FrSIRT - Mandriva Security Update Fixes ClamAV Multiple Remote Denial of Service Vulnerabilities / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Mandriva Security Update Fixes ClamAV Multiple Remote Denial of Service Vulnerabilities

Title : Mandriva Security Update Fixes ClamAV Multiple Remote Denial of Service Vulnerabilities
Advisory ID : FrSIRT/ADV-2007-0657
CVE ID : CVE-2007-0897 - CVE-2007-0898
Rated as : Moderate Risk

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-02-20

Advisory Details

Description

Affected Products

Solution

References

Technical Description

Mandriva has released security updates to address multiple vulnerabilities identified in ClamAV [...]

Solution

Upgrade the affected packages :

Mandriva Linux 2006.0:
d478e8184aac28373be2bd287cbeae73 2006.0/i586/clamav-0.90-0.1.20060mdk.i586.rpm
fd08410e04bfac99c4ebb3423f8a212f 2006.0/i586/clamav-db-0.90-0.1.20060mdk.i586.rpm
26e74832cb99e2284f06debabea7a163 2006.0/i586/clamav-milter-0.90-0.1.20060mdk.i586.rpm
49c12cdd69b9ff06f2c3f382ef9424f5 2006.0/i586/clamd-0.90-0.1.20060mdk.i586.rpm
e8671b979de6801bf6a9f88f2f514aa3 2006.0/i586/libclamav1-0.90-0.1.20060mdk.i586.rpm
484447c8ce4d5d0a38940df71ac181fc 2006.0/i586/libclamav1-devel-0.90-0.1.20060mdk.i586.rpm
73b2ff74a1eab49ecc30e8f4fb247bf2 2006.0/SRPMS/clamav-0.90-0.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
d0358166c006dc52593c58a00335ede6 2006.0/x86_64/clamav-0.90-0.1.20060mdk.x86_64.rpm
b7b96b59800f61f9772c8ff5d2c1e174 2006.0/x86_64/clamav-db-0.90-0.1.20060mdk.x86_64.rpm
c0c59ceed196d27d9f6cf957197c82c5 2006.0/x86_64/clamav-milter-0.90-0.1.20060mdk.x86_64.rpm
212ca37f1506c9283a7a47a94b05761c 2006.0/x86_64/clamd-0.90-0.1.20060mdk.x86_64.rpm
0e807be53a70992133fffcace4ecaba9 2006.0/x86_64/lib64clamav1-0.90-0.1.20060mdk.x86_64.rpm
ebd04ff90f10621837c1fcddb357293c 2006.0/x86_64/lib64clamav1-devel-0.90-0.1.20060mdk.x86_64.rpm
73b2ff74a1eab49ecc30e8f4fb247bf2 2006.0/SRPMS/clamav-0.90-0.1.20060mdk.src.rpm

Mandriva Linux 2007.0:
05b57b655873d037cd93ecef3f439e4a 2007.0/i586/clamav-0.90-1.1mdv2007.0.i586.rpm
4c894ca77de3bb764bf001df5fe456d0 2007.0/i586/clamav-db-0.90-1.1mdv2007.0.i586.rpm
a79763ed46f52df012cda91ae15c24bc 2007.0/i586/clamav-milter-0.90-1.1mdv2007.0.i586.rpm
ac617c55ee7fc187bb763b4f422b45f4 2007.0/i586/clamd-0.90-1.1mdv2007.0.i586.rpm
1f560e10b9f5263a406b5682f8df20b3 2007.0/i586/libclamav1-0.90-1.1mdv2007.0.i586.rpm
83492cb6e36b01f82c3772270af81d71 2007.0/i586/libclamav1-devel-0.90-1.1mdv2007.0.i586.rpm
e14099005151cb6cd06527348ea9f5f2 2007.0/SRPMS/clamav-0.90-1.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
833fa03ec7207b9908c0b3fca554dd49 2007.0/x86_64/clamav-0.90-1.1mdv2007.0.x86_64.rpm
29909e2d73531f75750c02c025f91dcb 2007.0/x86_64/clamav-db-0.90-1.1mdv2007.0.x86_64.rpm
2527cf8b432dc7b5ad6ba3fd427724bd 2007.0/x86_64/clamav-milter-0.90-1.1mdv2007.0.x86_64.rpm
fc2b6a8a934e88d93debdd644f4eefef 2007.0/x86_64/clamd-0.90-1.1mdv2007.0.x86_64.rpm
ee89752f5b5875e5ac5afd7ad4293b32 2007.0/x86_64/lib64clamav1-0.90-1.1mdv2007.0.x86_64.rpm
81d17f067619437526190b953e0c5206 2007.0/x86_64/lib64clamav1-devel-0.90-1.1mdv2007.0.x86_64.rpm
e14099005151cb6cd06527348ea9f5f2 2007.0/SRPMS/clamav-0.90-1.1mdv2007.0.src.rpm

