-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2007:098 http://www.mandriva.com/security/ _______________________________________________________________________ Package : clamav Date : May 8, 2007 Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0 _______________________________________________________________________ Problem Description: iDefense discovered a stack-based overflow in ClamAV when processing negative values in .cab files. As well, multiple file descriptor leaks were also reported and fixed in chmunpack.c, pdf.c, and dblock.c. This update provides ClamAV 0.90.2 which corrects these problems and provides new functionality. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1745 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1997 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2029 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: 2211d014f7a41fecf3543d070c837e44 2007.0/i586/clamav-0.90.2-0.1mdv2007.0.i586.rpm adc001c225820b471b885d503b2d4024 2007.0/i586/clamav-db-0.90.2-0.1mdv2007.0.i586.rpm d28b8f139d2403752b15ba697e6eadd0 2007.0/i586/clamav-milter-0.90.2-0.1mdv2007.0.i586.rpm 5cec07e5d90e84f0debf815ecb2ede71 2007.0/i586/clamd-0.90.2-0.1mdv2007.0.i586.rpm ee47227b4b6326fd14e83c9de9e7cbb4 2007.0/i586/clamdmon-0.90.2-0.1mdv2007.0.i586.rpm a247f15680cb1241501f2c0fb2bc5a37 2007.0/i586/klamav-0.41-1.1mdv2007.0.i586.rpm 03eafa5c78a08817c7f68ffa2a26e227 2007.0/i586/libclamav2-0.90.2-0.1mdv2007.0.i586.rpm f0fe00bc99509c274e9299c5c4f2e826 2007.0/i586/libclamav2-devel-0.90.2-0.1mdv2007.0.i586.rpm 734908b5ac8c5be5b2eb6f81bec48ff1 2007.0/SRPMS/clamav-0.90.2-0.1mdv2007.0.src.rpm 12fbdd09557d707bf504812eed80b465 2007.0/SRPMS/klamav-0.41-1.1mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: a973070e92d5f552f266ab358758b030 2007.0/x86_64/clamav-0.90.2-0.1mdv2007.0.x86_64.rpm 75c2edc25e52e6333551b0499e286d5c 2007.0/x86_64/clamav-db-0.90.2-0.1mdv2007.0.x86_64.rpm 4d39eb785e6f9443ee42face36763d34 2007.0/x86_64/clamav-milter-0.90.2-0.1mdv2007.0.x86_64.rpm acc40047d1fe5da83457ef359f87e782 2007.0/x86_64/clamd-0.90.2-0.1mdv2007.0.x86_64.rpm 75759e440426cf13519df17b2da0c17c 2007.0/x86_64/clamdmon-0.90.2-0.1mdv2007.0.x86_64.rpm d0cc97c4371ee167f7eae74d1107c5fb 2007.0/x86_64/klamav-0.41-1.1mdv2007.0.x86_64.rpm a8cac84de32f5e1ba0b1b8fbfa130b08 2007.0/x86_64/lib64clamav2-0.90.2-0.1mdv2007.0.x86_64.rpm 40b9b5405014a71edd89cf322c8861df 2007.0/x86_64/lib64clamav2-devel-0.90.2-0.1mdv2007.0.x86_64.rpm 734908b5ac8c5be5b2eb6f81bec48ff1 2007.0/SRPMS/clamav-0.90.2-0.1mdv2007.0.src.rpm 12fbdd09557d707bf504812eed80b465 2007.0/SRPMS/klamav-0.41-1.1mdv2007.0.src.rpm Mandriva Linux 2007.1: b66652a1809ff0c230e3129ac526ace7 2007.1/i586/clamav-0.90.2-0.1mdv2007.1.i586.rpm 97e6eafe866048eb71ee63ff11d16201 2007.1/i586/clamav-db-0.90.2-0.1mdv2007.1.i586.rpm 0c5fae41b4c1fe85b81eb75a6d8534a5 2007.1/i586/clamav-milter-0.90.2-0.1mdv2007.1.i586.rpm 1c696bad757573fda0e1c357bd2b3f94 2007.1/i586/clamd-0.90.2-0.1mdv2007.1.i586.rpm 5326be823bd03d1862ec80df806ff3a9 2007.1/i586/clamdmon-0.90.2-0.1mdv2007.1.i586.rpm 00b506cdbd8fa1f1e8d9562af554a256 2007.1/i586/libclamav2-0.90.2-0.1mdv2007.1.i586.rpm 1bcd5c07927cbfa748f1fa14adcaf32f 2007.1/i586/libclamav2-devel-0.90.2-0.1mdv2007.1.i586.rpm 99e141d5bf907e80bccc2a261c73f6cb 2007.1/SRPMS/clamav-0.90.2-0.