Nom du paquet
clamav
Date
2007-02-19
Advisory ID
MDKSA-2007:043
Affected versions
CS4.0 x86_64 , 2006.0 i586 , 2007.0 x86_64 , 2007.0 i586 , CS3.0 x86_64 , CS4.0 i586 , CS3.0 i586 , 2006.0 x86_64

Problem description

Clam AntiVirus ClamAV before 0.90 does not close open file descriptors
under certain conditions, which allows remote attackers to cause a
denial of service (file descriptor consumption and failed scans) via
CAB archives with a cabinet header record length of zero, which causes
a function to return without closing a file descriptor. (CVE-2007-0897)

Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV
before 0.90 allows remote attackers to overwrite arbitrary files via a
.. (dot dot) in the id MIME header parameter in a multi-part message.
(CVE-2007-0898)

The update to 0.90 addresses these issues.

Updated packages

CS4.0 x86_64

 76a2be1b4cf681342a3d5993f330e189  corporate/4.0/x86_64/clamav-0.90-0.1.20060mlcs4.x86_64.rpm
 5e17ee07795168e109e6956ef98348d3  corporate/4.0/x86_64/clamav-db-0.90-0.1.20060mlcs4.x86_64.rpm
 6d361ea87425a4b297e6245eee216a30  corporate/4.0/x86_64/clamav-milter-0.90-0.1.20060mlcs4.x86_64.rpm
 a0ee52c4f866b104bc89a337ae4a5fb4  corporate/4.0/x86_64/clamd-0.90-0.1.20060mlcs4.x86_64.rpm
 5f81def8296e37bc2a9a1aa818431362  corporate/4.0/x86_64/lib64clamav1-0.90-0.1.20060mlcs4.x86_64.rpm
 580883088be552b2c9eea7634e16622f  corporate/4.0/x86_64/lib64clamav1-devel-0.90-0.1.20060mlcs4.x86_64.rpm 
 772099a75eb5a6ee2949af173b9e1b51  corporate/4.0/SRPMS/clamav-0.90-0.1.20060mlcs4.src.rpm

2006.0 i586

 d478e8184aac28373be2bd287cbeae73  2006.0/i586/clamav-0.90-0.1.20060mdk.i586.rpm
 fd08410e04bfac99c4ebb3423f8a212f  2006.0/i586/clamav-db-0.90-0.1.20060mdk.i586.rpm
 26e74832cb99e2284f06debabea7a163  2006.0/i586/clamav-milter-0.90-0.1.20060mdk.i586.rpm
 49c12cdd69b9ff06f2c3f382ef9424f5  2006.0/i586/clamd-0.90-0.1.20060mdk.i586.rpm
 e8671b979de6801bf6a9f88f2f514aa3  2006.0/i586/libclamav1-0.90-0.1.20060mdk.i586.rpm
 484447c8ce4d5d0a38940df71ac181fc  2006.0/i586/libclamav1-devel-0.90-0.1.20060mdk.i586.rpm 
 73b2ff74a1eab49ecc30e8f4fb247bf2  2006.0/SRPMS/clamav-0.90-0.1.20060mdk.src.rpm

2007.0 x86_64

 833fa03ec7207b9908c0b3fca554dd49  2007.0/x86_64/clamav-0.90-1.1mdv2007.0.x86_64.rpm
 29909e2d73531f75750c02c025f91dcb  2007.0/x86_64/clamav-db-0.90-1.1mdv2007.0.x86_64.rpm
 2527cf8b432dc7b5ad6ba3fd427724bd  2007.0/x86_64/clamav-milter-0.90-1.1mdv2007.0.x86_64.rpm
 fc2b6a8a934e88d93debdd644f4eefef  2007.0/x86_64/clamd-0.90-1.1mdv2007.0.x86_64.rpm
 ee89752f5b5875e5ac5afd7ad4293b32  2007.0/x86_64/lib64clamav1-0.90-1.1mdv2007.0.x86_64.rpm
 81d17f067619437526190b953e0c5206  2007.0/x86_64/lib64clamav1-devel-0.90-1.1mdv2007.0.x86_64.rpm 
 e14099005151cb6cd06527348ea9f5f2  2007.0/SRPMS/clamav-0.90-1.1mdv2007.0.src.rpm

2007.0 i586

 05b57b655873d037cd93ecef3f439e4a  2007.0/i586/clamav-0.90-1.1mdv2007.0.i586.rpm
 4c894ca77de3bb764bf001df5fe456d0  2007.0/i586/clamav-db-0.90-1.1mdv2007.0.i586.rpm
 a79763ed46f52df012cda91ae15c24bc  2007.0/i586/clamav-milter-0.90-1.1mdv2007.0.i586.rpm
 ac617c55ee7fc187bb763b4f422b45f4  2007.0/i586/clamd-0.90-1.1mdv2007.0.i586.rpm
 1f560e10b9f5263a406b5682f8df20b3  2007.0/i586/libclamav1-0.90-1.1mdv2007.0.i586.rpm
 83492cb6e36b01f82c3772270af81d71  2007.0/i586/libclamav1-devel-0.90-1.1mdv2007.0.i586.rpm 
 e14099005151cb6cd06527348ea9f5f2  2007.0/SRPMS/clamav-0.90-1.1mdv2007.0.src.rpm

