exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2008-189

Mandriva Linux Security Advisory 2008-189
Posted Sep 18, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Multiple vulnerabilities were discovered in ClamAV and corrected with the 0.94 release. A vulnerability in ClamAV's chm-parser allowed remote attackers to cause a denial of service (application crash) via a malformed CHM file. A vulnerability in libclamav would allow attackers to cause a denial of service via vectors related to an out-of-memory condition. Multiple memory leaks were found in ClamAV that could possibly allow attackers to cause a denial of service via excessive memory consumption. A number of unspecified vulnerabilities in ClamAV were reported that have an unknown impact and attack vectors related to file descriptor leaks. Other bugs have also been corrected in 0.94 which is being provided with this update. Because this new version has increased the major of the libclamav library, updated dependent packages are also being provided. The previous update had experimental support enabled, which caused ClamAV to report the version as 0.94-exp rather than 0.94, causing ClamAV to produce bogus warnings about the installation being outdated. This update corrects that problem.

tags | advisory, remote, denial of service, vulnerability, memory leak
systems | linux, mandriva
advisories | CVE-2008-1389, CVE-2008-3912, CVE-2008-3913, CVE-2008-3914
SHA-256 | 7fed0fc5a456da386e0f0d493038985b933c7c0ca06e6ca0f353d56bc41c15fe

Mandriva Linux Security Advisory 2008-189

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2008:189-1
http://www.mandriva.com/security/
_______________________________________________________________________

Package : clamav
Date : September 17, 2008
Affected: 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities were discovered in ClamAV and corrected with
the 0.94 release, including:

A vulnerability in ClamAV's chm-parser allowed remote attackers to
cause a denial of service (application crash) via a malformed CHM file
(CVE-2008-1389).

A vulnerability in libclamav would allow attackers to cause a
denial of service via vectors related to an out-of-memory condition
(CVE-2008-3912).

Multiple memory leaks were found in ClamAV that could possibly allow
attackers to cause a denial of service via excessive memory consumption
(CVE-2008-3913).

A number of unspecified vulnerabilities in ClamAV were reported that
have an unknown impact and attack vectors related to file descriptor
leaks (CVE-2008-3914).

Other bugs have also been corrected in 0.94 which is being provided
with this update. Because this new version has increased the major
of the libclamav library, updated dependent packages are also being
provided.

Update:

The previous update had experimental support enabled, which caused
ClamAV to report the version as 0.94-exp rather than 0.94, causing
ClamAV to produce bogus warnings about the installation being outdated.
This update corrects that problem.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3912
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3913
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3914
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.1:
0a25d62f32a3c966ee9e76c432a8f66c 2007.1/i586/clamav-0.94-1.2mdv2007.1.i586.rpm
1d09a763a87cec980197a08b2f35165e 2007.1/i586/clamav-db-0.94-1.2mdv2007.1.i586.rpm
38722d74b8b0d3dc4b74fc52a54dbfb2 2007.1/i586/clamav-milter-0.94-1.2mdv2007.1.i586.rpm
89dd6d42f8589ce2875d5084cb071c9f 2007.1/i586/clamd-0.94-1.2mdv2007.1.i586.rpm
801c2876daf733a9025c10901c7405e4 2007.1/i586/libclamav5-0.94-1.2mdv2007.1.i586.rpm
33987a0962f91d2a2628d973f5d0de94 2007.1/i586/libclamav-devel-0.94-1.2mdv2007.1.i586.rpm
c99406a567c644554d94097e01f41c8d 2007.1/SRPMS/clamav-0.94-1.2mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
06e233d27087cd7145eb75fc9550b066 2007.1/x86_64/clamav-0.94-1.2mdv2007.1.x86_64.rpm
fbd81101cd1c69678aec16dd3d9bfb98 2007.1/x86_64/clamav-db-0.94-1.2mdv2007.1.x86_64.rpm
e63b3498b5bb80f7072a10bad3151635 2007.1/x86_64/clamav-milter-0.94-1.2mdv2007.1.x86_64.rpm
7d921405d8a9c644485fc9678c82d8ca 2007.1/x86_64/clamd-0.94-1.2mdv2007.1.x86_64.rpm
1e59d172b59333bc6be9ae19a7ff048c 2007.1/x86_64/lib64clamav5-0.94-1.2mdv2007.1.x86_64.rpm
535fa5c7bd6c3fd47395646eacb981fc 2007.1/x86_64/lib64clamav-devel-0.94-1.2mdv2007.1.x86_64.rpm
c99406a567c644554d94097e01f41c8d 2007.1/SRPMS/clamav-0.94-1.2mdv2007.1.src.rpm