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: dbd0b824a83133472fff2a7c2a3530b2 2007.1/x86_64/clamav-0.90.2-0.1mdv2007.1.x86_64.rpm 0b8a4382b934d7be71c5fe540ad10ab5 2007.1/x86_64/clamav-db-0.90.2-0.1mdv2007.1.x86_64.rpm 3bcfc76f7625f3714b35ef4200aa99cc 2007.1/x86_64/clamav-milter-0.90.2-0.1mdv2007.1.x86_64.rpm 36b8e72269a9a12c3c9c3c4c59328fa7 2007.1/x86_64/clamd-0.90.2-0.1mdv2007.1.x86_64.rpm 6f71a0eb70f3eb6a19911f6f001a73ff 2007.1/x86_64/clamdmon-0.90.2-0.1mdv2007.1.x86_64.rpm 2f5e5bdfcaa015200759bb27e07e19d9 2007.1/x86_64/lib64clamav2-0.90.2-0.1mdv2007.1.x86_64.rpm 8bf574ff5e1c85ceb007cd32f9250338 2007.1/x86_64/lib64clamav2-devel-0.90.2-0.1mdv2007.1.x86_64.rpm 99e141d5bf907e80bccc2a261c73f6cb 2007.1/SRPMS/clamav-0.90.2-0.1mdv2007.1.src.rpm Corporate 3.0: 7177b4d6df8e60e37821352032294aad corporate/3.0/i586/clamav-0.90.2-0.1.C30mdk.i586.rpm 6594a9a2a4660bf7e3c28d34c3aea9df corporate/3.0/i586/clamav-db-0.90.2-0.1.C30mdk.i586.rpm 714c0f5fd4ef194e8bd9ad030e107021 corporate/3.0/i586/clamav-milter-0.90.2-0.1.C30mdk.i586.rpm c9229860b392eacb6d4040f64ad88352 corporate/3.0/i586/clamd-0.90.2-0.1.C30mdk.i586.rpm 224eca2e27437172c91a59d215e826f2 corporate/3.0/i586/clamdmon-0.90.2-0.1.C30mdk.i586.rpm d1dd71ea52d5374a454a9294b0880fd4 corporate/3.0/i586/libclamav2-0.90.2-0.1.C30mdk.i586.rpm 19f25b3205aa94fda72f44168aed2028 corporate/3.0/i586/libclamav2-devel-0.90.2-0.1.C30mdk.i586.rpm 402a2628de0406f83a8355cafbcc8e94 corporate/3.0/SRPMS/clamav-0.90.2-0.1.C30mdk.src.rpm Corporate 3.0/X86_64: baad173e6ba203123e7cf9d72d9fd87d corporate/3.0/x86_64/clamav-0.90.2-0.1.C30mdk.x86_64.rpm 3af73e5679e71443627f5dd7c746f8f9 corporate/3.0/x86_64/clamav-db-0.90.2-0.1.C30mdk.x86_64.rpm e0b507c47a3ba01c3b483046f57cd259 corporate/3.0/x86_64/clamav-milter-0.90.2-0.1.C30mdk.x86_64.rpm 02aa3bd204c989513390bd9de44d7057 corporate/3.0/x86_64/clamd-0.90.2-0.1.C30mdk.x86_64.rpm 8d694e8bfc706d05175c97361e97c0e9 corporate/3.0/x86_64/clamdmon-0.90.2-0.1.C30mdk.x86_64.rpm 0a61abf70d61bbc6f07105a9d0f9a9c3 corporate/3.0/x86_64/lib64clamav2-0.90.2-0.1.C30mdk.x86_64.rpm 18ca9e42714171b0746f5a3f210996d0 corporate/3.0/x86_64/lib64clamav2-devel-0.90.2-0.1.C30mdk.x86_64.rpm 402a2628de0406f83a8355cafbcc8e94 corporate/3.0/SRPMS/clamav-0.90.2-0.1.C30mdk.src.rpm Corporate 4.0: b33f0f1a46978f586d682af51092abe4 corporate/4.0/i586/c-icap-client-210205-5.1.20060mlcs4.i586.rpm 67cd22f5673e1d0d36d58a12c0dbfacf corporate/4.0/i586/c-icap-modules-210205-5.1.20060mlcs4.i586.rpm 264415e016eb40a623aa03be2d169ef1 corporate/4.0/i586/c-icap-server-210205-5.1.20060mlcs4.i586.rpm 89de04208221deb6e202341e221e22aa