Debian GNU/Linux
Debian Security Advisory DSA 946-2 security@debian.org
http://www.debian.org/security/
Martin Schulze
April 8th, 2006 http://www.debian.org/security/faq
Package : sudo
Vulnerability : missing input sanitising Problem type : local
Debian-specific: no
CVE IDs : CVE-2005-4158 CVE-2006-0151
Debian Bug : 342948
The former correction to vulnerabilities in the sudo package
worked fine but were too strict for some environments. Therefore we
have reviewed the changes again and allowed some environment
variables to go back into the privileged execution environment.
Hence, this update.
The configuration option “env_reset” is now activated by
default. It will preserve only the environment variables HOME,
LOGNAME, PATH, SHELL, TERM, DISPLAY, XAUTHORITY, XAUTHORIZATION,
LANG, LANGUAGE, LC_*, and USER in addition to the separate SUDO_*
variables.
For completeness please find below the original advisory
text:
It has been discovered that sudo, a privileged program, that
provides limited super user privileges to specific users, passes
several environment variables to the program that runs with
elevated privileges. In the case of include paths (e.g. for Perl,
Python, Ruby or other scripting languages) this can cause arbitrary
code to be executed as privileged user if the attacker points to a
manipulated version of a system library.
This update alters the former behaviour of sudo and limits the
number of supported environment variables to LC_*, LANG, LANGUAGE
and TERM. Additional variables are only passed through when set as
env_check in /etc/sudoers, which might be required for some scripts
to continue to work.
For the old stable distribution (woody) this problem has been
fixed in version 1.6.6-1.6.
For the stable distribution (sarge) this problem has been fixed
in version 1.6.8p7-1.4.
For the unstable distribution (sid) the same behaviour will be
implemented soon.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
Source archives:
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.6.dsc
Size/MD5 checksum: 589
fda4d1382149f25cfebf1699db73c2aa
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.6.diff.gz
Size/MD5 checksum: 14121
396faaedb67ff76a247a6946cae23d51
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6.orig.tar.gz
Size/MD5 checksum: 333074
4da4bf6cf31634cc7a17ec3b69fdc333
Alpha architecture:
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.6_alpha.deb
Size/MD5 checksum: 152548
bbf4346a6956e646b5dd0c73059bb97c
ARM architecture:
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.6_arm.deb
Size/MD5 checksum: 142328
3f58b32ce7cb6334c391e53da32e6fcd
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.6_i386.deb
Size/MD5 checksum: 135988
90c493e545de6fb4e69041ff3adb5e64
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.6_ia64.deb
Size/MD5 checksum: 173384
8db6ba716e87235971e32e87d03f2c40
HP Precision architecture:
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.6_hppa.deb
Size/MD5 checksum: 148504
87976f60402cac2cee6e7d58f7dd63c8
Motorola 680×0 architecture:
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.6_m68k.deb
Size/MD5 checksum: 133596
fe52aae580b7b0bc3ff9ac36012cede0
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.6_mips.deb
Size/MD5 checksum: 145228
933f52b4795e5acd1d69a10d569165b5
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.6_mipsel.deb
Size/MD5 checksum: 145094
a4d7a6bdb7f26c1f29494a11ccf97a74
PowerPC architecture:
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.6_powerpc.deb
Size/MD5 checksum: 141508
fd135af083103859e484e52119464662
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.6_s390.deb
Size/MD5 checksum: 141078
2b5d766cce3ca1b94539d4965e97c01b
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.6_sparc.deb
Size/MD5 checksum: 143808
39b46d2ca3289c4f2bd7d0228fc4eef7
Debian GNU/Linux 3.1 alias sarge
Source archives:
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.4.dsc
Size/MD5 checksum: 573
