Advisories
Mandriva Advisories
|
 |
| Problem Description |
Damian Put discovered a boundary error in the UPX extraction module in
ClamAV which is used to unpack PE Windows executables. This could be
abused to cause a Denial of Service issue and potentially allow for
the execution of arbitrary code with the permissions of the user
running clamscan or clamd.
Updated packages have been patched to correct this issue.
| Updated Packages |
Corporate Server 3.0
8995669334c70e4abe03a130291ceee3 corporate/3.0/RPMS/clamav-0.88.4-0.1.C30mdk.i586.rpm b4d5bb40c553484ece891b5ccf6b9946 corporate/3.0/RPMS/clamav-db-0.88.4-0.1.C30mdk.i586.rpm beca95463cea696152f9b25f57fee24c corporate/3.0/RPMS/clamav-milter-0.88.4-0.1.C30mdk.i586.rpm 35dd7bff362ed54c8e052ba3182bff91 corporate/3.0/RPMS/clamd-0.88.4-0.1.C30mdk.i586.rpm 620db7610ccc4c7b05d0580634217e14 corporate/3.0/RPMS/libclamav1-0.88.4-0.1.C30mdk.i586.rpm 943964d75379bfbf9db16aa44a6965a4 corporate/3.0/RPMS/libclamav1-devel-0.88.4-0.1.C30mdk.i586.rpm 2ae9a4d818dce236123140f9edbaa742 corporate/3.0/SRPMS/clamav-0.88.4-0.1.C30mdk.src.rpm
Corporate Server 3.0/X86_64
873e244792ddb282ba7d5d3780644198 x86_64/corporate/3.0/RPMS/clamav-0.88.4-0.1.C30mdk.x86_64.rpm 45a538b5fc07847628b32f4346f4683e x86_64/corporate/3.0/RPMS/clamav-db-0.88.4-0.1.C30mdk.x86_64.rpm 5eef3b58eba440748a40d144adc9f36c x86_64/corporate/3.0/RPMS/clamav-milter-0.88.4-0.1.C30mdk.x86_64.rpm e2cb732e7b7a676a330784f2414d7700 x86_64/corporate/3.0/RPMS/clamd-0.88.4-0.1.C30mdk.x86_64.rpm 686e984920647ab725f6a79249673663 x86_64/corporate/3.0/RPMS/lib64clamav1-0.88.4-0.1.C30mdk.x86_64.rpm 78e63226b709d850781813c2e5ea9b08 x86_64/corporate/3.0/RPMS/lib64clamav1-devel-0.88.4-0.1.C30mdk.x86_64.rpm 2ae9a4d818dce236123140f9edbaa742 x86_64/corporate/3.0/SRPMS/clamav-0.88.4-0.1.C30mdk.src.rpm
Mandriva Linux 2006
7160be474b24613a61e0544bc51f7f86 2006.0/RPMS/clamav-0.88.4-0.1.20060mdk.i586.rpm 8eaf5d27daa93c18117d72991d04f6a2 2006.0/RPMS/clamav-db-0.88.4-0.1.20060mdk.i586.rpm 27781d61cf85dd88b8d83586d4831e1c 2006.0/RPMS/clamav-milter-0.88.4-0.1.20060mdk.i586.rpm ee41c72a28b45af3a8bc8a01b24680c1 2006.0/RPMS/clamd-0.88.4-0.1.20060mdk.i586.rpm 0a9fb0940a123a7347920c22a9453282 2006.0/RPMS/libclamav1-0.88.4-0.1.20060mdk.i586.rpm 89af9807ff0787621c51c0a6cf2545a0 2006.0/RPMS/libclamav1-devel-0.88.4-0.1.20060mdk.i586.rpm 034456a7e7e5c583403c69b06fb2b7c0 2006.0/SRPMS/clamav-0.88.4-0.1.20060mdk.src.rpm
Mandriva Linux 2006/X86_64
8fc81c2d735a98c48c84abc4654c947e x86_64/2006.0/RPMS/clamav-0.88.4-0.1.20060mdk.x86_64.rpm 0b306fe32d6e833e1ac45bd485fa2e93 x86_64/2006.0/RPMS/clamav-db-0.88.4-0.1.20060mdk.x86_64.rpm fba26b042f08e0edbea94f26e3b0093e x86_64/2006.0/RPMS/clamav-milter-0.88.4-0.1.20060mdk.x86_64.rpm 50fc585d63d14daceeec889d52f4e1e1 x86_64/2006.0/RPMS/clamd-0.88.4-0.1.20060mdk.x86_64.rpm cf9e501d41c3951c158647aeb28a018f x86_64/2006.0/RPMS/lib64clamav1-0.88.4-0.1.20060mdk.x86_64.rpm 9734f7d218bf446ac403584198d035bd x86_64/2006.0/RPMS/lib64clamav1-devel-0.88.4-0.1.20060mdk.x86_64.rpm 034456a7e7e5c583403c69b06fb2b7c0 x86_64/2006.0/SRPMS/clamav-0.88.4-0.1.20060mdk.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4018
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.