MDKSA-2005:205

Package name

clamav

Date

2005-11-07

Advisory ID

MDKSA-2005:205

Affected versions

2006.0 i586 , 10.2 i586 , 10.1 i586 , CS3.0 x86_64 , CS3.0 i586 , 10.2 x86_64 , 2006.0 x86_64 , 10.1 x86_64

Problem description

A number of vulnerabilities were discovered in ClamAV versions prior
to 0.87.1:

The OLE2 unpacker in clamd allows remote attackers to cause a DoS
(segfault) via a DOC file with an invalid property tree (CVE-2005-3239)

The FSG unpacker allows remote attackers to cause "memory corruption"
and execute arbitrary code via a crafted FSG 1.33 file (CVE-2005-3303)

The tnef_attachment() function allows remote attackers to cause a DoS
(infinite loop and memory exhaustion) via a crafted value in a CAB file
that causes ClamAV to repeatedly scan the same block (CVE-2005-3500)

Remote attackers could cause a DoS (infinite loop) via a crafted CAB
file (CVE-2005-3501)

An improper bounds check in petite.c could allow attackers to perform
unknown attacks via unknown vectors (CVE-2005-3587)

This update provides ClamAV 0.87.1 which corrects all of these issues.

Updated packages

2006.0 i586

 64044555942d783f59191af6bb051fe6  2006.0/RPMS/clamav-0.87.1-0.1.20060mdk.i586.rpm
 3b090dc5a8a700c8dd58478201041384  2006.0/RPMS/clamav-db-0.87.1-0.1.20060mdk.i586.rpm
 cffbc77a4bd7fec42d4807863d7b74f0  2006.0/RPMS/clamav-milter-0.87.1-0.1.20060mdk.i586.rpm
 74bfb1f658a39d3989e14879467f3f22  2006.0/RPMS/clamd-0.87.1-0.1.20060mdk.i586.rpm
 9ee1b202bc72d72d2ec743a96bb6cffa  2006.0/RPMS/libclamav1-0.87.1-0.1.20060mdk.i586.rpm
 3c292c33d6386278dec59b4ea79a595b  2006.0/RPMS/libclamav1-devel-0.87.1-0.1.20060mdk.i586.rpm
 6df60c1704c68f55c4340ef390031a45  2006.0/SRPMS/clamav-0.87.1-0.1.20060mdk.src.rpm

10.2 i586

 3da7284615847be748e0ee755ab56963  10.2/RPMS/clamav-0.87.1-0.1.102mdk.i586.rpm
 cbe42a738a4008a559c56e51b9a6fe47  10.2/RPMS/clamav-db-0.87.1-0.1.102mdk.i586.rpm
 1778a62fe729d77234ef1c1bde7f3cd0  10.2/RPMS/clamav-milter-0.87.1-0.1.102mdk.i586.rpm
 ae2d916c80f50f5386bd70e06c0b2fd2  10.2/RPMS/clamd-0.87.1-0.1.102mdk.i586.rpm
 d08c87436e20faf977f1ad059bc233b4  10.2/RPMS/libclamav1-0.87.1-0.1.102mdk.i586.rpm
 74ee8b845b1c7a41ccdbf1c1e04591a5  10.2/RPMS/libclamav1-devel-0.87.1-0.1.102mdk.i586.rpm
 dd72cdbb564bf27c8f745b198cdbc99f  10.2/SRPMS/clamav-0.87.1-0.1.102mdk.src.rpm

10.1 i586

 2c8a8799bda10e6695bc2ee6d1f76936  10.1/RPMS/clamav-0.87.1-0.1.101mdk.i586.rpm
 6e31a793ae79cb40064c52fe64c11155  10.1/RPMS/clamav-db-0.87.1-0.1.101mdk.i586.rpm
 e58b5816114176f8c4ff7984e5a8295e  10.1/RPMS/clamav-milter-0.87.1-0.1.101mdk.i586.rpm
 d1604de5950ed1060c327cea79060546  10.1/RPMS/clamd-0.87.1-0.1.101mdk.i586.rpm
 ca64314db8e86e57ba76c1c569058122  10.1/RPMS/libclamav1-0.87.1-0.1.101mdk.i586.rpm
 c99ffb5b095e8e83acd218b679435c03  10.1/RPMS/libclamav1-devel-0.87.1-0.1.101mdk.i586.rpm
 ecddf8805cbae3e8f52719d97af50290  10.1/SRPMS/clamav-0.87.1-0.1.101mdk.src.rpm

CS3.0 x86_64

 5d6e4bf645c047e7336b2a6d9bbf400a  x86_64/corporate/3.0/RPMS/clamav-0.87.1-0.1.C30mdk.x86_64.rpm
 48c8a2961fa704d6953ea5889f105921  x86_64/corporate/3.0/RPMS/clamav-db-0.87.1-0.1.C30mdk.x86_64.rpm
 da4c207e3c56196d847570bb29e1832b  x86_64/corporate/3.0/RPMS/clamav-milter-0.87.1-0.1.C30mdk.x86_64.rpm
 b75e29b3640c7751dd33deb67738d111  x86_64/corporate/3.0/RPMS/clamd-0.87.1-0.1.C30mdk.x86_64.rpm
 a792a67e4ee111a62bfbadc509c3a9e4  x86_64/corporate/3.0/RPMS/lib64clamav1-0.87.1-0.1.C30mdk.x86_64.rpm
 8d332c974aa7c208de3c1eb506f57f46  x86_64/corporate/3.0/RPMS/lib64clamav1-devel-0.87.1-0.1.C30mdk.x86_64.rpm
 0645c9be8c4e7d4b1ec8afea8f19d394  x86_64/corporate/3.0/SRPMS/clamav-0.87.1-0.1.C30mdk.src.rpm

