Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2009.0409 -- [Win][UNIX/Linux] ClamAV: Multiple Vulnerabilities 28 April 2009 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: ClamAV Publisher: Mandriva Operating System: Mandriva Linux UNIX variants (UNIX, Linux, OSX) Windows Impact: Execute Arbitrary Code/Commands Denial of Service Reduced Security Access: Remote/Unauthenticated CVE Names: CVE-2009-1372 CVE-2009-1371 CVE-2009-1270 CVE-2009-1241 CVE-2008-6680 Ref: ESB-2009.0360 ESB-2009.0364 Original Bulletin: http://www.mandriva.com/en/security/advisories?name=MDVSA-2009:097 Comment: This advisory references vulnerabilities in products which run on platforms other than Mandriva. It is recommended that administrators running ClamAV check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:097 http://www.mandriva.com/security/ _______________________________________________________________________ Package : clamav Date : April 24, 2009 Affected: 2008.1, 2009.0, Corporate 3.0, Corporate 4.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been found and corrected in clamav: Unspecified vulnerability in ClamAV before 0.95 allows remote attackers to bypass detection of malware via a modified RAR archive (CVE-2009-1241). libclamav/pe.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (crash) via a crafted EXE file that triggers a divide-by-zero error (CVE-2008-6680). libclamav/untar.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (infinite loop) via a crafted file that causes (1) clamd and (2) clamscan to hang (CVE-2009-1270). The CLI_ISCONTAINED macro in libclamav/others.h in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) via a malformed file with UPack encoding (CVE-2009-1371). Stack-based buffer overflow in the cli_url_canon function in libclamav/phishcheck.c in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted URL (CVE-2009-1372). Important notice about this upgrade: clamav-0.95+ bundles support for RAR v3 in libclamav which is a license violation as the RAR v3 license and the GPL license is not compatible. As a consequence to this Mandriva has been forced to remove the RAR v3 code. This update provides clamav 0.95.1, which is not vulnerable to these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6680 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1241 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1270 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1371 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1372 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.1: b25be221f0404db50a3d4a5a67c3ab1a 2008.1/i586/clamav-0.95.1-2.1mdv2008.1.i586.rpm 1aa362d1e857f27989e41284611f4773 2008.1/i586/clamav-db-0.95.1-2.1mdv2008.1.i586.rpm a25b0a792d0f4a8a611d2cda7ffdb475 2008.1/i586/clamav-milter-0.95.1-2.1mdv2008.1.i586.rpm 1ede494dfd7ceb6a3d27108e5a2b01ff 2008.1/i586/clamd-0.95.1-2.1mdv2008.1.i586.rpm 7e98ebece7df4167ffbd7e1bee83fc9c 2008.1/i586/libclamav6-0.95.1-2.1mdv2008.1.i586.rpm 235c1379ab830ebeb378b9aa3ae46ef4 2008.1/i586/libclamav-devel-0.95.1-2.1mdv2008.1.i586.rpm a4f6214533bb9ef273ff707e59254d28 2008.1/SRPMS/clamav-0.95.1-2.1mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: fd7a2b0c2c41f75489506b403a8ba722 2008.1/x86_64/clamav-0.95.1-2.1mdv2008.1.x86_64.rpm 1ee04e95195b48185dc31d1bb4a8f338 2008.1/x86_64/clamav-db-0.95.1-2.1mdv2008.1.x86_64.rpm 6e051b306f9d632702385ec4cd48357c 2008.1/x86_64/clamav-milter-0.95.1-2.1mdv2008.1.x86_64.rpm 8fd9e0314018de597119d17f150d93bf 2008.1/x86_64/clamd-0.95.1-2.1mdv2008.1.x86_64.rpm bfb0d0a6a21bfc98fa0d206c622cb2ad 2008.1/x86_64/lib64clamav6-0.95.1-2.1mdv2008.1.x86_64.rpm 9cc53a243b850c16a07db35072ecb7f8 2008.1/x86_64/lib64clamav-devel-0.95.1-2.1mdv2008.1.x86_64.rpm a4f6214533bb9ef273ff707e59254d28 2008.1/SRPMS/clamav-0.95.1-2.1mdv2008.1.src.rpm Mandriva Linux 2009.0: d5f17009981b1f8e8acbb9fabb291a5e 2009.0/i586/clamav-0.95.1-2.1mdv2009.0.i586.rpm 74d4e82cb85e9a0756448f3d47a7df54 