Mandriva: Subject: [Security Announce] [ MDVSA-2008:239 ] clamav
Posted by Benjamin D. Thomas   
Mandrake Ilja van Sprundel found that ClamAV contained a denial of service vulnerability in how it handled processing JPEG files, due to it not limiting the recursion depth when processing JPEG thumbnails (CVE-2008-5314). Other bugs have also been corrected in 0.94.2 which is being provided with this update.
 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2008:239
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : clamav
 Date    : December 5, 2008
 Affected: 2008.0, 2008.1, 2009.0, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________

 Problem Description:

 Ilja van Sprundel found that ClamAV contained a denial of service
 vulnerability in how it handled processing JPEG files, due to it
 not limiting the recursion depth when processing JPEG thumbnails
 (CVE-2008-5314).
 
 Other bugs have also been corrected in 0.94.2 which is being provided
 with this update.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5314
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 76beab75d863d50bba121d855c9b438b  2008.0/i586/clamav-0.94.2-1.1mdv2008.0.i586.rpm
 4fd30d06eaae9dd3485d1029b785b5d1  2008.0/i586/clamav-db-0.94.2-1.1mdv2008.0.i586.rpm
 3293ae92542961c7aff1270321e42c64  2008.0/i586/clamd-0.94.2-1.1mdv2008.0.i586.rpm
 edf97df009a6670637d9259e93e8fa4d  2008.0/i586/libclamav5-0.94.2-1.1mdv2008.0.i586.rpm
 a6c8e64a377e3cffe859fa1b9c369ccf  2008.0/i586/libclamav-devel-0.94.2-1.1mdv2008.0.i586.rpm 
 ad2a6c0a833e798109f7dafefe845c6b  2008.0/SRPMS/clamav-0.94.2-1.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 9be0855b803f6772371c94e613e609cc  2008.0/x86_64/clamav-0.94.2-1.1mdv2008.0.x86_64.rpm
 d61d7b9cdc5418209da894c1d557dc2f  2008.0/x86_64/clamav-db-0.94.2-1.1mdv2008.0.x86_64.rpm
 51fd1abb8528865ff3930dfbc497293f  2008.0/x86_64/clamd-0.94.2-1.1mdv2008.0.x86_64.rpm
 024a6a575ca469dc3f3044e50ff82611  2008.0/x86_64/lib64clamav5-0.94.2-1.1mdv2008.0.x86_64.rpm
 986d1b076adf3bed18a37fb7ffbb938b  2008.0/x86_64/lib64clamav-devel-0.94.2-1.1mdv2008.0.x86_64.rpm 
 ad2a6c0a833e798109f7dafefe845c6b  2008.0/SRPMS/clamav-0.94.2-1.1mdv2008.0.src.rpm

 Mandriva Linux 2008.1:
 cc37662a9b26623fbacdd49f6bd552f1  2008.1/i586/clamav-0.94.2-1.1mdv2008.1.i586.rpm
 447c0735aa918d5c8ba9dc603a830e84  2008.1/i586/clamav-db-0.94.2-1.1mdv2008.1.i586.rpm
 612c1311f2ec78ea72a821fcb5f69e9e  2008.1/i586/clamd-0.94.2-1.1mdv2008.1.i586.rpm
 d1cda95e0b38da35f601a21adf8a83ea  2008.1/i586/libclamav5-0.94.2-1.1mdv2008.1.i586.rpm
 e6debecc5127af9c9b6a1ce1b6856a14  2008.1/i586/libclamav-devel-0.94.2-1.1mdv2008.1.i586.rpm 
 4a85173474e49d304c0055cc4f9a50ee  2008.1/SRPMS/clamav-0.94.2-1.1mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 666d401ee9a3e5386c39dae18b706736  2008.1/x86_64/clamav-0.94.2-1.1mdv2008.1.x86_64.rpm
 f1e7e07f56c9ffa8671adc066ecd88d9  2008.1/x86_64/clamav-db-0.94.2-1.1mdv2008.1.x86_64.rpm
 68831cc7365c47c630df5edb1838206d  2008.1/x86_64/clamd-0.94.2-1.1mdv2008.1.x86_64.rpm
 23a274e8c5f558ae53a306bd00fee12e  2008.1/x86_64/lib64clamav5-0.94.2-1.1mdv2008.1.x86_64.rpm
 79196d7b4f6c0e7df71d2d6430be21ab  2008.1/x86_64/lib64clamav-devel-0.94.2-1.1mdv2008.1.x86_64.rpm 
 4a85173474e49d304c0055cc4f9a50ee  2008.1/SRPMS/clamav-0.94.2-1.1mdv2008.1.src.rpm