corporate/4.0/i586/clamav-0.90.2-0.1.20060mlcs4.i586.rpm 046c3e89778d1f3a703cd6cc0a91448c corporate/4.0/i586/clamav-db-0.90.2-0.1.20060mlcs4.i586.rpm f75e267641b15349179abf2986bcdb18 corporate/4.0/i586/clamav-milter-0.90.2-0.1.20060mlcs4.i586.rpm 795fb04fa95831df69fdd5274982e946 corporate/4.0/i586/clamd-0.90.2-0.1.20060mlcs4.i586.rpm 91ce75ba655023dab2b333b3d2bf62c1 corporate/4.0/i586/clamdmon-0.90.2-0.1.20060mlcs4.i586.rpm 1f636943dd042678f9d8c9809f169fac corporate/4.0/i586/libc-icap0-210205-5.1.20060mlcs4.i586.rpm 9f57d65028742b02f27ddba2ccdfe2fc corporate/4.0/i586/libc-icap0-devel-210205-5.1.20060mlcs4.i586.rpm 73f67fbbc2bf8bf73f08c5d3cfbd9954 corporate/4.0/i586/libclamav2-0.90.2-0.1.20060mlcs4.i586.rpm f2a5be7820b47affb9f4aa05d2f092bf corporate/4.0/i586/libclamav2-devel-0.90.2-0.1.20060mlcs4.i586.rpm bc8d6245b59b292efa62f0384e3a4496 corporate/4.0/i586/php-clamav-0.12a-8.1.20060mlcs4.i586.rpm 2a300f3338ab1ead23803f85d21fcba1 corporate/4.0/SRPMS/c-icap-210205-5.1.20060mlcs4.src.rpm bb0912083f6bd93a445d719aaf753bb9 corporate/4.0/SRPMS/clamav-0.90.2-0.1.20060mlcs4.src.rpm b2a5fa75cd2b51fb189f5d02a5e488af corporate/4.0/SRPMS/php-clamav-0.12a-8.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: 5d9d40eb769b02f7d7224357c1976911 corporate/4.0/x86_64/c-icap-client-210205-5.1.20060mlcs4.x86_64.rpm 9e45bc3b7a9a21a79a71bf474cc2ebb8 corporate/4.0/x86_64/c-icap-modules-210205-5.1.20060mlcs4.x86_64.rpm 30d67094e3c9b15913c0164a36380d4f corporate/4.0/x86_64/c-icap-server-210205-5.1.20060mlcs4.x86_64.rpm ba3d82a0d0438624eba148d318e9b2e0 corporate/4.0/x86_64/clamav-0.90.2-0.1.20060mlcs4.x86_64.rpm 61fb486f94ac177c0ccba8fa631ad858 corporate/4.0/x86_64/clamav-db-0.90.2-0.1.20060mlcs4.x86_64.rpm 45f636a882ca7c43b4c688b329a01636 corporate/4.0/x86_64/clamav-milter-0.90.2-0.1.20060mlcs4.x86_64.rpm 6e97062d240678b656c29d7b726c0d83 corporate/4.0/x86_64/clamd-0.90.2-0.1.20060mlcs4.x86_64.rpm 8a91c0cee441f1e769fbbc0d9b10aa40 corporate/4.0/x86_64/clamdmon-0.90.2-0.1.20060mlcs4.x86_64.rpm bf9b3cebac8cc981f4ebaccb15939aa9 corporate/4.0/x86_64/lib64c-icap0-210205-5.1.20060mlcs4.x86_64.rpm 2aa193ba4b144d983d87a75dbd3299cf corporate/4.0/x86_64/lib64c-icap0-devel-210205-5.1.20060mlcs4.x86_64.rpm a61eddbda5c2165f8b968b02e3c579f3 corporate/4.0/x86_64/lib64clamav2-0.90.2-0.1.20060mlcs4.x86_64.rpm fb99d38a11d56577ba41e310f092ff40 corporate/4.0/x86_64/lib64clamav2-devel-0.90.2-0.1.20060mlcs4.x86_64.rpm c837cbe17ea5d462f2bc885f5bd0f23d corporate/4.0/x86_64/php-clamav-0.12a-8.1.20060mlcs4.x86_64.rpm 2a300f3338ab1ead23803f85d21fcba1 corporate/4.0/SRPMS/c-icap-210205-5.1.20060mlcs4.src.rpm bb0912083f6bd93a445d719aaf753bb9 corporate/4.0/SRPMS/clamav-0.90.2-0.1.20060mlcs4.src.rpm b2a5fa75cd2b51fb189f5d02a5e488af corporate/4.0/SRPMS/php-clamav-0.12a-8.1.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGQN3vmqjQ0CJFipgRAvW0AJ41MvnKYdVhQ/88XubBD+9/ojK9CwCg81SP VBiIWZmqOEKz0iYWl0EVTNA= =ydtv -----END PGP SIGNATURE-----