MDVSA-2010:082-1

Package name

clamav

Date

2010-05-20

Advisory ID

MDVSA-2010:082-1

Affected versions

2009.0 x86_64 , 2009.0 i586

Problem description

Multiple vulnerabilities has been found and corrected in clamav:

ClamAV before 0.96 does not properly handle the (1) CAB and (2) 7z file
formats, which allows remote attackers to bypass virus detection via
a crafted archive that is compatible with standard archive utilities
(CVE-2010-0098).

The qtm_decompress function in libclamav/mspack.c in ClamAV before
0.96 allows remote attackers to cause a denial of service (memory
corruption and application crash) via a crafted CAB archive that uses
the Quantum (aka .Q) compression format. NOTE: some of these details
are obtained from third party information (CVE-2010-1311).

This update provides clamav 0.96, which is not vulnerable to these
issues.

Update:

Packages for 2009.0 are provided due to the Extended Maintenance
Program.

Updated packages

2009.0 x86_64

 e2f407f26502f7ccd21968aa9b4f6a36  2009.0/x86_64/clamav-0.96-0.1mdv2009.0.x86_64.rpm
 37a81ac854348cb326a9d079654130ec  2009.0/x86_64/clamav-db-0.96-0.1mdv2009.0.x86_64.rpm
 9c6ed0a8019ea9c8b48dc2b73566a4e4  2009.0/x86_64/clamav-milter-0.96-0.1mdv2009.0.x86_64.rpm
 94e53fc62e5636965fb42a5964966b6c  2009.0/x86_64/clamd-0.96-0.1mdv2009.0.x86_64.rpm
 f3c9d760c623e2713ffb07b29d2d1474  2009.0/x86_64/lib64clamav6-0.96-0.1mdv2009.0.x86_64.rpm
 a30754b6315274b7ee8536312950ba2a  2009.0/x86_64/lib64clamav-devel-0.96-0.1mdv2009.0.x86_64.rpm 
 72dccb903ebd1b09db844f8e5a75a8a2  2009.0/SRPMS/clamav-0.96-0.1mdv2009.0.src.rpm

2009.0 i586

 a548c8f4cf47f691f9b5b997ad76487a  2009.0/i586/clamav-0.96-0.1mdv2009.0.i586.rpm
 8044c43d2496d16e13a80da34d604ea1  2009.0/i586/clamav-db-0.96-0.1mdv2009.0.i586.rpm
 36891e225982d0f5642bec992799a0ad  2009.0/i586/clamav-milter-0.96-0.1mdv2009.0.i586.rpm
 dfedaf40bc94b20628d61226eefd6854  2009.0/i586/clamd-0.96-0.1mdv2009.0.i586.rpm
 731d2fbfc45ff8caa4d439ca1940fa09  2009.0/i586/libclamav6-0.96-0.1mdv2009.0.i586.rpm
 0ed16a2464b523f584ff58894f364c09  2009.0/i586/libclamav-devel-0.96-0.1mdv2009.0.i586.rpm 
 72dccb903ebd1b09db844f8e5a75a8a2  2009.0/SRPMS/clamav-0.96-0.1mdv2009.0.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1311
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0098