Mandriva Linux Security Advisory - iDefense discovered a stack-based overflow in ClamAV when processing negative values in .cab files. As well, multiple file descriptor leaks were also reported and fixed in chmunpack.c, pdf.c, and dblock.c.
f779297792f061a11dc7ac1e1518200bcda326bb25d5bdc314f18267458a8b86
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2007:098
https://www.mandriva.com/security/
_______________________________________________________________________
Package : clamav
Date : May 8, 2007
Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
iDefense discovered a stack-based overflow in ClamAV when processing
negative values in .cab files. As well, multiple file descriptor
leaks were also reported and fixed in chmunpack.c, pdf.c, and dblock.c.
This update provides ClamAV 0.90.2 which corrects these problems and
provides new functionality.
_______________________________________________________________________
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1745
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1997
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2029
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.0:
2211d014f7a41fecf3543d070c837e44 2007.0/i586/clamav-0.90.2-0.1mdv2007.0.i586.rpm
adc001c225820b471b885d503b2d4024 2007.0/i586/clamav-db-0.90.2-0.1mdv2007.0.i586.rpm
d28b8f139d2403752b15ba697e6eadd0 2007.0/i586/clamav-milter-0.90.2-0.1mdv2007.0.i586.rpm
5cec07e5d90e84f0debf815ecb2ede71 2007.0/i586/clamd-0.90.2-0.1mdv2007.0.i586.rpm
ee47227b4b6326fd14e83c9de9e7cbb4 2007.0/i586/clamdmon-0.90.2-0.1mdv2007.0.i586.rpm
a247f15680cb1241501f2c0fb2bc5a37 2007.0/i586/klamav-0.41-1.1mdv2007.0.i586.rpm
03eafa5c78a08817c7f68ffa2a26e227 2007.0/i586/libclamav2-0.90.2-0.1mdv2007.0.i586.rpm
f0fe00bc99509c274e9299c5c4f2e826 2007.0/i586/libclamav2-devel-0.90.2-0.1mdv2007.0.i586.rpm
734908b5ac8c5be5b2eb6f81bec48ff1 2007.0/SRPMS/clamav-0.90.2-0.1mdv2007.0.src.rpm
12fbdd09557d707bf504812eed80b465 2007.0/SRPMS/klamav-0.41-1.1mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
a973070e92d5f552f266ab358758b030 2007.0/x86_64/clamav-0.90.2-0.1mdv2007.0.x86_64.rpm
75c2edc25e52e6333551b0499e286d5c 2007.0/x86_64/clamav-db-0.90.2-0.1mdv2007.0.x86_64.rpm
4d39eb785e6f9443ee42face36763d34 2007.0/x86_64/clamav-milter-0.90.2-0.1mdv2007.0.x86_64.rpm
acc40047d1fe5da83457ef359f87e782 2007.0/x86_64/clamd-0.90.2-0.1mdv2007.0.x86_64.rpm
75759e440426cf13519df17b2da0c17c 2007.0/x86_64/clamdmon-0.90.2-0.1mdv2007.0.x86_64.rpm
d0cc97c4371ee167f7eae74d1107c5fb 2007.0/x86_64/klamav-0.41-1.1mdv2007.0.x86_64.rpm
a8cac84de32f5e1ba0b1b8fbfa130b08 2007.0/x86_64/lib64clamav2-0.90.2-0.1mdv2007.0.x86_64.rpm
40b9b5405014a71edd89cf322c8861df 2007.0/x86_64/lib64clamav2-devel-0.90.2-0.1mdv2007.0.x86_64.rpm
734908b5ac8c5be5b2eb6f81bec48ff1 2007.0/SRPMS/clamav-0.90.2-0.1mdv2007.0.src.rpm
12fbdd09557d707bf504812eed80b465 2007.0/SRPMS/klamav-0.41-1.1mdv2007.0.src.rpm
Mandriva Linux 2007.1:
b66652a1809ff0c230e3129ac526ace7 2007.1/i586/clamav-0.90.2-0.1mdv2007.1.i586.rpm
97e6eafe866048eb71ee63ff11d16201 2007.1/i586/clamav-db-0.90.2-0.1mdv2007.1.i586.rpm
