Date: 08 December 2010
References: ESB-2010.1179 ESB-2011.0314
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2010.1106
Multiple vulnerabilities were discovered and corrected in clamav
8 December 2010
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: clamav
Publisher: Mandriva
Operating System: Mandriva Linux
UNIX variants (UNIX, Linux, OSX)
Windows
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2010-4479 CVE-2010-4261 CVE-2010-4260
Original Bulletin:
http://www.linuxsecurity.com/content/view/153879?rdf
Comment: This advisory references vulnerabilities in products which run on
platforms other than Mandriva. It is recommended that administrators
running clamav check for an updated version of the software for
their operating system.
- --------------------------BEGIN INCLUDED TEXT--------------------
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:249
http://www.mandriva.com/security/
_______________________________________________________________________
Package : clamav
Date : December 7, 2010
Affected: 2009.0, Corporate 4.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities were discovered and corrected in clamav:
Multiple unspecified vulnerabilities in pdf.c in libclamav in ClamAV
before 0.96.5 allow remote attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via a crafted
PDF document (CVE-2010-4260, (CVE-2010-4479).
Off-by-one error in the icon_cb function in pe_icons.c in libclamav
in ClamAV before 0.96.5 allows remote attackers to cause a denial of
service (memory corruption and application crash) or possibly execute
arbitrary code via unspecified vectors. NOTE: some of these details
are obtained from third party information (CVE-2010-4261).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated clamav packages have been upgraded to the 0.96.5 version
that is not vulnerable to these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4260
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4261
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4479
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.0:
9ead4a15ce0b94209cd072fdc0210d7c 2009.0/i586/clamav-0.96.5-0.1mdv2009.0.i586.rpm
f07c8219761b696e26282fa852fbe4ad 2009.0/i586/clamav-db-0.96.5-0.1mdv2009.0.i586.rpm
5f3592e1ef8bc479e8791fbf6ed1c5b1 2009.0/i586/clamav-milter-0.96.5-0.1mdv2009.0.i586.rpm
f94e7fff4f175c49da1d74a09074cc05 2009.0/i586/clamd-0.96.5-0.1mdv2009.0.i586.rpm
954bc02f355d263f29a12c450d4b057b 2009.0/i586/libclamav6-0.96.5-0.1mdv2009.0.i586.rpm
82e3c8b870a847b62a889effcf0df5ee 2009.0/i586/libclamav-devel-0.96.5-0.1mdv2009.0.i586.rpm
ecd257622ed55d4990e042c6dd381c42 2009.0/SRPMS/clamav-0.96.5-0.1mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
2b84bb3db11ae2b7bfc6fe48a2e07ef7 2009.0/x86_64/clamav-0.96.5-0.1mdv2009.0.x86_64.rpm
8cdd574ed24d552aef5e4d3772963fab 2009.0/x86_64/clamav-db-0.96.5-0.1mdv2009.0.x86_64.rpm
802114d391b05e7c87ab19e2178ca324 2009.0/x86_64/clamav-milter-0.96.5-0.1mdv2009.0.x86_64.rpm
04d1665b37a93391ca619930440065b7 2009.0/x86_64/clamd-0.96.5-0.1mdv2009.0.x86_64.rpm
