From security@mandriva.com Mon Jul 11 22:23:13 2005 From: Mandriva Security Team To: full-disclosure@lists.grok.org.uk Date: Mon, 11 Jul 2005 20:20:40 -0600 Subject: [Full-disclosure] MDKSA-2005:113 - Updated clamav packages fix vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Update Advisory _______________________________________________________________________ Package name: clamav Advisory ID: MDKSA-2005:113 Date: July 11th, 2005 Affected versions: 10.1, 10.2, Corporate 3.0 ______________________________________________________________________ Problem Description: Andrew Toller and Stefan Kanthak discovered that a flaw in libmspack's Quantum archive decompressor renders Clam AntiVirus vulnerable to a Denial of Service attack. The updated packages have been patched to correct the problem. _______________________________________________________________________ References: http://sourceforge.net/project/shownotes.php?release_id=337279 ______________________________________________________________________ Updated Packages: Mandrakelinux 10.1: d1a61855ca50e53018e5c65ef380d8dd 10.1/RPMS/clamav-0.81-0.3.101mdk.i586.rpm 4a73d4428b1c8288192e1880882114f1 10.1/RPMS/clamav-db-0.81-0.3.101mdk.i586.rpm ead89b02938223716b68ce51047fd193 10.1/RPMS/clamav-milter-0.81-0.3.101mdk.i586.rpm 69ab5c876524188f382cb7649949ebcf 10.1/RPMS/clamd-0.81-0.3.101mdk.i586.rpm f682ad9ceaab4b22deacce071f685dd7 10.1/RPMS/libclamav1-0.81-0.3.101mdk.i586.rpm f74afc4b092506d942bc1c33e978143a 10.1/RPMS/libclamav1-devel-0.81-0.3.101mdk.i586.rpm 5427d070911966721a7a74e43d5115d1 10.1/SRPMS/clamav-0.81-0.3.101mdk.src.rpm Mandrakelinux 10.1/X86_64: cef11c2c75f3d931e2fef9018895e410 x86_64/10.1/RPMS/clamav-0.81-0.3.101mdk.x86_64.rpm 097aa32fc592727a5355872a91f2e53e x86_64/10.1/RPMS/clamav-db-0.81-0.3.101mdk.x86_64.rpm e205ca0a534f2ca20afee6c311c927f2 x86_64/10.1/RPMS/clamav-milter-0.81-0.3.101mdk.x86_64.rpm dd5e7b49cc8b442b3ce9285b3b065217 x86_64/10.1/RPMS/clamd-0.81-0.3.101mdk.x86_64.rpm 1c5d18841912089a2c0788103c81fd47 x86_64/10.1/RPMS/lib64clamav1-0.81-0.3.101mdk.x86_64.rpm b4ed80c808515aa78c5b64a90badc208 x86_64/10.1/RPMS/lib64clamav1-devel-0.81-0.3.101mdk.x86_64.rpm 5427d070911966721a7a74e43d5115d1 x86_64/10.1/SRPMS/clamav-0.81-0.3.101mdk.src.rpm Mandrakelinux 10.2: 40ebaed7490c8c4609d175898a4524a5 10.2/RPMS/clamav-0.83-6.1.102mdk.i586.rpm ecba8225d04b3d56b367cd12d1b18041 10.2/RPMS/clamav-db-0.83-6.1.102mdk.i586.rpm 4c3f83da2c21d5b438fa87c2fc9c2510 10.2/RPMS/clamav-milter-0.83-6.1.102mdk.i586.rpm 