Nom du paquet
clamav
Date
2009-04-24
Advisory ID
MDVSA-2009:097
Affected versions
2009.0 x86_64 , CS4.0 x86_64 , 2009.0 i586 , CS3.0 x86_64 , CS4.0 i586 , CS3.0 i586 , 2008.1 x86_64 , 2008.1 i586

Problem description

Multiple vulnerabilities has been found and corrected in clamav:

Unspecified vulnerability in ClamAV before 0.95 allows remote
attackers to bypass detection of malware via a modified RAR archive
(CVE-2009-1241).

libclamav/pe.c in ClamAV before 0.95 allows remote attackers to cause
a denial of service (crash) via a crafted EXE file that triggers a
divide-by-zero error (CVE-2008-6680).

libclamav/untar.c in ClamAV before 0.95 allows remote attackers to
cause a denial of service (infinite loop) via a crafted file that
causes (1) clamd and (2) clamscan to hang (CVE-2009-1270).

The CLI_ISCONTAINED macro in libclamav/others.h in ClamAV before 0.95.1
allows remote attackers to cause a denial of service (application
crash) via a malformed file with UPack encoding (CVE-2009-1371).

Stack-based buffer overflow in the cli_url_canon function in
libclamav/phishcheck.c in ClamAV before 0.95.1 allows remote attackers
to cause a denial of service (application crash) and possibly execute
arbitrary code via a crafted URL (CVE-2009-1372).

Important notice about this upgrade: clamav-0.95+ bundles support
for RAR v3 in libclamav which is a license violation as the RAR v3
license and the GPL license is not compatible. As a consequence to
this Mandriva has been forced to remove the RAR v3 code.

This update provides clamav 0.95.1, which is not vulnerable to
these issues.

Updated packages

2009.0 x86_64

 f5460c948001225a9d19f3724ed3b38d  2009.0/x86_64/clamav-0.95.1-2.1mdv2009.0.x86_64.rpm
 8d7797121ab856e3ece928b8b8055388  2009.0/x86_64/clamav-db-0.95.1-2.1mdv2009.0.x86_64.rpm
 938cf6cd118d87f8b557de20d234f822  2009.0/x86_64/clamav-milter-0.95.1-2.1mdv2009.0.x86_64.rpm
 641ca4e769bb8ed672a39ca4fc6012ab  2009.0/x86_64/clamd-0.95.1-2.1mdv2009.0.x86_64.rpm
 d9ceb8022fe109b1d78517fca55a0f5a  2009.0/x86_64/lib64clamav6-0.95.1-2.1mdv2009.0.x86_64.rpm
 d593fa36c147eb6e6aaacf8e53410e54  2009.0/x86_64/lib64clamav-devel-0.95.1-2.1mdv2009.0.x86_64.rpm 
 6e3d1e7f25b2c2c66fe5b6e6ad63e4fd  2009.0/SRPMS/clamav-0.95.1-2.1mdv2009.0.src.rpm

CS4.0 x86_64

 aa317fef6d868d99b2ce22c0334ea059  corporate/4.0/x86_64/clamav-0.95.1-1.1.20060mlcs4.x86_64.rpm
 17f64c31b8fc2a73db2680f9b8056c0d  corporate/4.0/x86_64/clamav-db-0.95.1-1.1.20060mlcs4.x86_64.rpm
 1cf5fe4bb11ce1940d4f95efb642e203  corporate/4.0/x86_64/clamav-milter-0.95.1-1.1.20060mlcs4.x86_64.rpm
 ab4106cf7bfa8b5407dfe0fb784e48d3  corporate/4.0/x86_64/clamd-0.95.1-1.1.20060mlcs4.x86_64.rpm
 600e3d90e14a4e5b37d6bae04fe0fbe3  corporate/4.0/x86_64/lib64clamav6-0.95.1-1.1.20060mlcs4.x86_64.rpm
 e494d19586e60e9a0d114d960301cdf3  corporate/4.0/x86_64/lib64clamav-devel-0.95.1-1.1.20060mlcs4.x86_64.rpm 
 92ceb46391b875526b3537f34703c51b  corporate/4.0/SRPMS/clamav-0.95.1-1.1.20060mlcs4.src.rpm

2009.0 i586

 d5f17009981b1f8e8acbb9fabb291a5e  2009.0/i586/clamav-0.95.1-2.1mdv2009.0.i586.rpm
 74d4e82cb85e9a0756448f3d47a7df54  2009.0/i586/clamav-db-0.95.1-2.1mdv2009.0.i586.rpm
 6e6a88618d26e6d2b933661a7199ed7c  2009.0/i586/clamav-milter-0.95.1-2.1mdv2009.0.i586.rpm
 6457fce7ff4ac1004bb73b1ce0fb465d  2009.0/i586/clamd-0.95.1-2.1mdv2009.0.i586.rpm
 e02d098cce4fb905ff0772fa03ebdc40  2009.0/i586/libclamav6-0.95.1-2.1mdv2009.0.i586.rpm
 66341a133ab8083a5e45a8374a98c9a7  2009.0/i586/libclamav-devel-0.95.1-2.1mdv2009.0.i586.rpm 
 6e3d1e7f25b2c2c66fe5b6e6ad63e4fd  2009.0/SRPMS/clamav-0.95.1-2.1mdv2009.0.src.rpm

