MDVSA-2010:249

Nom du paquet

clamav

Date

2010-12-07

Advisory ID

MDVSA-2010:249

Affected versions

2009.0 x86_64 , MES5 i586 , 2009.0 i586 , CS4.0 i586 , CS4.0 x86_64 , MES5 x86_64

Problem description

Multiple vulnerabilities were discovered and corrected in clamav:

Multiple unspecified vulnerabilities in pdf.c in libclamav in ClamAV
before 0.96.5 allow remote attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via a crafted
PDF document (CVE-2010-4260, (CVE-2010-4479).

Off-by-one error in the icon_cb function in pe_icons.c in libclamav
in ClamAV before 0.96.5 allows remote attackers to cause a denial of
service (memory corruption and application crash) or possibly execute
arbitrary code via unspecified vectors. NOTE: some of these details
are obtained from third party information (CVE-2010-4261).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated clamav packages have been upgraded to the 0.96.5 version
that is not vulnerable to these issues.

Updated packages

2009.0 x86_64

 2b84bb3db11ae2b7bfc6fe48a2e07ef7  2009.0/x86_64/clamav-0.96.5-0.1mdv2009.0.x86_64.rpm
 8cdd574ed24d552aef5e4d3772963fab  2009.0/x86_64/clamav-db-0.96.5-0.1mdv2009.0.x86_64.rpm
 802114d391b05e7c87ab19e2178ca324  2009.0/x86_64/clamav-milter-0.96.5-0.1mdv2009.0.x86_64.rpm
 04d1665b37a93391ca619930440065b7  2009.0/x86_64/clamd-0.96.5-0.1mdv2009.0.x86_64.rpm
 318b41bcab46e00e28bb627090a1ba0f  2009.0/x86_64/lib64clamav6-0.96.5-0.1mdv2009.0.x86_64.rpm
 7e768e6a84594437e2aa901e1e032c89  2009.0/x86_64/lib64clamav-devel-0.96.5-0.1mdv2009.0.x86_64.rpm 
 ecd257622ed55d4990e042c6dd381c42  2009.0/SRPMS/clamav-0.96.5-0.1mdv2009.0.src.rpm

MES5 i586

 7dbe85e2b4070fa055a58165dd5e2da1  mes5/i586/clamav-0.96.5-0.1mdvmes5.1.i586.rpm
 07c0b919ab8bb87e79d285f5afa7184a  mes5/i586/clamav-db-0.96.5-0.1mdvmes5.1.i586.rpm
 adb539f66833633598f4d421c203d265  mes5/i586/clamav-milter-0.96.5-0.1mdvmes5.1.i586.rpm
 f2170ba7bb9d2c23521b4b30dca179d8  mes5/i586/clamd-0.96.5-0.1mdvmes5.1.i586.rpm
 6f0bb2908d770bebe256c4f2a49c4ece  mes5/i586/libclamav6-0.96.5-0.1mdvmes5.1.i586.rpm
 ebc71b9b46a18ce96e17e8982437adca  mes5/i586/libclamav-devel-0.96.5-0.1mdvmes5.1.i586.rpm 
 98af84f0b4f58262ff09c04d21218b92  mes5/SRPMS/clamav-0.96.5-0.1mdvmes5.1.src.rpm

2009.0 i586

 9ead4a15ce0b94209cd072fdc0210d7c  2009.0/i586/clamav-0.96.5-0.1mdv2009.0.i586.rpm
 f07c8219761b696e26282fa852fbe4ad  2009.0/i586/clamav-db-0.96.5-0.1mdv2009.0.i586.rpm
 5f3592e1ef8bc479e8791fbf6ed1c5b1  2009.0/i586/clamav-milter-0.96.5-0.1mdv2009.0.i586.rpm
 f94e7fff4f175c49da1d74a09074cc05  2009.0/i586/clamd-0.96.5-0.1mdv2009.0.i586.rpm
 954bc02f355d263f29a12c450d4b057b  2009.0/i586/libclamav6-0.96.5-0.1mdv2009.0.i586.rpm
 82e3c8b870a847b62a889effcf0df5ee  2009.0/i586/libclamav-devel-0.96.5-0.1mdv2009.0.i586.rpm 
 ecd257622ed55d4990e042c6dd381c42  2009.0/SRPMS/clamav-0.96.5-0.1mdv2009.0.src.rpm