CS3.0 i586

 050c7d954ed3989ad4147a88249badeb  corporate/3.0/RPMS/clamav-0.87.1-0.1.C30mdk.i586.rpm
 a0d523b33847321b3d4e2bcb4871b1c7  corporate/3.0/RPMS/clamav-db-0.87.1-0.1.C30mdk.i586.rpm
 8aaa9765087b36666aa3278f5a46d78e  corporate/3.0/RPMS/clamav-milter-0.87.1-0.1.C30mdk.i586.rpm
 58c653b2328ee65d7cdf1965db708e07  corporate/3.0/RPMS/clamd-0.87.1-0.1.C30mdk.i586.rpm
 ab6e8b876b55c02e6eba1c81b64992d8  corporate/3.0/RPMS/libclamav1-0.87.1-0.1.C30mdk.i586.rpm
 096b42b70415f52cbce650b0a89760aa  corporate/3.0/RPMS/libclamav1-devel-0.87.1-0.1.C30mdk.i586.rpm
 0645c9be8c4e7d4b1ec8afea8f19d394  corporate/3.0/SRPMS/clamav-0.87.1-0.1.C30mdk.src.rpm

10.2 x86_64

 10de2a9bf399f3a1c93732a9ef664664  x86_64/10.2/RPMS/clamav-0.87.1-0.1.102mdk.x86_64.rpm
 0c87818d634084a023584d1c7146093f  x86_64/10.2/RPMS/clamav-db-0.87.1-0.1.102mdk.x86_64.rpm
 9ed0aaf9bf139c11a6641b073c35aecd  x86_64/10.2/RPMS/clamav-milter-0.87.1-0.1.102mdk.x86_64.rpm
 3c2d858b3fb039c735cb0cc0cb109e92  x86_64/10.2/RPMS/clamd-0.87.1-0.1.102mdk.x86_64.rpm
 6b9d20e975ed97fc68f812189bfb86e8  x86_64/10.2/RPMS/lib64clamav1-0.87.1-0.1.102mdk.x86_64.rpm
 4515067e6c33151d6555ed217914e696  x86_64/10.2/RPMS/lib64clamav1-devel-0.87.1-0.1.102mdk.x86_64.rpm
 dd72cdbb564bf27c8f745b198cdbc99f  x86_64/10.2/SRPMS/clamav-0.87.1-0.1.102mdk.src.rpm

2006.0 x86_64

 180c192924ea9682c6b9038b374b6b03  x86_64/2006.0/RPMS/clamav-0.87.1-0.1.20060mdk.x86_64.rpm
 0c9f263914cda45b4ca018f11f955707  x86_64/2006.0/RPMS/clamav-db-0.87.1-0.1.20060mdk.x86_64.rpm
 1df55cff65a82a0cf8f2aae8382f0887  x86_64/2006.0/RPMS/clamav-milter-0.87.1-0.1.20060mdk.x86_64.rpm
 17355b44d623045954ef63674a1fc0c4  x86_64/2006.0/RPMS/clamd-0.87.1-0.1.20060mdk.x86_64.rpm
 e8540c821cf357e1fe11658479a6f987  x86_64/2006.0/RPMS/lib64clamav1-0.87.1-0.1.20060mdk.x86_64.rpm
 af0724e8ae0a0fe5da725a5ea715a590  x86_64/2006.0/RPMS/lib64clamav1-devel-0.87.1-0.1.20060mdk.x86_64.rpm
 6df60c1704c68f55c4340ef390031a45  x86_64/2006.0/SRPMS/clamav-0.87.1-0.1.20060mdk.src.rpm

10.1 x86_64

 f8df2fa1ec1538d3c691462ece32459e  x86_64/10.1/RPMS/clamav-0.87.1-0.1.101mdk.x86_64.rpm
 c8d3c45be5696671b4e968d923048250  x86_64/10.1/RPMS/clamav-db-0.87.1-0.1.101mdk.x86_64.rpm
 5a1d8f5bf844b9d17fc6daeac3d9980f  x86_64/10.1/RPMS/clamav-milter-0.87.1-0.1.101mdk.x86_64.rpm
 f29cf94d9bf5aed77fed89b62c3a31bd  x86_64/10.1/RPMS/clamd-0.87.1-0.1.101mdk.x86_64.rpm
 af1d5f8be95f46fee78d441a9a9ef1d5  x86_64/10.1/RPMS/lib64clamav1-0.87.1-0.1.101mdk.x86_64.rpm
 f6dd47c525bfda31472aeeb130b44b04  x86_64/10.1/RPMS/lib64clamav1-devel-0.87.1-0.1.101mdk.x86_64.rpm
 ecddf8805cbae3e8f52719d97af50290  x86_64/10.1/SRPMS/clamav-0.87.1-0.1.101mdk.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3501
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3500
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3303
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3239
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3587