LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: October 17th, 2014
Linux Security Week: October 13th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: Updated clamav packages fix vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake The latest version of ClamAV, 0.88.7, fixes some bugs, including vulnerabilities with handling base64-encoded MIME attachment files that can lead to either a) a crash (CVE-2006-5874), or b) a bypass of virus detection (CVE-2006-6406).
 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:230
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : clamav
 Date    : December 13, 2006
 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 The latest version of ClamAV, 0.88.7, fixes some bugs, including
 vulnerabilities with handling base64-encoded MIME attachment files that
 can lead to either a) a crash (CVE-2006-5874), or b) a bypass of virus
 detection (CVE-2006-6406).

 As well, a vulnerability was discovered that allows remote attackers to
 cause a stack overflow and application crash by wrapping many layers of
 multipart/mixed content around a document (CVE-2006-6481).

 The latest ClamAV is being provided to address these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5874
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6406
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6481
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 b62b980e893f31cb4a1868bf654111b1  2006.0/i586/clamav-0.88.7-0.1.20060mdk.i586.rpm
 45224507b6eb7548d77d350e49b779bf  2006.0/i586/clamav-db-0.88.7-0.1.20060mdk.i586.rpm
 2839e6db4e043c8c5f30242073fd463a  2006.0/i586/clamav-milter-0.88.7-0.1.20060mdk.i586.rpm
 1efab3d20fc9a3ee591bca6cd911f432  2006.0/i586/clamd-0.88.7-0.1.20060mdk.i586.rpm
 a02b321e3540dc8746568ceb89978d8a  2006.0/i586/libclamav1-0.88.7-0.1.20060mdk.i586.rpm
 a2a63b58aa4799427b10b2ef3df0312a  2006.0/i586/libclamav1-devel-0.88.7-0.1.20060mdk.i586.rpm 
 d0eec42b243ddf7adf64cf64d1220381  2006.0/SRPMS/clamav-0.88.7-0.1.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 c82c856996f6916e538ad1d8108f32ff  2006.0/x86_64/clamav-0.88.7-0.1.20060mdk.x86_64.rpm
 c14d9d0ff168241afaed73f5835b1e76  2006.0/x86_64/clamav-db-0.88.7-0.1.20060mdk.x86_64.rpm
 501ae197ee84e3a9b791bab78e27d744  2006.0/x86_64/clamav-milter-0.88.7-0.1.20060mdk.x86_64.rpm
 795e8d155a0b93f3854c2a454f265cbd  2006.0/x86_64/clamd-0.88.7-0.1.20060mdk.x86_64.rpm
 94d70db54cb3129082c5c30d294368d9  2006.0/x86_64/lib64clamav1-0.88.7-0.1.20060mdk.x86_64.rpm
 d130298465adc84967cc4b2f00b7e3ba  2006.0/x86_64/lib64clamav1-devel-0.88.7-0.1.20060mdk.x86_64.rpm 
 d0eec42b243ddf7adf64cf64d1220381  2006.0/SRPMS/clamav-0.88.7-0.1.20060mdk.src.rpm

 Mandriva Linux 2007.0:
 96ed9d67bba561245f73cc69596c4d47  2007.0/i586/clamav-0.88.7-1.1mdv2007.0.i586.rpm
 3b0d3b89b0507b6a8c65b675a0fbb67b  2007.0/i586/clamav-db-0.88.7-1.1mdv2007.0.i586.rpm
 31a67792b8319f86c1a48d82c78c06a0  2007.0/i586/clamav-milter-0.88.7-1.1mdv2007.0.i586.rpm
 3277aa7171b3e4d05d03d7ee7d1c0ed4  2007.0/i586/clamd-0.88.7-1.1mdv2007.0.i586.rpm
 c25960475a4606bbd910a0200e4cf53f  2007.0/i586/libclamav1-0.88.7-1.1mdv2007.0.i586.rpm
 265ac03db8213dd9bfca2723b300a763  2007.0/i586/libclamav1-devel-0.88.7-1.1mdv2007.0.i586.rpm 
 6a4400d492a1a960b8d92f00552d7d18  2007.0/SRPMS/clamav-0.88.7-1.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 88d6558eaedc651f5997a25a303079a5  2007.0/x86_64/clamav-0.88.7-1.1mdv2007.0.x86_64.rpm
 78e4cd526a8622b6e12f84fa4ae3d6d0  2007.0/x86_64/clamav-db-0.88.7-1.1mdv2007.0.x86_64.rpm
 61e1966f5630a939136957d82acbb4c6  2007.0/x86_64/clamav-milter-0.88.7-1.1mdv2007.0.x86_64.rpm
 9d19aefac34f54e499c36733eca73111  2007.0/x86_64/clamd-0.88.7-1.1mdv2007.0.x86_64.rpm
 bdf0b48ad7b2afb5aa17b57f42482cf8  2007.0/x86_64/lib64clamav1-0.88.7-1.1mdv2007.0.x86_64.rpm
 2cd6d0d8d721cf027d0e2bcaebc34cbc  2007.0/x86_64/lib64clamav1-devel-0.88.7-1.1mdv2007.0.x86_64.rpm 
 6a4400d492a1a960b8d92f00552d7d18  2007.0/SRPMS/clamav-0.88.7-1.1mdv2007.0.src.rpm