CS3.0 x86_64

 61d86f3e8e8ded06a756a79443c89754  corporate/3.0/x86_64/clamav-0.95.1-1.1.C30mdk.x86_64.rpm
 9ade30f84acccb03e66fc41093d3fa34  corporate/3.0/x86_64/clamav-db-0.95.1-1.1.C30mdk.x86_64.rpm
 9915774317c81d7cafaa551649de18f6  corporate/3.0/x86_64/clamd-0.95.1-1.1.C30mdk.x86_64.rpm
 ca3929b1611b97147dbba539ba927072  corporate/3.0/x86_64/lib64clamav6-0.95.1-1.1.C30mdk.x86_64.rpm
 079134b649c3b867e8df0fe2abdaa9a8  corporate/3.0/x86_64/lib64clamav-devel-0.95.1-1.1.C30mdk.x86_64.rpm 
 5fe4ff2006ad37aa310cdc962448a949  corporate/3.0/SRPMS/clamav-0.95.1-1.1.C30mdk.src.rpm

CS4.0 i586

 8a3d40f2eb11de32d4f812719205588f  corporate/4.0/i586/clamav-0.95.1-1.1.20060mlcs4.i586.rpm
 f19380a3503527a5fb14687f1712a7f1  corporate/4.0/i586/clamav-db-0.95.1-1.1.20060mlcs4.i586.rpm
 211b72834f384601e22987a4942dc445  corporate/4.0/i586/clamav-milter-0.95.1-1.1.20060mlcs4.i586.rpm
 a1198afbb6c424b05d2cfc521ef84804  corporate/4.0/i586/clamd-0.95.1-1.1.20060mlcs4.i586.rpm
 04bb78c1b13402e8af8edb2fa3e4c84f  corporate/4.0/i586/libclamav6-0.95.1-1.1.20060mlcs4.i586.rpm
 5bc0075e65496951761da1f37a30b431  corporate/4.0/i586/libclamav-devel-0.95.1-1.1.20060mlcs4.i586.rpm 
 92ceb46391b875526b3537f34703c51b  corporate/4.0/SRPMS/clamav-0.95.1-1.1.20060mlcs4.src.rpm

CS3.0 i586

 b7b6503c5444421f1cd861d97a9c5386  corporate/3.0/i586/clamav-0.95.1-1.1.C30mdk.i586.rpm
 ba931d2fc084fe6c381a82f68d1dfa6e  corporate/3.0/i586/clamav-db-0.95.1-1.1.C30mdk.i586.rpm
 0dc532b543787ba3c314767af94122d2  corporate/3.0/i586/clamd-0.95.1-1.1.C30mdk.i586.rpm
 faf6229623ba8bb4107fe97499af7c54  corporate/3.0/i586/libclamav6-0.95.1-1.1.C30mdk.i586.rpm
 7a593851920975bfeedfd140721fc051  corporate/3.0/i586/libclamav-devel-0.95.1-1.1.C30mdk.i586.rpm 
 5fe4ff2006ad37aa310cdc962448a949  corporate/3.0/SRPMS/clamav-0.95.1-1.1.C30mdk.src.rpm

2008.1 x86_64

 fd7a2b0c2c41f75489506b403a8ba722  2008.1/x86_64/clamav-0.95.1-2.1mdv2008.1.x86_64.rpm
 1ee04e95195b48185dc31d1bb4a8f338  2008.1/x86_64/clamav-db-0.95.1-2.1mdv2008.1.x86_64.rpm
 6e051b306f9d632702385ec4cd48357c  2008.1/x86_64/clamav-milter-0.95.1-2.1mdv2008.1.x86_64.rpm
 8fd9e0314018de597119d17f150d93bf  2008.1/x86_64/clamd-0.95.1-2.1mdv2008.1.x86_64.rpm
 bfb0d0a6a21bfc98fa0d206c622cb2ad  2008.1/x86_64/lib64clamav6-0.95.1-2.1mdv2008.1.x86_64.rpm
 9cc53a243b850c16a07db35072ecb7f8  2008.1/x86_64/lib64clamav-devel-0.95.1-2.1mdv2008.1.x86_64.rpm 
 a4f6214533bb9ef273ff707e59254d28  2008.1/SRPMS/clamav-0.95.1-2.1mdv2008.1.src.rpm

2008.1 i586

 b25be221f0404db50a3d4a5a67c3ab1a  2008.1/i586/clamav-0.95.1-2.1mdv2008.1.i586.rpm
 1aa362d1e857f27989e41284611f4773  2008.1/i586/clamav-db-0.95.1-2.1mdv2008.1.i586.rpm
 a25b0a792d0f4a8a611d2cda7ffdb475  2008.1/i586/clamav-milter-0.95.1-2.1mdv2008.1.i586.rpm
 1ede494dfd7ceb6a3d27108e5a2b01ff  2008.1/i586/clamd-0.95.1-2.1mdv2008.1.i586.rpm
 7e98ebece7df4167ffbd7e1bee83fc9c  2008.1/i586/libclamav6-0.95.1-2.1mdv2008.1.i586.rpm
 235c1379ab830ebeb378b9aa3ae46ef4  2008.1/i586/libclamav-devel-0.95.1-2.1mdv2008.1.i586.rpm 
 a4f6214533bb9ef273ff707e59254d28  2008.1/SRPMS/clamav-0.95.1-2.1mdv2008.1.src.rpm

References