Mandriva Linux Security Advisory 2010-249 - Multiple unspecified vulnerabilities in pdf.c in libclamav in ClamAV before 0.96.5 allow remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted PDF document. Off-by-one error in the icon_cb function in pe_icons.c in libclamav in ClamAV before 0.96.5 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors. NOTE: some of these details are obtained from third party information.
d00420a0965c5f43de48674470f887dcc475ab4ccb679111164c3ca560f27022
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:249
https://www.mandriva.com/security/
_______________________________________________________________________
Package : clamav
Date : December 7, 2010
Affected: 2009.0, Corporate 4.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities were discovered and corrected in clamav:
Multiple unspecified vulnerabilities in pdf.c in libclamav in ClamAV
before 0.96.5 allow remote attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via a crafted
PDF document (CVE-2010-4260, (CVE-2010-4479).
Off-by-one error in the icon_cb function in pe_icons.c in libclamav
in ClamAV before 0.96.5 allows remote attackers to cause a denial of
service (memory corruption and application crash) or possibly execute
arbitrary code via unspecified vectors. NOTE: some of these details
are obtained from third party information (CVE-2010-4261).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
https://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated clamav packages have been upgraded to the 0.96.5 version
that is not vulnerable to these issues.
_______________________________________________________________________
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4260
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4261
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4479
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.0:
9ead4a15ce0b94209cd072fdc0210d7c 2009.0/i586/clamav-0.96.5-0.1mdv2009.0.i586.rpm
f07c8219761b696e26282fa852fbe4ad 2009.0/i586/clamav-db-0.96.5-0.1mdv2009.0.i586.rpm
5f3592e1ef8bc479e8791fbf6ed1c5b1 2009.0/i586/clamav-milter-0.96.5-0.1mdv2009.0.i586.rpm
f94e7fff4f175c49da1d74a09074cc05 2009.0/i586/clamd-0.96.5-0.1mdv2009.0.i586.rpm
954bc02f355d263f29a12c450d4b057b 2009.0/i586/libclamav6-0.96.5-0.1mdv2009.0.i586.rpm
82e3c8b870a847b62a889effcf0df5ee 2009.0/i586/libclamav-devel-0.96.5-0.1mdv2009.0.i586.rpm
ecd257622ed55d4990e042c6dd381c42 2009.0/SRPMS/clamav-0.96.5-0.1mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
2b84bb3db11ae2b7bfc6fe48a2e07ef7 2009.0/x86_64/clamav-0.96.5-0.1mdv2009.0.x86_64.rpm
8cdd574ed24d552aef5e4d3772963fab 2009.0/x86_64/clamav-db-0.96.5-0.1mdv2009.0.x86_64.rpm
802114d391b05e7c87ab19e2178ca324 2009.0/x86_64/clamav-milter-0.96.5-0.1mdv2009.0.x86_64.rpm
04d1665b37a93391ca619930440065b7 2009.0/x86_64/clamd-0.96.5-0.1mdv2009.0.x86_64.rpm
318b41bcab46e00e28bb627090a1ba0f 2009.0/x86_64/lib64clamav6-0.96.5-0.1mdv2009.0.x86_64.rpm