 Mandriva Linux 2009.0:
 e3bb00e5435ee0bc4e3ba34377cee784  2009.0/i586/clamav-0.94.2-1.1mdv2009.0.i586.rpm
 a2cd7d757a336f34058a55098dc600e8  2009.0/i586/clamav-db-0.94.2-1.1mdv2009.0.i586.rpm
 6904d7d8f7a35d2a65a4cfe40ef48bfa  2009.0/i586/clamd-0.94.2-1.1mdv2009.0.i586.rpm
 36c1e37a32f65cb96d24fd8b0db5f7e5  2009.0/i586/libclamav5-0.94.2-1.1mdv2009.0.i586.rpm
 f4f89d2acb7237ba6135ba54dccacaf9  2009.0/i586/libclamav-devel-0.94.2-1.1mdv2009.0.i586.rpm 
 d9954bb8eac45821b9f13e655fb7839e  2009.0/SRPMS/clamav-0.94.2-1.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 2355d0d75b0199682e71657db724e295  2009.0/x86_64/clamav-0.94.2-1.1mdv2009.0.x86_64.rpm
 3432b677b2a72802432cc96d92014f5b  2009.0/x86_64/clamav-db-0.94.2-1.1mdv2009.0.x86_64.rpm
 7bebc82ca05fecdc1768892dbd812c17  2009.0/x86_64/clamd-0.94.2-1.1mdv2009.0.x86_64.rpm
 ba9fdd676bb4ce545072a14e8e96f86c  2009.0/x86_64/lib64clamav5-0.94.2-1.1mdv2009.0.x86_64.rpm
 6e1c88a5a086126ea6df74fa0642e45f  2009.0/x86_64/lib64clamav-devel-0.94.2-1.1mdv2009.0.x86_64.rpm 
 d9954bb8eac45821b9f13e655fb7839e  2009.0/SRPMS/clamav-0.94.2-1.1mdv2009.0.src.rpm

 Corporate 3.0:
 0de774b0b919eaf9269bff1f9dbcc502  corporate/3.0/i586/clamav-0.94.2-0.1.C30mdk.i586.rpm
 79b305aa810908fa3e30b32a9ddc0a9a  corporate/3.0/i586/clamav-db-0.94.2-0.1.C30mdk.i586.rpm
 bcb7357561fb229201fa415dbbe1ba10  corporate/3.0/i586/clamd-0.94.2-0.1.C30mdk.i586.rpm
 a889cd1fa54443ed7f84b03a599b5dd7  corporate/3.0/i586/libclamav5-0.94.2-0.1.C30mdk.i586.rpm
 04895e0ca3f5f112562b3352bdd4e522  corporate/3.0/i586/libclamav-devel-0.94.2-0.1.C30mdk.i586.rpm 
 a307df060dcaa0c7d93c7cbd9f58e842  corporate/3.0/SRPMS/clamav-0.94.2-0.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 a56708d3e7bf8c6111a1f1b4b44d2571  corporate/3.0/x86_64/clamav-0.94.2-0.1.C30mdk.x86_64.rpm
 095bd1aa2b2295d555ca13c36f5778b4  corporate/3.0/x86_64/clamav-db-0.94.2-0.1.C30mdk.x86_64.rpm
 0c80591bfdccc63fe3818583b5fcb829  corporate/3.0/x86_64/clamd-0.94.2-0.1.C30mdk.x86_64.rpm
 1311da34900cd15ce38c14ff16b2c0dc  corporate/3.0/x86_64/lib64clamav5-0.94.2-0.1.C30mdk.x86_64.rpm
 fe66fd2f698a27b014b1c68e2bd019d8  corporate/3.0/x86_64/lib64clamav-devel-0.94.2-0.1.C30mdk.x86_64.rpm 
 a307df060dcaa0c7d93c7cbd9f58e842  corporate/3.0/SRPMS/clamav-0.94.2-0.1.C30mdk.src.rpm

 Corporate 4.0:
 392911d388217b1d55cf31a7bb2586ab  corporate/4.0/i586/clamav-0.94.2-0.1.20060mlcs4.i586.rpm
 77d8232d30d440220faf79d979fae533  corporate/4.0/i586/clamav-db-0.94.2-0.1.20060mlcs4.i586.rpm
 866326eaf820b549877f2c3126cdf2ba  corporate/4.0/i586/clamd-0.94.2-0.1.20060mlcs4.i586.rpm
 f2ba2c12b43ec1979424cddf8bb6c475  corporate/4.0/i586/libclamav5-0.94.2-0.1.20060mlcs4.i586.rpm
 6557632e03d2a4863326b49404dbdcd7  corporate/4.0/i586/libclamav-devel-0.94.2-0.1.20060mlcs4.i586.rpm 
 54d43f922df6e0ece09ec3c3ece7364a  corporate/4.0/SRPMS/clamav-0.94.2-0.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 72f5f30c460683914b27d257e2125688  corporate/4.0/x86_64/clamav-0.94.2-0.1.20060mlcs4.x86_64.rpm
 169f086d64243420757efd885c931a99  corporate/4.0/x86_64/clamav-db-0.94.2-0.1.20060mlcs4.x86_64.rpm
 cd2ac76205e5a866a0083a8aa741a052  corporate/4.0/x86_64/clamd-0.94.2-0.1.20060mlcs4.x86_64.rpm
 5b2ec74d5d3b07f0546d7e4c76072bb4  corporate/4.0/x86_64/lib64clamav5-0.94.2-0.1.20060mlcs4.x86_64.rpm
 c506b06df4cb84b77d626525d5c05025  corporate/4.0/x86_64/lib64clamav-devel-0.94.2-0.1.20060mlcs4.x86_64.rpm 
 54d43f922df6e0ece09ec3c3ece7364a  corporate/4.0/SRPMS/clamav-0.94.2-0.1.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team