-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2007:150 http://www.mandriva.com/security/ _______________________________________________________________________ Package : clamav Date : July 25, 2007 Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0 _______________________________________________________________________ Problem Description: A vulnerability in the RAR VM in ClamAV allowed user-assisted remote attackers to cause a crash via a crafted RAR archive which resulted in a NULL pointer dereference. Other bugs have also been corrected in 0.91.1 which is being provided with this update. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3725 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: a1d7123d64b17de98db72e05959657e0 2007.0/i586/clamav-0.91.1-1.1mdv2007.0.i586.rpm 4e814bbff65dc4129f398f72b6d62640 2007.0/i586/clamav-db-0.91.1-1.1mdv2007.0.i586.rpm c6267bcae66562a2458cf9ad5d6de8f4 2007.0/i586/clamav-milter-0.91.1-1.1mdv2007.0.i586.rpm 1f263279bf4cd5460786fe0759c0ec96 2007.0/i586/clamd-0.91.1-1.1mdv2007.0.i586.rpm 0b14d3e33ba65c556cbea0dd4b55a51c 2007.0/i586/clamdmon-0.91.1-1.1mdv2007.0.i586.rpm 2bd3ff262e1f1b5d261e2aa986d23ad5 2007.0/i586/libclamav2-0.91.1-1.1mdv2007.0.i586.rpm b9b0dac5eccf1000b8301187bcad99b2 2007.0/i586/libclamav2-devel-0.91.1-1.1mdv2007.0.i586.rpm d1b697088a726c293ee54cc25b660308 2007.0/SRPMS/clamav-0.91.1-1.1mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: c0b6dc4ec4ab20dba0129966d42cd75e 2007.0/x86_64/clamav-0.91.1-1.1mdv2007.0.x86_64.rpm 8c28b0917575a5b0f2306f6c30d35df8 2007.0/x86_64/clamav-db-0.91.1-1.1mdv2007.0.x86_64.rpm fbf470d9921d86b6cfbf0b75a8723f71 2007.0/x86_64/clamav-milter-0.91.1-1.1mdv2007.0.x86_64.rpm 9dbff52f73edb4b10efa681b2c3b6b38 2007.0/x86_64/clamd-0.91.1-1.1mdv2007.0.x86_64.rpm 60f9f0b6e869e4931ea6a5e1521d079b 2007.0/x86_64/clamdmon-0.91.1-1.1mdv2007.0.x86_64.rpm 4de72c8d9cd714e0b1b7d9d1aadcb131 2007.0/x86_64/lib64clamav2-0.91.1-1.1mdv2007.0.x86_64.rpm 63dc325ae89be61dca20128ae021a812 2007.0/x86_64/lib64clamav2-devel-0.91.1-1.1mdv2007.0.x86_64.rpm d1b697088a726c293ee54cc25b660308 2007.0/SRPMS/clamav-0.91.1-1.1mdv2007.0.src.rpm Mandriva Linux 2007.1: 5044c759d6cad93402ddd5350262f5fb 2007.1/i586/clamav-0.91.1-1.1mdv2007.1.i586.rpm 9fdbb064de5d4752bf29b68edf86c9b7 2007.1/i586/clamav-db-0.91.1-1.1mdv2007.1.i586.rpm 0bb59e9542365b9bd1faf3cdb041e1d1 2007.1/i586/clamav-milter-0.91.1-1.1mdv2007.1.i586.rpm 2f95a4750b57cd52a8f8fe30ff62ad85 2007.1/i586/clamd-0.91.1-1.1mdv2007.1.i586.rpm 33548bc49879899559d5700f7ec0add2 2007.1/i586/clamdmon-0.91.1-1.1mdv2007.1.i586.rpm 4dc6d180ee9e306fa5eb3a1dfe81aa9e 2007.1/i586/libclamav2-0.91.1-1.1mdv2007.1.i586.rpm f2e5333e7c60c9cbc7b70f3994a867c3 2007.1/i586/libclamav2-devel-0.91.1-1.1mdv2007.1.i586.rpm fdb6ea9465c87b3206051df922e509d0 2007.1/SRPMS/clamav-0.91.1-1.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 15b628de57bf9b067dfe17e4050eae06 2007.1/x86_64/clamav-0.91.1-1.1mdv2007.1.x86_64.rpm f53ae231e7591079b7a9f88c948527d5 2007.1/x86_64/clamav-db-0.91.1-1.1mdv2007.1.x86_64.rpm be2c036992c7ebd82ffdc45e4679c83c 2007.1/x86_64/clamav-milter-0.91.1-1.1mdv2007.1.x86_64.rpm cabcdcf73a9e49ead2db583e1a55af71 2007.1/x86_64/clamd-0.91.1-1.1mdv2007.1.x86_64.rpm 8f8e068f16c979be31d688069c76b797 2007.1/x86_64/clamdmon-0.91.1-1.1mdv2007.1.x86_64.rpm c37ebfab59ca964727252852af351988 2007.1/x86_64/lib64clamav2-0.91.1-1.1mdv2007.1.x86_64.rpm 