Mandriva Linux 2008.0:
1f635668a04c527f0d28e7c91a052b6c 2008.0/i586/clamav-0.94-1.2mdv2008.0.i586.rpm
7fbbe9d76f899b145c8b09c249f3ffb6 2008.0/i586/clamav-db-0.94-1.2mdv2008.0.i586.rpm
ee15c45dfb4a21cf06ed93909bc414c7 2008.0/i586/clamav-milter-0.94-1.2mdv2008.0.i586.rpm
f85888d63c8cc6e9dd5a869e002af304 2008.0/i586/clamd-0.94-1.2mdv2008.0.i586.rpm
b0f807f3a60eae7832948cd6dd8e3a85 2008.0/i586/libclamav5-0.94-1.2mdv2008.0.i586.rpm
bbd10195c02e49e2261e2860766f48d9 2008.0/i586/libclamav-devel-0.94-1.2mdv2008.0.i586.rpm
da6badadd19fe759da6f97acf6dde724 2008.0/SRPMS/clamav-0.94-1.2mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
e0748f08124aa8fc792518365100fed4 2008.0/x86_64/clamav-0.94-1.2mdv2008.0.x86_64.rpm
0827a1bce7f2c1c9467a1f5994fdfd7a 2008.0/x86_64/clamav-db-0.94-1.2mdv2008.0.x86_64.rpm
04b1282f274807a33ad263df59b4389b 2008.0/x86_64/clamav-milter-0.94-1.2mdv2008.0.x86_64.rpm
7a33a3c2d8df1302961357c33f31aa01 2008.0/x86_64/clamd-0.94-1.2mdv2008.0.x86_64.rpm
224ef1a262ba636eebde7b6c6546193b 2008.0/x86_64/lib64clamav5-0.94-1.2mdv2008.0.x86_64.rpm
15a54bf32c973541f1a8735b5903a847 2008.0/x86_64/lib64clamav-devel-0.94-1.2mdv2008.0.x86_64.rpm
da6badadd19fe759da6f97acf6dde724 2008.0/SRPMS/clamav-0.94-1.2mdv2008.0.src.rpm

Mandriva Linux 2008.1:
f1defff29a6d692f2913edc7840c89b5 2008.1/i586/clamav-0.94-1.2mdv2008.1.i586.rpm
ffd2188b88f3ce2af39a8e2d02f70307 2008.1/i586/clamav-db-0.94-1.2mdv2008.1.i586.rpm
a855ea77c14c21d0b08a6f35fbc431cf 2008.1/i586/clamav-milter-0.94-1.2mdv2008.1.i586.rpm
6d040d3d0906012d3c6bf41d0ce6e3c1 2008.1/i586/clamd-0.94-1.2mdv2008.1.i586.rpm
4adf8469ae3d38f690460cc3ef89ddb7 2008.1/i586/libclamav5-0.94-1.2mdv2008.1.i586.rpm
fa13d072d57822120067452f2bc2d47c 2008.1/i586/libclamav-devel-0.94-1.2mdv2008.1.i586.rpm
d78d086eb67f6d0d1c13e13a4174e877 2008.1/SRPMS/clamav-0.94-1.2mdv2008.1.src.rpm

Mandriva Linux 2008.1/X86_64:
a9c4faa916ea297fa29e242bab8dd110 2008.1/x86_64/clamav-0.94-1.2mdv2008.1.x86_64.rpm
3e6928a776118f41c2859518279d054c 2008.1/x86_64/clamav-db-0.94-1.2mdv2008.1.x86_64.rpm
e4109c12e3abfb8cf3e2a27d074aa4ba 2008.1/x86_64/clamav-milter-0.94-1.2mdv2008.1.x86_64.rpm
ab64deee18ef690dad6cd4bd623a92cf 2008.1/x86_64/clamd-0.94-1.2mdv2008.1.x86_64.rpm
2c5f8ddb78d43e40560a3d00a66d4b6f 2008.1/x86_64/lib64clamav5-0.94-1.2mdv2008.1.x86_64.rpm
5e84438f5e1ce2e5a54e0c84c2ddc638 2008.1/x86_64/lib64clamav-devel-0.94-1.2mdv2008.1.x86_64.rpm
d78d086eb67f6d0d1c13e13a4174e877 2008.1/SRPMS/clamav-0.94-1.2mdv2008.1.src.rpm