7e768e6a84594437e2aa901e1e032c89 2009.0/x86_64/lib64clamav-devel-0.96.5-0.1mdv2009.0.x86_64.rpm
ecd257622ed55d4990e042c6dd381c42 2009.0/SRPMS/clamav-0.96.5-0.1mdv2009.0.src.rpm
Corporate 4.0:
f5a8398d84556589b37c7d4b83719526 corporate/4.0/i586/clamav-0.96.5-0.1.20060mlcs4.i586.rpm
2dff852878c15339603b8d90c90d02c9 corporate/4.0/i586/clamav-db-0.96.5-0.1.20060mlcs4.i586.rpm
5223406ce119a25634e7a8b9883f5c1d corporate/4.0/i586/clamav-milter-0.96.5-0.1.20060mlcs4.i586.rpm
9a05c1072414eaa6be27d4cb49c67c38 corporate/4.0/i586/clamd-0.96.5-0.1.20060mlcs4.i586.rpm
2b7b4887e66b5228d70174c7871e0557 corporate/4.0/i586/libclamav6-0.96.5-0.1.20060mlcs4.i586.rpm
fe0f1b51afd4950f5ecd118f8d780990 corporate/4.0/i586/libclamav-devel-0.96.5-0.1.20060mlcs4.i586.rpm
ee9b7ce35ad83dfec3b7ee4b68b1bafc corporate/4.0/SRPMS/clamav-0.96.5-0.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
00f581cf11a21be74865a9884a1f85e0 corporate/4.0/x86_64/clamav-0.96.5-0.1.20060mlcs4.x86_64.rpm
416f4b1f73a168aeac08ee2ec1b86ee2 corporate/4.0/x86_64/clamav-db-0.96.5-0.1.20060mlcs4.x86_64.rpm
6e1939794dbb2d24762323a524d8ef5a corporate/4.0/x86_64/clamav-milter-0.96.5-0.1.20060mlcs4.x86_64.rpm
df4a0f11d30599bd76978650d31bd50c corporate/4.0/x86_64/clamd-0.96.5-0.1.20060mlcs4.x86_64.rpm
e1f72491d2f168aec358f0c9779dded4 corporate/4.0/x86_64/lib64clamav6-0.96.5-0.1.20060mlcs4.x86_64.rpm
db4feea7479714e0ed63df6ece12ffa2 corporate/4.0/x86_64/lib64clamav-devel-0.96.5-0.1.20060mlcs4.x86_64.rpm
ee9b7ce35ad83dfec3b7ee4b68b1bafc corporate/4.0/SRPMS/clamav-0.96.5-0.1.20060mlcs4.src.rpm
Mandriva Enterprise Server 5:
7dbe85e2b4070fa055a58165dd5e2da1 mes5/i586/clamav-0.96.5-0.1mdvmes5.1.i586.rpm
07c0b919ab8bb87e79d285f5afa7184a mes5/i586/clamav-db-0.96.5-0.1mdvmes5.1.i586.rpm
adb539f66833633598f4d421c203d265 mes5/i586/clamav-milter-0.96.5-0.1mdvmes5.1.i586.rpm
f2170ba7bb9d2c23521b4b30dca179d8 mes5/i586/clamd-0.96.5-0.1mdvmes5.1.i586.rpm
6f0bb2908d770bebe256c4f2a49c4ece mes5/i586/libclamav6-0.96.5-0.1mdvmes5.1.i586.rpm
ebc71b9b46a18ce96e17e8982437adca mes5/i586/libclamav-devel-0.96.5-0.1mdvmes5.1.i586.rpm
98af84f0b4f58262ff09c04d21218b92 mes5/SRPMS/clamav-0.96.5-0.1mdvmes5.1.src.rpm
Mandriva Enterprise Server 5/X86_64:
ddeaeacc6e3f22013125eeb5559e894d mes5/x86_64/clamav-0.96.5-0.1mdvmes5.1.x86_64.rpm
256e12003889fdb0489024bccfd84710 mes5/x86_64/clamav-db-0.96.5-0.1mdvmes5.1.x86_64.rpm
4b60cc0711c3a6d493088734cc161879 mes5/x86_64/clamav-milter-0.96.5-0.1mdvmes5.1.x86_64.rpm
a41f5bdce028d9e97e1f9eeeb4416c86 mes5/x86_64/clamd-0.96.5-0.1mdvmes5.1.x86_64.rpm
6555d6c1a3d61d39c901978732068116 mes5/x86_64/lib64clamav6-0.96.5-0.1mdvmes5.1.x86_64.rpm
61205db186f2bcd90ab37f1ba151b465 mes5/x86_64/lib64clamav-devel-0.96.5-0.1mdvmes5.1.x86_64.rpm
98af84f0b4f58262ff09c04d21218b92 mes5/SRPMS/clamav-0.96.5-0.1mdvmes5.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
https://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFM/kSrmqjQ0CJFipgRAvd7AKCoTsh6QGeDUBVNfGMnaha7cqnWmQCfc/DW
fYw0YaBk+kcUHdo3nhye7rs=
=3/8e
-----END PGP SIGNATURE-----