744eaf423e847ad4ed1204cfde0bac22 2007.1/x86_64/lib64clamav2-devel-0.91.1-1.1mdv2007.1.x86_64.rpm fdb6ea9465c87b3206051df922e509d0 2007.1/SRPMS/clamav-0.91.1-1.1mdv2007.1.src.rpm Corporate 3.0: 3d676fd4f9e9ded80498b13ee9703447 corporate/3.0/i586/clamav-0.91.1-0.1.C30mdk.i586.rpm b9b12ef53061ccf1f695c2fffe6a04bb corporate/3.0/i586/clamav-db-0.91.1-0.1.C30mdk.i586.rpm 24da7dc91cbe989c78c7bdf6dba9e900 corporate/3.0/i586/clamav-milter-0.91.1-0.1.C30mdk.i586.rpm bc9fdfa2c9a6c356f7f14f186d2e57d9 corporate/3.0/i586/clamd-0.91.1-0.1.C30mdk.i586.rpm 3e930ebd2759f14da53b0f2f4d8cf7da corporate/3.0/i586/clamdmon-0.91.1-0.1.C30mdk.i586.rpm 5897ace4abdc86cff7c7f9b073c4a046 corporate/3.0/i586/libclamav2-0.91.1-0.1.C30mdk.i586.rpm 56909a444cdc2b2c60f4c07d8d829034 corporate/3.0/i586/libclamav2-devel-0.91.1-0.1.C30mdk.i586.rpm b1c34cc12fb36c73c469dcfbf4bcaa4e corporate/3.0/SRPMS/clamav-0.91.1-0.1.C30mdk.src.rpm Corporate 3.0/X86_64: 1d9868884be1e6222e4161458bb66c26 corporate/3.0/x86_64/clamav-0.91.1-0.1.C30mdk.x86_64.rpm 7cfa0abb1592069c41b7a9e413c9c087 corporate/3.0/x86_64/clamav-db-0.91.1-0.1.C30mdk.x86_64.rpm eebc3cadf53dd91a4ce07e24f52dc769 corporate/3.0/x86_64/clamav-milter-0.91.1-0.1.C30mdk.x86_64.rpm 51c2d25c6a9daaf22e4de6664f59214b corporate/3.0/x86_64/clamd-0.91.1-0.1.C30mdk.x86_64.rpm 7204fe1ba0c6bf928e5acf49be41162f corporate/3.0/x86_64/clamdmon-0.91.1-0.1.C30mdk.x86_64.rpm 0a35b0352337135ef77792872c1b2f3c corporate/3.0/x86_64/lib64clamav2-0.91.1-0.1.C30mdk.x86_64.rpm ac762dda202af6e7c334aeb4281478c8 corporate/3.0/x86_64/lib64clamav2-devel-0.91.1-0.1.C30mdk.x86_64.rpm b1c34cc12fb36c73c469dcfbf4bcaa4e corporate/3.0/SRPMS/clamav-0.91.1-0.1.C30mdk.src.rpm Corporate 4.0: 07b49366a22bd05a2a2bb04301e4f7ea corporate/4.0/i586/clamav-0.91.1-0.1.20060mlcs4.i586.rpm ef63aaea4109ca3a3f1fd2faafef6cc7 corporate/4.0/i586/clamav-db-0.91.1-0.1.20060mlcs4.i586.rpm b05e11e5f7ede181d6160976f52c8fb0 corporate/4.0/i586/clamav-milter-0.91.1-0.1.20060mlcs4.i586.rpm 153c8daee5528351b1dc9488d462f39d corporate/4.0/i586/clamd-0.91.1-0.1.20060mlcs4.i586.rpm 51b0ece4e3aea78fc412595687817edf corporate/4.0/i586/clamdmon-0.91.1-0.1.20060mlcs4.i586.rpm 8fbd33f837d05be535798d580105d4d8 corporate/4.0/i586/libclamav2-0.91.1-0.1.20060mlcs4.i586.rpm ad7330c0fdfc2a372d462991701c3462 corporate/4.0/i586/libclamav2-devel-0.91.1-0.1.20060mlcs4.i586.rpm 3e04440a073f6c606289c90280cf3c7c corporate/4.0/SRPMS/clamav-0.91.1-0.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: c4bbd2429700fbe41ae69d9926b40569 corporate/4.0/x86_64/clamav-0.91.1-0.1.20060mlcs4.x86_64.rpm 4bba7834c9a14cf2098f3993389d78af corporate/4.0/x86_64/clamav-db-0.91.1-0.1.20060mlcs4.x86_64.rpm b185a885f6c1038fcc6332a0d4edd5bb corporate/4.0/x86_64/clamav-milter-0.91.1-0.1.20060mlcs4.x86_64.rpm a3a66b6dcd5834b765339d4e821608dd corporate/4.0/x86_64/clamd-0.91.1-0.1.20060mlcs4.x86_64.rpm 9f2edd76e48cd6c77e8fd847beb8710d corporate/4.0/x86_64/clamdmon-0.91.1-0.1.20060mlcs4.x86_64.rpm b446eebd29ba07eaea893bb68c9932ba corporate/4.0/x86_64/lib64clamav2-0.91.1-0.1.20060mlcs4.x86_64.rpm f4735af15e3e15bc26bc188743c3856e corporate/4.0/x86_64/lib64clamav2-devel-0.91.1-0.1.20060mlcs4.x86_64.rpm 3e04440a073f6c606289c90280cf3c7c corporate/4.0/SRPMS/clamav-0.91.1-0.1.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGp7IGmqjQ0CJFipgRAhriAKC+4jhYAgFtzMrinpv0xgx9iGYYFgCdFSQW TQG7/bzoIJGeWikzMQr+KsA= =kAPB -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/