2009.0/i586/clamav-db-0.95.1-2.1mdv2009.0.i586.rpm 6e6a88618d26e6d2b933661a7199ed7c 2009.0/i586/clamav-milter-0.95.1-2.1mdv2009.0.i586.rpm 6457fce7ff4ac1004bb73b1ce0fb465d 2009.0/i586/clamd-0.95.1-2.1mdv2009.0.i586.rpm e02d098cce4fb905ff0772fa03ebdc40 2009.0/i586/libclamav6-0.95.1-2.1mdv2009.0.i586.rpm 66341a133ab8083a5e45a8374a98c9a7 2009.0/i586/libclamav-devel-0.95.1-2.1mdv2009.0.i586.rpm 6e3d1e7f25b2c2c66fe5b6e6ad63e4fd 2009.0/SRPMS/clamav-0.95.1-2.1mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: f5460c948001225a9d19f3724ed3b38d 2009.0/x86_64/clamav-0.95.1-2.1mdv2009.0.x86_64.rpm 8d7797121ab856e3ece928b8b8055388 2009.0/x86_64/clamav-db-0.95.1-2.1mdv2009.0.x86_64.rpm 938cf6cd118d87f8b557de20d234f822 2009.0/x86_64/clamav-milter-0.95.1-2.1mdv2009.0.x86_64.rpm 641ca4e769bb8ed672a39ca4fc6012ab 2009.0/x86_64/clamd-0.95.1-2.1mdv2009.0.x86_64.rpm d9ceb8022fe109b1d78517fca55a0f5a 2009.0/x86_64/lib64clamav6-0.95.1-2.1mdv2009.0.x86_64.rpm d593fa36c147eb6e6aaacf8e53410e54 2009.0/x86_64/lib64clamav-devel-0.95.1-2.1mdv2009.0.x86_64.rpm 6e3d1e7f25b2c2c66fe5b6e6ad63e4fd 2009.0/SRPMS/clamav-0.95.1-2.1mdv2009.0.src.rpm Corporate 3.0: b7b6503c5444421f1cd861d97a9c5386 corporate/3.0/i586/clamav-0.95.1-1.1.C30mdk.i586.rpm ba931d2fc084fe6c381a82f68d1dfa6e corporate/3.0/i586/clamav-db-0.95.1-1.1.C30mdk.i586.rpm 0dc532b543787ba3c314767af94122d2 corporate/3.0/i586/clamd-0.95.1-1.1.C30mdk.i586.rpm faf6229623ba8bb4107fe97499af7c54 corporate/3.0/i586/libclamav6-0.95.1-1.1.C30mdk.i586.rpm 7a593851920975bfeedfd140721fc051 corporate/3.0/i586/libclamav-devel-0.95.1-1.1.C30mdk.i586.rpm 5fe4ff2006ad37aa310cdc962448a949 corporate/3.0/SRPMS/clamav-0.95.1-1.1.C30mdk.src.rpm Corporate 3.0/X86_64: 61d86f3e8e8ded06a756a79443c89754 corporate/3.0/x86_64/clamav-0.95.1-1.1.C30mdk.x86_64.rpm 9ade30f84acccb03e66fc41093d3fa34 corporate/3.0/x86_64/clamav-db-0.95.1-1.1.C30mdk.x86_64.rpm 9915774317c81d7cafaa551649de18f6 corporate/3.0/x86_64/clamd-0.95.1-1.1.C30mdk.x86_64.rpm ca3929b1611b97147dbba539ba927072 corporate/3.0/x86_64/lib64clamav6-0.95.1-1.1.C30mdk.x86_64.rpm 079134b649c3b867e8df0fe2abdaa9a8 corporate/3.0/x86_64/lib64clamav-devel-0.95.1-1.1.C30mdk.x86_64.rpm 5fe4ff2006ad37aa310cdc962448a949 corporate/3.0/SRPMS/clamav-0.95.1-1.1.C30mdk.src.rpm Corporate 4.0: 8a3d40f2eb11de32d4f812719205588f corporate/4.0/i586/clamav-0.95.1-1.1.20060mlcs4.i586.rpm f19380a3503527a5fb14687f1712a7f1 corporate/4.0/i586/clamav-db-0.95.1-1.1.20060mlcs4.i586.rpm 211b72834f384601e22987a4942dc445 corporate/4.0/i586/clamav-milter-0.95.1-1.1.20060mlcs4.i586.rpm a1198afbb6c424b05d2cfc521ef84804 corporate/4.0/i586/clamd-0.95.1-1.1.20060mlcs4.i586.rpm 04bb78c1b13402e8af8edb2fa3e4c84f corporate/4.0/i586/libclamav6-0.95.1-1.1.20060mlcs4.i586.rpm 5bc0075e65496951761da1f37a30b431 corporate/4.0/i586/libclamav-devel-0.95.1-1.1.20060mlcs4.i586.rpm 92ceb46391b875526b3537f34703c51b corporate/4.0/SRPMS/clamav-0.95.1-1.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: aa317fef6d868d99b2ce22c0334ea059 corporate/4.0/x86_64/clamav-0.95.1-1.1.20060mlcs4.x86_64.rpm 17f64c31b8fc2a73db2680f9b8056c0d corporate/4.0/x86_64/clamav-db-0.95.1-1.1.20060mlcs4.x86_64.rpm 1cf5fe4bb11ce1940d4f95efb642e203 corporate/4.0/x86_64/clamav-milter-0.95.1-1.1.20060mlcs4.x86_64.rpm ab4106cf7bfa8b5407dfe0fb784e48d3 corporate/4.0/x86_64/clamd-0.95.1-1.1.20060mlcs4.x86_64.rpm 600e3d90e14a4e5b37d6bae04fe0fbe3 corporate/4.0/x86_64/lib64clamav6-0.95.1-1.1.20060mlcs4.x86_64.rpm e494d19586e60e9a0d114d960301cdf3 corporate/4.0/x86_64/lib64clamav-devel-0.95.1-1.1.20060mlcs4.x86_64.rpm 92ceb46391b875526b3537f34703c51b corporate/4.0/SRPMS/clamav-0.95.1-1.1.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFJ8hZomqjQ0CJFipgRAh5nAKDFL4629xP6V37fANiHCmIO62HNowCgsP9T sh+l4euCUhExmgO4scmkFYE= =vUEQ - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iD8DBQFJ9mR5NVH5XJJInbgRArA1AJ9dgz1uxevTAFHL0De58V05c/dbkQCfWehA zLKBMiIipVndkqZwxaM9/gQ= =9rWR -----END PGP SIGNATURE-----