CS3.0 x86_64

 2800e661cd096538f393c8eed9cbe6e2  corporate/3.0/x86_64/clamav-0.90-0.1.C30mdk.x86_64.rpm
 dfe0fc52a7f9efc5fd2be2e525996414  corporate/3.0/x86_64/clamav-db-0.90-0.1.C30mdk.x86_64.rpm
 591678a80c4d873b9dbd3045f4b837cb  corporate/3.0/x86_64/clamav-milter-0.90-0.1.C30mdk.x86_64.rpm
 59e310e76b51ce87e9c3d2eba11b41f8  corporate/3.0/x86_64/clamd-0.90-0.1.C30mdk.x86_64.rpm
 954ba4e79a8e259583c236d1e8922559  corporate/3.0/x86_64/lib64clamav1-0.90-0.1.C30mdk.x86_64.rpm
 cc685b342368205402fd7e33dbb8ed0c  corporate/3.0/x86_64/lib64clamav1-devel-0.90-0.1.C30mdk.x86_64.rpm 
 b19bb5df0c8520ddfa501beac3b12381  corporate/3.0/SRPMS/clamav-0.90-0.1.C30mdk.src.rpm

CS4.0 i586

 e50bb43342dd1406dbf6066827e898fb  corporate/4.0/i586/clamav-0.90-0.1.20060mlcs4.i586.rpm
 b0c3b10edb2e890a713598f565a13555  corporate/4.0/i586/clamav-db-0.90-0.1.20060mlcs4.i586.rpm
 b54c220f936aac40dff2a784637884d9  corporate/4.0/i586/clamav-milter-0.90-0.1.20060mlcs4.i586.rpm
 e5c2f70f08edd228c352aa4349a43582  corporate/4.0/i586/clamd-0.90-0.1.20060mlcs4.i586.rpm
 1aa94968f937436a168d9b33c3046fcc  corporate/4.0/i586/libclamav1-0.90-0.1.20060mlcs4.i586.rpm
 5c9a6917fc3b83c7a96d24532df37351  corporate/4.0/i586/libclamav1-devel-0.90-0.1.20060mlcs4.i586.rpm 
 772099a75eb5a6ee2949af173b9e1b51  corporate/4.0/SRPMS/clamav-0.90-0.1.20060mlcs4.src.rpm

CS3.0 i586

 ad2dff0bec17856884d0ccecc18df652  corporate/3.0/i586/clamav-0.90-0.1.C30mdk.i586.rpm
 cb9cca92b34fb2e6e5709f4d9b3de0ad  corporate/3.0/i586/clamav-db-0.90-0.1.C30mdk.i586.rpm
 c8b968b8629b8d422c5aeef49da5fab2  corporate/3.0/i586/clamav-milter-0.90-0.1.C30mdk.i586.rpm
 a10a5abcea78a66e11b8e2e8dfb8fa04  corporate/3.0/i586/clamd-0.90-0.1.C30mdk.i586.rpm
 0b1cd6e53f293f2d143fa0e79fd4cc8b  corporate/3.0/i586/libclamav1-0.90-0.1.C30mdk.i586.rpm
 232b55ab3ffc888aca0d2a1915a8b106  corporate/3.0/i586/libclamav1-devel-0.90-0.1.C30mdk.i586.rpm 
 b19bb5df0c8520ddfa501beac3b12381  corporate/3.0/SRPMS/clamav-0.90-0.1.C30mdk.src.rpm

2006.0 x86_64

 d0358166c006dc52593c58a00335ede6  2006.0/x86_64/clamav-0.90-0.1.20060mdk.x86_64.rpm
 b7b96b59800f61f9772c8ff5d2c1e174  2006.0/x86_64/clamav-db-0.90-0.1.20060mdk.x86_64.rpm
 c0c59ceed196d27d9f6cf957197c82c5  2006.0/x86_64/clamav-milter-0.90-0.1.20060mdk.x86_64.rpm
 212ca37f1506c9283a7a47a94b05761c  2006.0/x86_64/clamd-0.90-0.1.20060mdk.x86_64.rpm
 0e807be53a70992133fffcace4ecaba9  2006.0/x86_64/lib64clamav1-0.90-0.1.20060mdk.x86_64.rpm
 ebd04ff90f10621837c1fcddb357293c  2006.0/x86_64/lib64clamav1-devel-0.90-0.1.20060mdk.x86_64.rpm 
 73b2ff74a1eab49ecc30e8f4fb247bf2  2006.0/SRPMS/clamav-0.90-0.1.20060mdk.src.rpm

References