0c5fae41b4c1fe85b81eb75a6d8534a5 2007.1/i586/clamav-milter-0.90.2-0.1mdv2007.1.i586.rpm
1c696bad757573fda0e1c357bd2b3f94 2007.1/i586/clamd-0.90.2-0.1mdv2007.1.i586.rpm
5326be823bd03d1862ec80df806ff3a9 2007.1/i586/clamdmon-0.90.2-0.1mdv2007.1.i586.rpm
00b506cdbd8fa1f1e8d9562af554a256 2007.1/i586/libclamav2-0.90.2-0.1mdv2007.1.i586.rpm
1bcd5c07927cbfa748f1fa14adcaf32f 2007.1/i586/libclamav2-devel-0.90.2-0.1mdv2007.1.i586.rpm
99e141d5bf907e80bccc2a261c73f6cb 2007.1/SRPMS/clamav-0.90.2-0.1mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
dbd0b824a83133472fff2a7c2a3530b2 2007.1/x86_64/clamav-0.90.2-0.1mdv2007.1.x86_64.rpm
0b8a4382b934d7be71c5fe540ad10ab5 2007.1/x86_64/clamav-db-0.90.2-0.1mdv2007.1.x86_64.rpm
3bcfc76f7625f3714b35ef4200aa99cc 2007.1/x86_64/clamav-milter-0.90.2-0.1mdv2007.1.x86_64.rpm
36b8e72269a9a12c3c9c3c4c59328fa7 2007.1/x86_64/clamd-0.90.2-0.1mdv2007.1.x86_64.rpm
6f71a0eb70f3eb6a19911f6f001a73ff 2007.1/x86_64/clamdmon-0.90.2-0.1mdv2007.1.x86_64.rpm
2f5e5bdfcaa015200759bb27e07e19d9 2007.1/x86_64/lib64clamav2-0.90.2-0.1mdv2007.1.x86_64.rpm
8bf574ff5e1c85ceb007cd32f9250338 2007.1/x86_64/lib64clamav2-devel-0.90.2-0.1mdv2007.1.x86_64.rpm
99e141d5bf907e80bccc2a261c73f6cb 2007.1/SRPMS/clamav-0.90.2-0.1mdv2007.1.src.rpm
Corporate 3.0:
7177b4d6df8e60e37821352032294aad corporate/3.0/i586/clamav-0.90.2-0.1.C30mdk.i586.rpm
6594a9a2a4660bf7e3c28d34c3aea9df corporate/3.0/i586/clamav-db-0.90.2-0.1.C30mdk.i586.rpm
714c0f5fd4ef194e8bd9ad030e107021 corporate/3.0/i586/clamav-milter-0.90.2-0.1.C30mdk.i586.rpm
c9229860b392eacb6d4040f64ad88352 corporate/3.0/i586/clamd-0.90.2-0.1.C30mdk.i586.rpm
224eca2e27437172c91a59d215e826f2 corporate/3.0/i586/clamdmon-0.90.2-0.1.C30mdk.i586.rpm
d1dd71ea52d5374a454a9294b0880fd4 corporate/3.0/i586/libclamav2-0.90.2-0.1.C30mdk.i586.rpm
19f25b3205aa94fda72f44168aed2028 corporate/3.0/i586/libclamav2-devel-0.90.2-0.1.C30mdk.i586.rpm
402a2628de0406f83a8355cafbcc8e94 corporate/3.0/SRPMS/clamav-0.90.2-0.1.C30mdk.src.rpm
Corporate 3.0/X86_64:
baad173e6ba203123e7cf9d72d9fd87d corporate/3.0/x86_64/clamav-0.90.2-0.1.C30mdk.x86_64.rpm
3af73e5679e71443627f5dd7c746f8f9 corporate/3.0/x86_64/clamav-db-0.90.2-0.1.C30mdk.x86_64.rpm
e0b507c47a3ba01c3b483046f57cd259 corporate/3.0/x86_64/clamav-milter-0.90.2-0.1.C30mdk.x86_64.rpm
02aa3bd204c989513390bd9de44d7057 corporate/3.0/x86_64/clamd-0.90.2-0.1.C30mdk.x86_64.rpm
8d694e8bfc706d05175c97361e97c0e9 corporate/3.0/x86_64/clamdmon-0.90.2-0.1.C30mdk.x86_64.rpm
0a61abf70d61bbc6f07105a9d0f9a9c3 corporate/3.0/x86_64/lib64clamav2-0.90.2-0.1.C30mdk.x86_64.rpm
18ca9e42714171b0746f5a3f210996d0 corporate/3.0/x86_64/lib64clamav2-devel-0.90.2-0.1.C30mdk.x86_64.rpm
402a2628de0406f83a8355cafbcc8e94 corporate/3.0/SRPMS/clamav-0.90.2-0.1.C30mdk.src.rpm
Corporate 4.0:
b33f0f1a46978f586d682af51092abe4 corporate/4.0/i586/c-icap-client-210205-5.1.20060mlcs4.i586.rpm
67cd22f5673e1d0d36d58a12c0dbfacf corporate/4.0/i586/c-icap-modules-210205-5.1.20060mlcs4.i586.rpm
264415e016eb40a623aa03be2d169ef1 corporate/4.0/i586/c-icap-server-210205-5.1.20060mlcs4.i586.rpm