Corporate 3.0:
f9ebd8551b792fb9eb74af864cdc358f corporate/3.0/i586/clamav-0.94-0.2.C30mdk.i586.rpm
6591ae6e2d0344ef711ad3adb35f1280 corporate/3.0/i586/clamav-db-0.94-0.2.C30mdk.i586.rpm
a52d8773f590d90105fcdbce90ea49f7 corporate/3.0/i586/clamav-milter-0.94-0.2.C30mdk.i586.rpm
d433e471fdc1b4b3c89374af62222053 corporate/3.0/i586/clamd-0.94-0.2.C30mdk.i586.rpm
19608ef8cfdbb2784bf7deae90c67bbe corporate/3.0/i586/libclamav5-0.94-0.2.C30mdk.i586.rpm
ea06cf7a5ce38bfb4e543fecf8fabdd5 corporate/3.0/i586/libclamav-devel-0.94-0.2.C30mdk.i586.rpm
4b1e8ef2379e85f21551f95a94f1a8e5 corporate/3.0/SRPMS/clamav-0.94-0.2.C30mdk.src.rpm

Corporate 3.0/X86_64:
8a2a43d7821522d700bb3f63c966a104 corporate/3.0/x86_64/clamav-0.94-0.2.C30mdk.x86_64.rpm
604d398be060c7f431a792b4d0757a8b corporate/3.0/x86_64/clamav-db-0.94-0.2.C30mdk.x86_64.rpm
b122a52e8e55edcf92ab86eb9ee3610c corporate/3.0/x86_64/clamav-milter-0.94-0.2.C30mdk.x86_64.rpm
0c3467a14808f500debc3cc942567263 corporate/3.0/x86_64/clamd-0.94-0.2.C30mdk.x86_64.rpm
65b9975e084064ce95106e50e2fd4f4e corporate/3.0/x86_64/lib64clamav5-0.94-0.2.C30mdk.x86_64.rpm
c8ab52b74b1588aecb8154dfa3f5d648 corporate/3.0/x86_64/lib64clamav-devel-0.94-0.2.C30mdk.x86_64.rpm
4b1e8ef2379e85f21551f95a94f1a8e5 corporate/3.0/SRPMS/clamav-0.94-0.2.C30mdk.src.rpm

Corporate 4.0:
ac6b9ccf86d24c75378af4b6d9ebc7ae corporate/4.0/i586/clamav-0.94-0.2.20060mlcs4.i586.rpm
277a27113deb3918357f23cc22f0be03 corporate/4.0/i586/clamav-db-0.94-0.2.20060mlcs4.i586.rpm
030871f92c0a0810ce1d6ebef3b79281 corporate/4.0/i586/clamav-milter-0.94-0.2.20060mlcs4.i586.rpm
62928c90ddc3231a74dd4d22e5b978b2 corporate/4.0/i586/clamd-0.94-0.2.20060mlcs4.i586.rpm
361666d642f123a6753432feb4929903 corporate/4.0/i586/libclamav5-0.94-0.2.20060mlcs4.i586.rpm
52cda54b2fa72df9117f6a6948583ee6 corporate/4.0/i586/libclamav-devel-0.94-0.2.20060mlcs4.i586.rpm
7021edb359916cfa3fb30543ea370aa8 corporate/4.0/SRPMS/clamav-0.94-0.2.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
68ac788288dc16c43fc223df3899917b corporate/4.0/x86_64/clamav-0.94-0.2.20060mlcs4.x86_64.rpm
de6d27c00958e9bdd0d66ff43f97ee10 corporate/4.0/x86_64/clamav-db-0.94-0.2.20060mlcs4.x86_64.rpm
b0a7ba23f28b62c17306479d64ad6a22 corporate/4.0/x86_64/clamav-milter-0.94-0.2.20060mlcs4.x86_64.rpm
fdf85b763af44d15efe62a5b65c2c381 corporate/4.0/x86_64/clamd-0.94-0.2.20060mlcs4.x86_64.rpm
247599c92852bba5467f544f3aac0e2b corporate/4.0/x86_64/lib64clamav5-0.94-0.2.20060mlcs4.x86_64.rpm
46f8956577297aff1086ecdf1b19209b corporate/4.0/x86_64/lib64clamav-devel-0.94-0.2.20060mlcs4.x86_64.rpm
7021edb359916cfa3fb30543ea370aa8 corporate/4.0/SRPMS/clamav-0.94-0.2.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFI0T3umqjQ0CJFipgRAsxbAJwLv/XtQ4i4u9Ub3e1weYDutjKwQQCfcpP/
hg0ASUdC8aRKpTDiW8eOW9A=
=zpXC
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    69 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close