318b41bcab46e00e28bb627090a1ba0f 2009.0/x86_64/lib64clamav6-0.96.5-0.1mdv2009.0.x86_64.rpm
7e768e6a84594437e2aa901e1e032c89 2009.0/x86_64/lib64clamav-devel-0.96.5-0.1mdv2009.0.x86_64.rpm
ecd257622ed55d4990e042c6dd381c42 2009.0/SRPMS/clamav-0.96.5-0.1mdv2009.0.src.rpm
Corporate 4.0:
f5a8398d84556589b37c7d4b83719526 corporate/4.0/i586/clamav-0.96.5-0.1.20060mlcs4.i586.rpm
2dff852878c15339603b8d90c90d02c9 corporate/4.0/i586/clamav-db-0.96.5-0.1.20060mlcs4.i586.rpm
5223406ce119a25634e7a8b9883f5c1d corporate/4.0/i586/clamav-milter-0.96.5-0.1.20060mlcs4.i586.rpm
9a05c1072414eaa6be27d4cb49c67c38 corporate/4.0/i586/clamd-0.96.5-0.1.20060mlcs4.i586.rpm
2b7b4887e66b5228d70174c7871e0557 corporate/4.0/i586/libclamav6-0.96.5-0.1.20060mlcs4.i586.rpm
fe0f1b51afd4950f5ecd118f8d780990 corporate/4.0/i586/libclamav-devel-0.96.5-0.1.20060mlcs4.i586.rpm
ee9b7ce35ad83dfec3b7ee4b68b1bafc corporate/4.0/SRPMS/clamav-0.96.5-0.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
00f581cf11a21be74865a9884a1f85e0 corporate/4.0/x86_64/clamav-0.96.5-0.1.20060mlcs4.x86_64.rpm
416f4b1f73a168aeac08ee2ec1b86ee2 corporate/4.0/x86_64/clamav-db-0.96.5-0.1.20060mlcs4.x86_64.rpm
6e1939794dbb2d24762323a524d8ef5a corporate/4.0/x86_64/clamav-milter-0.96.5-0.1.20060mlcs4.x86_64.rpm
df4a0f11d30599bd76978650d31bd50c corporate/4.0/x86_64/clamd-0.96.5-0.1.20060mlcs4.x86_64.rpm
e1f72491d2f168aec358f0c9779dded4 corporate/4.0/x86_64/lib64clamav6-0.96.5-0.1.20060mlcs4.x86_64.rpm
db4feea7479714e0ed63df6ece12ffa2 corporate/4.0/x86_64/lib64clamav-devel-0.96.5-0.1.20060mlcs4.x86_64.rpm
ee9b7ce35ad83dfec3b7ee4b68b1bafc corporate/4.0/SRPMS/clamav-0.96.5-0.1.20060mlcs4.src.rpm
Mandriva Enterprise Server 5:
7dbe85e2b4070fa055a58165dd5e2da1 mes5/i586/clamav-0.96.5-0.1mdvmes5.1.i586.rpm
07c0b919ab8bb87e79d285f5afa7184a mes5/i586/clamav-db-0.96.5-0.1mdvmes5.1.i586.rpm
adb539f66833633598f4d421c203d265 mes5/i586/clamav-milter-0.96.5-0.1mdvmes5.1.i586.rpm
f2170ba7bb9d2c23521b4b30dca179d8 mes5/i586/clamd-0.96.5-0.1mdvmes5.1.i586.rpm
6f0bb2908d770bebe256c4f2a49c4ece mes5/i586/libclamav6-0.96.5-0.1mdvmes5.1.i586.rpm
ebc71b9b46a18ce96e17e8982437adca mes5/i586/libclamav-devel-0.96.5-0.1mdvmes5.1.i586.rpm
98af84f0b4f58262ff09c04d21218b92 mes5/SRPMS/clamav-0.96.5-0.1mdvmes5.1.src.rpm
Mandriva Enterprise Server 5/X86_64:
ddeaeacc6e3f22013125eeb5559e894d mes5/x86_64/clamav-0.96.5-0.1mdvmes5.1.x86_64.rpm
256e12003889fdb0489024bccfd84710 mes5/x86_64/clamav-db-0.96.5-0.1mdvmes5.1.x86_64.rpm
4b60cc0711c3a6d493088734cc161879 mes5/x86_64/clamav-milter-0.96.5-0.1mdvmes5.1.x86_64.rpm
a41f5bdce028d9e97e1f9eeeb4416c86 mes5/x86_64/clamd-0.96.5-0.1mdvmes5.1.x86_64.rpm
6555d6c1a3d61d39c901978732068116 mes5/x86_64/lib64clamav6-0.96.5-0.1mdvmes5.1.x86_64.rpm
61205db186f2bcd90ab37f1ba151b465 mes5/x86_64/lib64clamav-devel-0.96.5-0.1mdvmes5.1.x86_64.rpm
98af84f0b4f58262ff09c04d21218b92 mes5/SRPMS/clamav-0.96.5-0.1mdvmes5.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iD8DBQFM/wdL/iFOrG6YcBERAh4cAJwOBhl+Xg7y1Z3m/yjfU5xfpt/2lACffthx
JC0JbNGCD1BF40aWkWhbDPM=
=8IEh
-----END PGP SIGNATURE-----
|