89de04208221deb6e202341e221e22aa corporate/4.0/i586/clamav-0.90.2-0.1.20060mlcs4.i586.rpm
046c3e89778d1f3a703cd6cc0a91448c corporate/4.0/i586/clamav-db-0.90.2-0.1.20060mlcs4.i586.rpm
f75e267641b15349179abf2986bcdb18 corporate/4.0/i586/clamav-milter-0.90.2-0.1.20060mlcs4.i586.rpm
795fb04fa95831df69fdd5274982e946 corporate/4.0/i586/clamd-0.90.2-0.1.20060mlcs4.i586.rpm
91ce75ba655023dab2b333b3d2bf62c1 corporate/4.0/i586/clamdmon-0.90.2-0.1.20060mlcs4.i586.rpm
1f636943dd042678f9d8c9809f169fac corporate/4.0/i586/libc-icap0-210205-5.1.20060mlcs4.i586.rpm
9f57d65028742b02f27ddba2ccdfe2fc corporate/4.0/i586/libc-icap0-devel-210205-5.1.20060mlcs4.i586.rpm
73f67fbbc2bf8bf73f08c5d3cfbd9954 corporate/4.0/i586/libclamav2-0.90.2-0.1.20060mlcs4.i586.rpm
f2a5be7820b47affb9f4aa05d2f092bf corporate/4.0/i586/libclamav2-devel-0.90.2-0.1.20060mlcs4.i586.rpm
bc8d6245b59b292efa62f0384e3a4496 corporate/4.0/i586/php-clamav-0.12a-8.1.20060mlcs4.i586.rpm
2a300f3338ab1ead23803f85d21fcba1 corporate/4.0/SRPMS/c-icap-210205-5.1.20060mlcs4.src.rpm
bb0912083f6bd93a445d719aaf753bb9 corporate/4.0/SRPMS/clamav-0.90.2-0.1.20060mlcs4.src.rpm
b2a5fa75cd2b51fb189f5d02a5e488af corporate/4.0/SRPMS/php-clamav-0.12a-8.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
5d9d40eb769b02f7d7224357c1976911 corporate/4.0/x86_64/c-icap-client-210205-5.1.20060mlcs4.x86_64.rpm
9e45bc3b7a9a21a79a71bf474cc2ebb8 corporate/4.0/x86_64/c-icap-modules-210205-5.1.20060mlcs4.x86_64.rpm
30d67094e3c9b15913c0164a36380d4f corporate/4.0/x86_64/c-icap-server-210205-5.1.20060mlcs4.x86_64.rpm
ba3d82a0d0438624eba148d318e9b2e0 corporate/4.0/x86_64/clamav-0.90.2-0.1.20060mlcs4.x86_64.rpm
61fb486f94ac177c0ccba8fa631ad858 corporate/4.0/x86_64/clamav-db-0.90.2-0.1.20060mlcs4.x86_64.rpm
45f636a882ca7c43b4c688b329a01636 corporate/4.0/x86_64/clamav-milter-0.90.2-0.1.20060mlcs4.x86_64.rpm
6e97062d240678b656c29d7b726c0d83 corporate/4.0/x86_64/clamd-0.90.2-0.1.20060mlcs4.x86_64.rpm
8a91c0cee441f1e769fbbc0d9b10aa40 corporate/4.0/x86_64/clamdmon-0.90.2-0.1.20060mlcs4.x86_64.rpm
bf9b3cebac8cc981f4ebaccb15939aa9 corporate/4.0/x86_64/lib64c-icap0-210205-5.1.20060mlcs4.x86_64.rpm
2aa193ba4b144d983d87a75dbd3299cf corporate/4.0/x86_64/lib64c-icap0-devel-210205-5.1.20060mlcs4.x86_64.rpm
a61eddbda5c2165f8b968b02e3c579f3 corporate/4.0/x86_64/lib64clamav2-0.90.2-0.1.20060mlcs4.x86_64.rpm
fb99d38a11d56577ba41e310f092ff40 corporate/4.0/x86_64/lib64clamav2-devel-0.90.2-0.1.20060mlcs4.x86_64.rpm
c837cbe17ea5d462f2bc885f5bd0f23d corporate/4.0/x86_64/php-clamav-0.12a-8.1.20060mlcs4.x86_64.rpm
2a300f3338ab1ead23803f85d21fcba1 corporate/4.0/SRPMS/c-icap-210205-5.1.20060mlcs4.src.rpm
bb0912083f6bd93a445d719aaf753bb9 corporate/4.0/SRPMS/clamav-0.90.2-0.1.20060mlcs4.src.rpm
b2a5fa75cd2b51fb189f5d02a5e488af corporate/4.0/SRPMS/php-clamav-0.12a-8.1.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
https://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGQN3vmqjQ0CJFipgRAvW0AJ41MvnKYdVhQ/88XubBD+9/ojK9CwCg81SP
VBiIWZmqOEKz0iYWl0EVTNA=
=ydtv
-----END PGP SIGNATURE-----