9af96c3025518c85b71382ade35b34c2 10.2/RPMS/clamd-0.83-6.1.102mdk.i586.rpm 617a8776560de95a5feebdb18beb2f74 10.2/RPMS/libclamav1-0.83-6.1.102mdk.i586.rpm bb629f7ef414de49be3bf2fff4fdd949 10.2/RPMS/libclamav1-devel-0.83-6.1.102mdk.i586.rpm c1aa9d888990112d8db675a67d65d612 10.2/SRPMS/clamav-0.83-6.1.102mdk.src.rpm Mandrakelinux 10.2/X86_64: 73b4b991f4b44ff648f4f9730608988c x86_64/10.2/RPMS/clamav-0.83-6.1.102mdk.x86_64.rpm 78da41faaaf4a67ecebb2155d20681b8 x86_64/10.2/RPMS/clamav-db-0.83-6.1.102mdk.x86_64.rpm 104687d7dcd6258e5737e90c6814a0c0 x86_64/10.2/RPMS/clamav-milter-0.83-6.1.102mdk.x86_64.rpm afc85c501b6a9aed7f967ed35f2e4540 x86_64/10.2/RPMS/clamd-0.83-6.1.102mdk.x86_64.rpm 9f831708f8a44ccba75bd0cafc926e0d x86_64/10.2/RPMS/lib64clamav1-0.83-6.1.102mdk.x86_64.rpm f76da72a62e0d94451c5bcfdd4a5ff56 x86_64/10.2/RPMS/lib64clamav1-devel-0.83-6.1.102mdk.x86_64.rpm c1aa9d888990112d8db675a67d65d612 x86_64/10.2/SRPMS/clamav-0.83-6.1.102mdk.src.rpm Corporate 3.0: 154457f3913dc4bfcd349e8d7f3d9ed1 corporate/3.0/RPMS/clamav-0.81-0.3.C30mdk.i586.rpm aa6d83e73d03464aee591658721017db corporate/3.0/RPMS/clamav-db-0.81-0.3.C30mdk.i586.rpm 79ffb7195506c5b0914e10dda8eac35a corporate/3.0/RPMS/clamav-milter-0.81-0.3.C30mdk.i586.rpm 1232f43b5272369f1c11ed6c4c173091 corporate/3.0/RPMS/clamd-0.81-0.3.C30mdk.i586.rpm 05d298da13d32180fcc1c20344b5b8d1 corporate/3.0/RPMS/libclamav1-0.81-0.3.C30mdk.i586.rpm f7035cc164562e19743d7be91d6d1a43 corporate/3.0/RPMS/libclamav1-devel-0.81-0.3.C30mdk.i586.rpm 86bc352ab413fa6232a997d57adf1d1d corporate/3.0/SRPMS/clamav-0.81-0.3.C30mdk.src.rpm Corporate 3.0/X86_64: 934b40e521ea1419a9ff4d886feddbf7 x86_64/corporate/3.0/RPMS/clamav-0.81-0.3.C30mdk.x86_64.rpm 3e133b0bbe1135ef2e3e8092b1a2b499 x86_64/corporate/3.0/RPMS/clamav-db-0.81-0.3.C30mdk.x86_64.rpm c8a51fa7450234d845e5b278b13e1eb7 x86_64/corporate/3.0/RPMS/clamav-milter-0.81-0.3.C30mdk.x86_64.rpm dc4500f7c4b0bf29d8cb9ca41688965c x86_64/corporate/3.0/RPMS/clamd-0.81-0.3.C30mdk.x86_64.rpm d1e99a1f9accbfc1702c0c3dc1a8dd4c x86_64/corporate/3.0/RPMS/lib64clamav1-0.81-0.3.C30mdk.x86_64.rpm 050a0ee0bf1511f62e59b2f42893c580 x86_64/corporate/3.0/RPMS/lib64clamav1-devel-0.81-0.3.C30mdk.x86_64.rpm 86bc352ab413fa6232a997d57adf1d1d x86_64/corporate/3.0/SRPMS/clamav-0.81-0.3.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFC0yj4mqjQ0CJFipgRAsQJAJ48ZmIrft5xWvKAPpTW9s4nQosTdACgxCvo WE7YDPVHivWiOHBM/N9SI4Q= =zQDg -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/