Nom du paquet
clamav
Date
2012-06-18
Advisory ID
MDVSA-2012:094
Affected versions
MES5 i586 , MES5 x86_64

Problem description

This is a bugfix release that upgrades clamav to the latest version
(0.97.5) that resolves the following security issues:

The TAR file parser in ClamAV 0.96.4 allows remote attackers to bypass
malware detection via a TAR archive entry with a length field that
exceeds the total TAR file size. NOTE: this may later be SPLIT into
multiple CVEs if additional information is published showing that the
error occurred independently in different TAR parser implementations
(CVE-2012-1457).

The Microsoft CHM file parser in ClamAV 0.96.4 allows remote attackers
to bypass malware detection via a crafted reset interval in the LZXC
header of a CHM file. NOTE: this may later be SPLIT into multiple CVEs
if additional information is published showing that the error occurred
independently in different CHM parser implementations (CVE-2012-1458).

The TAR file parser in ClamAV 0.96.4 allows remote attackers to
bypass malware detection via a TAR archive entry with a length field
corresponding to that entire entry, plus part of the header of the
next entry. NOTE: this may later be SPLIT into multiple CVEs if
additional information is published showing that the error occurred
independently in different TAR parser implementations (CVE-2012-1459).

Updated packages

MES5 i586

 d82d78601290e2f6073974170c81841a  mes5/i586/clamav-0.97.5-0.1mdvmes5.2.i586.rpm
 80f0475472c0217afd3727019bf27e53  mes5/i586/clamav-db-0.97.5-0.1mdvmes5.2.i586.rpm
 c13835eadea8d2af15b628fba3159e8b  mes5/i586/clamav-milter-0.97.5-0.1mdvmes5.2.i586.rpm
 d7c058fae32f1a081b1d4ca31157df0e  mes5/i586/clamd-0.97.5-0.1mdvmes5.2.i586.rpm
 5ad153709c7eb510c2be2e82bfa5ac52  mes5/i586/libclamav6-0.97.5-0.1mdvmes5.2.i586.rpm
 96e3d3f3e9bea802c4109c155c9d1465  mes5/i586/libclamav-devel-0.97.5-0.1mdvmes5.2.i586.rpm 
 203cde43731b63729d1f7f6497033184  mes5/SRPMS/clamav-0.97.5-0.1mdvmes5.2.src.rpm

MES5 x86_64

 b30f5aafd9aaff0a7743fb62f33ccbea  mes5/x86_64/clamav-0.97.5-0.1mdvmes5.2.x86_64.rpm
 1508801239427c0ac72734f52cb4451c  mes5/x86_64/clamav-db-0.97.5-0.1mdvmes5.2.x86_64.rpm
 92b4c5ca6db656801b5b6ae217c6e171  mes5/x86_64/clamav-milter-0.97.5-0.1mdvmes5.2.x86_64.rpm
 94fad12df2cc900309087bbda13c826a  mes5/x86_64/clamd-0.97.5-0.1mdvmes5.2.x86_64.rpm
 8ec166a457d0512479adaaf5f80d487f  mes5/x86_64/lib64clamav6-0.97.5-0.1mdvmes5.2.x86_64.rpm
 19bc2758175bcde28ebf7783d68a9b98  mes5/x86_64/lib64clamav-devel-0.97.5-0.1mdvmes5.2.x86_64.rpm 
 203cde43731b63729d1f7f6497033184  mes5/SRPMS/clamav-0.97.5-0.1mdvmes5.2.src.rpm

References