CS4.0 i586

 f5a8398d84556589b37c7d4b83719526  corporate/4.0/i586/clamav-0.96.5-0.1.20060mlcs4.i586.rpm
 2dff852878c15339603b8d90c90d02c9  corporate/4.0/i586/clamav-db-0.96.5-0.1.20060mlcs4.i586.rpm
 5223406ce119a25634e7a8b9883f5c1d  corporate/4.0/i586/clamav-milter-0.96.5-0.1.20060mlcs4.i586.rpm
 9a05c1072414eaa6be27d4cb49c67c38  corporate/4.0/i586/clamd-0.96.5-0.1.20060mlcs4.i586.rpm
 2b7b4887e66b5228d70174c7871e0557  corporate/4.0/i586/libclamav6-0.96.5-0.1.20060mlcs4.i586.rpm
 fe0f1b51afd4950f5ecd118f8d780990  corporate/4.0/i586/libclamav-devel-0.96.5-0.1.20060mlcs4.i586.rpm 
 ee9b7ce35ad83dfec3b7ee4b68b1bafc  corporate/4.0/SRPMS/clamav-0.96.5-0.1.20060mlcs4.src.rpm

CS4.0 x86_64

 00f581cf11a21be74865a9884a1f85e0  corporate/4.0/x86_64/clamav-0.96.5-0.1.20060mlcs4.x86_64.rpm
 416f4b1f73a168aeac08ee2ec1b86ee2  corporate/4.0/x86_64/clamav-db-0.96.5-0.1.20060mlcs4.x86_64.rpm
 6e1939794dbb2d24762323a524d8ef5a  corporate/4.0/x86_64/clamav-milter-0.96.5-0.1.20060mlcs4.x86_64.rpm
 df4a0f11d30599bd76978650d31bd50c  corporate/4.0/x86_64/clamd-0.96.5-0.1.20060mlcs4.x86_64.rpm
 e1f72491d2f168aec358f0c9779dded4  corporate/4.0/x86_64/lib64clamav6-0.96.5-0.1.20060mlcs4.x86_64.rpm
 db4feea7479714e0ed63df6ece12ffa2  corporate/4.0/x86_64/lib64clamav-devel-0.96.5-0.1.20060mlcs4.x86_64.rpm 
 ee9b7ce35ad83dfec3b7ee4b68b1bafc  corporate/4.0/SRPMS/clamav-0.96.5-0.1.20060mlcs4.src.rpm

MES5 x86_64

 ddeaeacc6e3f22013125eeb5559e894d  mes5/x86_64/clamav-0.96.5-0.1mdvmes5.1.x86_64.rpm
 256e12003889fdb0489024bccfd84710  mes5/x86_64/clamav-db-0.96.5-0.1mdvmes5.1.x86_64.rpm
 4b60cc0711c3a6d493088734cc161879  mes5/x86_64/clamav-milter-0.96.5-0.1mdvmes5.1.x86_64.rpm
 a41f5bdce028d9e97e1f9eeeb4416c86  mes5/x86_64/clamd-0.96.5-0.1mdvmes5.1.x86_64.rpm
 6555d6c1a3d61d39c901978732068116  mes5/x86_64/lib64clamav6-0.96.5-0.1mdvmes5.1.x86_64.rpm
 61205db186f2bcd90ab37f1ba151b465  mes5/x86_64/lib64clamav-devel-0.96.5-0.1mdvmes5.1.x86_64.rpm 
 98af84f0b4f58262ff09c04d21218b92  mes5/SRPMS/clamav-0.96.5-0.1mdvmes5.1.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4479
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4261
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4260