630c6e54de41cea6 corporate/3.0/i586/libclamav5-0.94.1-1.1.C30mdk.i586.rpm be4c0ab9842a4ca264b19f2cd457c825 corporate/3.0/i586/libclamav-devel-0.94.1-1.1.C30mdk.i586.rpm adddb2c28c6336400adde155122fdeb5 corporate/3.0/SRPMS/clamav-0.94.1-1.1.C30mdk.src.rpm Corporate 3.0/X86_64: 553fca8ee2b24b098ffe7a69ebf6f7d1 corporate/3.0/x86_64/clamav-0.94.1-1.1.C30mdk.x86_64.rpm 29d4426e96a6d6b17b2c33761578b86d corporate/3.0/x86_64/clamav-db-0.94.1-1.1.C30mdk.x86_64.rpm 65ec3b8aec99fcd5e38664862d2279ba corporate/3.0/x86_64/clamd-0.94.1-1.1.C30mdk.x86_64.rpm d8bdcd787cf07bdf0899e9cc178bf012 corporate/3.0/x86_64/lib64clamav5-0.94.1-1.1.C30mdk.x86_64.rpm 2c575bc6d82897ae866e2031c3729d99 corporate/3.0/x86_64/lib64clamav-devel-0.94.1-1.1.C30mdk.x86_64.rpm adddb2c28c6336400adde155122fdeb5 corporate/3.0/SRPMS/clamav-0.94.1-1.1.C30mdk.src.rpm Corporate 4.0: 7462d619f941c799bc58448b13122271 corporate/4.0/i586/clamav-0.94.1-1.1.20060mlcs4.i586.rpm 7c69f00769c6f285e42a9bae29745758 corporate/4.0/i586/clamav-db-0.94.1-1.1.20060mlcs4.i586.rpm 27991558a673913188cf8d968d1b594b corporate/4.0/i586/clamd-0.94.1-1.1.20060mlcs4.i586.rpm e32cc6209d42050be9b87eb9e7b50cc6 corporate/4.0/i586/libclamav5-0.94.1-1.1.20060mlcs4.i586.rpm 43a820ed215d1bc3f55c91c9a35668ac corporate/4.0/i586/libclamav-devel-0.94.1-1.1.20060mlcs4.i586.rpm c8c748cb4ff626c87ec4ec620873516b corporate/4.0/SRPMS/clamav-0.94.1-1.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: acfcee4b7b662b20cbb7339c6874ff4a corporate/4.0/x86_64/clamav-0.94.1-1.1.20060mlcs4.x86_64.rpm e92cb46b6d371f73eff43b476dcd54f4 corporate/4.0/x86_64/clamav-db-0.94.1-1.1.20060mlcs4.x86_64.rpm ec10430998e66eb4480b57d2fb6498cb corporate/4.0/x86_64/clamd-0.94.1-1.1.20060mlcs4.x86_64.rpm fdf5c8befc3d9d1998374f50cb5422e2 corporate/4.0/x86_64/lib64clamav5-0.94.1-1.1.20060mlcs4.x86_64.rpm e8c7a76407422da2d981c78ceb08d025 corporate/4.0/x86_64/lib64clamav-devel-0.94.1-1.1.20060mlcs4.x86_64.rpm c8c748cb4ff626c87ec4ec620873516b corporate/4.0/SRPMS/clamav-0.94.1-1.1.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFJHcTemqjQ0CJFipgRAlpVAJ0b6pm8UdqWIdKxPfFjTf5TWFsW1wCfdjSr OpG3ud3BqpP/lBGsycPNuWY= =AY8S -----END PGP SIGNATURE-----