 Corporate 3.0:
 feaa3bc3bf4a008ebe28be198d00fdf3  corporate/3.0/i586/clamav-0.88.7-0.1.C30mdk.i586.rpm
 07d17cdbf4f6037211a6ccd8fa19dacb  corporate/3.0/i586/clamav-db-0.88.7-0.1.C30mdk.i586.rpm
 86d5d1ba6a021918dfec382d363f1b6c  corporate/3.0/i586/clamav-milter-0.88.7-0.1.C30mdk.i586.rpm
 cd6b3538836b38a4280bc87b8973622f  corporate/3.0/i586/clamd-0.88.7-0.1.C30mdk.i586.rpm
 9267bc8bfe596439de8886223bad26e9  corporate/3.0/i586/libclamav1-0.88.7-0.1.C30mdk.i586.rpm
 4682ad4e008c5ce93429034abe40d5d6  corporate/3.0/i586/libclamav1-devel-0.88.7-0.1.C30mdk.i586.rpm 
 98f8117362b50ca3e775894d45a5fcfb  corporate/3.0/SRPMS/clamav-0.88.7-0.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 cfa59847b3868d67dac9c61ce07a310d  corporate/3.0/x86_64/clamav-0.88.7-0.1.C30mdk.x86_64.rpm
 53d4c93840bb02b1092b2a8122e555e5  corporate/3.0/x86_64/clamav-db-0.88.7-0.1.C30mdk.x86_64.rpm
 893ef35e464ef5e9b1f7bad7ce1b1842  corporate/3.0/x86_64/clamav-milter-0.88.7-0.1.C30mdk.x86_64.rpm
 dfa01a642a5b00c298a6bd85a82d7a5d  corporate/3.0/x86_64/clamd-0.88.7-0.1.C30mdk.x86_64.rpm
 0ee7a5c70a4f3d2e01e19a3abda229fb  corporate/3.0/x86_64/lib64clamav1-0.88.7-0.1.C30mdk.x86_64.rpm
 7007fdd4b7c038c85947cda87c5262d3  corporate/3.0/x86_64/lib64clamav1-devel-0.88.7-0.1.C30mdk.x86_64.rpm 
 98f8117362b50ca3e775894d45a5fcfb  corporate/3.0/SRPMS/clamav-0.88.7-0.1.C30mdk.src.rpm

 Corporate 4.0:
 1fc7dc3770ca0a6aa16c6213d5d19fcc  corporate/4.0/i586/clamav-0.88.7-0.1.20060mlcs4.i586.rpm
 aa5259c487956b9de144fe12710f3f1c  corporate/4.0/i586/clamav-db-0.88.7-0.1.20060mlcs4.i586.rpm
 15fca428565d2dd9f2c169359826a95a  corporate/4.0/i586/clamav-milter-0.88.7-0.1.20060mlcs4.i586.rpm
 6a2ad1ede1e2d686c6d894e8c8b1e441  corporate/4.0/i586/clamd-0.88.7-0.1.20060mlcs4.i586.rpm
 87a1ad35fa480c91a769351bb9571698  corporate/4.0/i586/libclamav1-0.88.7-0.1.20060mlcs4.i586.rpm
 1c3f598674665c6c399e7799103dc4b7  corporate/4.0/i586/libclamav1-devel-0.88.7-0.1.20060mlcs4.i586.rpm 
 bbbd149e943f327577eba98d7c5dce0a  corporate/4.0/SRPMS/clamav-0.88.7-0.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 5941452de407b4f4d0e5631d57cea1b8  corporate/4.0/x86_64/clamav-0.88.7-0.1.20060mlcs4.x86_64.rpm
 86dca13c238afc9ccb7683542ad12b44  corporate/4.0/x86_64/clamav-db-0.88.7-0.1.20060mlcs4.x86_64.rpm
 249703cc4d464ef85067b4659d0e6757  corporate/4.0/x86_64/clamav-milter-0.88.7-0.1.20060mlcs4.x86_64.rpm
 bf8037a275cf6e28a1a1227b5a9e5777  corporate/4.0/x86_64/clamd-0.88.7-0.1.20060mlcs4.x86_64.rpm
 7b507bda94614b3f4547415df052af0f  corporate/4.0/x86_64/lib64clamav1-0.88.7-0.1.20060mlcs4.x86_64.rpm
 2778dd446bbd8b0e7f8e756bd8d8634f  corporate/4.0/x86_64/lib64clamav1-devel-0.88.7-0.1.20060mlcs4.x86_64.rpm 
 bbbd149e943f327577eba98d7c5dce0a  corporate/4.0/SRPMS/clamav-0.88.7-0.1.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
The Hacktivist as Angry Young Man
The Hacker Wars Hits NYC
CAINE Linux Distribution Helps Investigators With Forensic Analysis
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.