Corporate 3.0:
ad2dff0bec17856884d0ccecc18df652 corporate/3.0/i586/clamav-0.90-0.1.C30mdk.i586.rpm
cb9cca92b34fb2e6e5709f4d9b3de0ad corporate/3.0/i586/clamav-db-0.90-0.1.C30mdk.i586.rpm
c8b968b8629b8d422c5aeef49da5fab2 corporate/3.0/i586/clamav-milter-0.90-0.1.C30mdk.i586.rpm
a10a5abcea78a66e11b8e2e8dfb8fa04 corporate/3.0/i586/clamd-0.90-0.1.C30mdk.i586.rpm
0b1cd6e53f293f2d143fa0e79fd4cc8b corporate/3.0/i586/libclamav1-0.90-0.1.C30mdk.i586.rpm
232b55ab3ffc888aca0d2a1915a8b106 corporate/3.0/i586/libclamav1-devel-0.90-0.1.C30mdk.i586.rpm
b19bb5df0c8520ddfa501beac3b12381 corporate/3.0/SRPMS/clamav-0.90-0.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
2800e661cd096538f393c8eed9cbe6e2 corporate/3.0/x86_64/clamav-0.90-0.1.C30mdk.x86_64.rpm
dfe0fc52a7f9efc5fd2be2e525996414 corporate/3.0/x86_64/clamav-db-0.90-0.1.C30mdk.x86_64.rpm
591678a80c4d873b9dbd3045f4b837cb corporate/3.0/x86_64/clamav-milter-0.90-0.1.C30mdk.x86_64.rpm
59e310e76b51ce87e9c3d2eba11b41f8 corporate/3.0/x86_64/clamd-0.90-0.1.C30mdk.x86_64.rpm
954ba4e79a8e259583c236d1e8922559 corporate/3.0/x86_64/lib64clamav1-0.90-0.1.C30mdk.x86_64.rpm
cc685b342368205402fd7e33dbb8ed0c corporate/3.0/x86_64/lib64clamav1-devel-0.90-0.1.C30mdk.x86_64.rpm
b19bb5df0c8520ddfa501beac3b12381 corporate/3.0/SRPMS/clamav-0.90-0.1.C30mdk.src.rpm

Corporate 4.0:
e50bb43342dd1406dbf6066827e898fb corporate/4.0/i586/clamav-0.90-0.1.20060mlcs4.i586.rpm
b0c3b10edb2e890a713598f565a13555 corporate/4.0/i586/clamav-db-0.90-0.1.20060mlcs4.i586.rpm
b54c220f936aac40dff2a784637884d9 corporate/4.0/i586/clamav-milter-0.90-0.1.20060mlcs4.i586.rpm
e5c2f70f08edd228c352aa4349a43582 corporate/4.0/i586/clamd-0.90-0.1.20060mlcs4.i586.rpm
1aa94968f937436a168d9b33c3046fcc corporate/4.0/i586/libclamav1-0.90-0.1.20060mlcs4.i586.rpm
5c9a6917fc3b83c7a96d24532df37351 corporate/4.0/i586/libclamav1-devel-0.90-0.1.20060mlcs4.i586.rpm
772099a75eb5a6ee2949af173b9e1b51 corporate/4.0/SRPMS/clamav-0.90-0.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
76a2be1b4cf681342a3d5993f330e189 corporate/4.0/x86_64/clamav-0.90-0.1.20060mlcs4.x86_64.rpm
5e17ee07795168e109e6956ef98348d3 corporate/4.0/x86_64/clamav-db-0.90-0.1.20060mlcs4.x86_64.rpm
6d361ea87425a4b297e6245eee216a30 corporate/4.0/x86_64/clamav-milter-0.90-0.1.20060mlcs4.x86_64.rpm
a0ee52c4f866b104bc89a337ae4a5fb4 corporate/4.0/x86_64/clamd-0.90-0.1.20060mlcs4.x86_64.rpm
5f81def8296e37bc2a9a1aa818431362 corporate/4.0/x86_64/lib64clamav1-0.90-0.1.20060mlcs4.x86_64.rpm
580883088be552b2c9eea7634e16622f corporate/4.0/x86_64/lib64clamav1-devel-0.90-0.1.20060mlcs4.x86_64.rpm
772099a75eb5a6ee2949af173b9e1b51 corporate/4.0/SRPMS/clamav-0.90-0.1.20060mlcs4.src.rpm

ChangeLog

2007-02-20 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	Cisco UCM SIP Remote Denial of Service
	Cisco IOS Denial of Service and Security Bypass Vulnerabilities
	Cisco PIX and ASA Information Disclosure and DoS Vulnerabilities
	Cisco Secure ACS EAP Remote Denial Of Service Vulnerability
	Cisco Products Remote DNS Cache Poisoning Vulnerability
	Cisco Wide Area Application Services CUPS Remote Vulnerability
	Cisco UCM Denial of Service and Authentication Bypass Vulnerabilities

	Apple TV Multiple File Processing Code Execution Vulnerabilities
	Apple Mac OS X Code Execution and Security Bypass Vulnerabilities
	Apple iPhone Code Execution and Security Bypass Vulnerabilities
	Apple QuickTime Multiple Remote Code Execution Vulnerabilities
	Apple iTunes Driver Integer Overflow Privilege Escalation Vulnerability
	Apple iPod touch Code Execution and Security Bypass Vulnerabilities
	Apple Bonjour for Windows DNS Spoofing and DoS Vulnerabilities

	Mozilla Products Code Execution and Security Bypass Vulnerabilities
	Mozilla Firefox for Mac OS X GIF Rendering Code Execution Vulnerability
	Mozilla Products Remote Code Execution and Security Bypass Issues
	Mozilla Products Code Execution and Injection Vulnerabilities
	Mozilla JavaScript Garbage Collector Code Execution Vulnerability
	Mozilla Thunderbird Code Execution and Cross Site Scripting Issues
	Mozilla Firefox and SeaMonkey Multiple Remote Code Execution Issues