40676c986431100eef088b1f3b3c1e03
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.4.diff.gz
Size/MD5 checksum: 21602
6cf5325a202a70e62c2a662e9de3d6c5
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7.orig.tar.gz
Size/MD5 checksum: 585302
ad65d24f20c736597360d242515e412c
Alpha architecture:
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.4_alpha.deb
Size/MD5 checksum: 177688
64d7d8eb1188d58f197e121c55ce9ca0
AMD64 architecture:
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.4_amd64.deb
Size/MD5 checksum: 171058
6870002928d01d45e0a5287cc2017a70
ARM architecture:
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.4_arm.deb
Size/MD5 checksum: 164372
31031e0fc73dd4a1a6cc57a44b514f88
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.4_i386.deb
Size/MD5 checksum: 160676
9eda34ab034ad6ab65e4f3ea1876015e
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.4_ia64.deb
Size/MD5 checksum: 195934
1df26a3372ea03ac840a40266fbf48d6
HP Precision architecture:
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.4_hppa.deb
Size/MD5 checksum: 171542
8e0ad3c6f597e27169864daf90eccb16
Motorola 680×0 architecture:
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.4_m68k.deb
Size/MD5 checksum: 155874
900bed288f532882a0cccb798f871d77
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.4_mips.deb
Size/MD5 checksum: 169346
0f2094e3a4c51c83e9975b57a48b15a2
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.4_mipsel.deb
Size/MD5 checksum: 169392
6be4e3681b8dc4ddc9777ed1f186285f
PowerPC architecture:
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.4_powerpc.deb
Size/MD5 checksum: 166290
76386481e58f6cfcd53c394877792950
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.4_s390.deb
Size/MD5 checksum: 169100
bab22d31f43acc189ec97458f5047133
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.4_sparc.deb
Size/MD5 checksum: 163168
e0cdf1a6ed38504a0b31904aa7c654cc
These files will probably be moved into the stable distribution
on its next update.
Debian Security Advisory DSA 1028-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
March 7th, 2006 http://www.debian.org/security/faq
Package : libimager-perl
Vulnerability : programing error
Problem type : local (remote)
Debian-specific: no
CVE ID : CVE-2006-0053
Debian Bug : 359661
Kjetil Kjernsmo discovered a bug in libimager-perl, a Perl
extension for generating 24 bit images, which can lead to a
segmentation fault if it operates on 4-channel JPEG images.
The old stable distribution (woody) does not contain this
package.
For the stable distribution (sarge) this problem has been fixed
in version perl_0.44-1sarge1.
For the unstable distribution (sid) this problem has been fixed
in version 5.0-1.
We recommend that you upgrade your libimager-perl package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
Source archives:
http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.44-1sarge1.dsc
Size/MD5 checksum: 761
c95db45742a6373bdb2807bf33073141
http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.44-1sarge1.diff.gz
Size/MD5 checksum: 2786
7ae8aa675c1b894683bc15ac971c7db8
http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.44.orig.tar.gz
Size/MD5 checksum: 586239
0e4f53fb78473f5f8b554b112b92002d
Alpha architecture:
Size/MD5 checksum: 488534
b03dd9d48a959751e6bef2be85d8106e
AMD64 architecture:
Size/MD5 checksum: 453446
bb3d5d11df1d19b60c4fe0eb6f9f0d36
ARM architecture:
http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.44-1sarge1_arm.deb
Size/MD5 checksum: 433266
c5cac7115dcd93dae4a1d89aa0e9e12f
Intel IA-32 architecture:
Size/MD5 checksum: 452614
26b7ae6ddb8723d1888c8bfafff578ba
Intel IA-64 architecture:
Size/MD5 checksum: 543750
b20b3a53fbfa8e32777be00d1c8b47f5
HP Precision architecture:
Size/MD5 checksum: 469220
1bd6e89a2688a354593558f50e23f70b
Motorola 680×0 architecture:
Size/MD5 checksum: 432016
5eb3bcd77dcf6362ae8eb5e6c34b2c2e
Big endian MIPS architecture:
Size/MD5 checksum: 411872
eaf737ff5311c8116c029e1f1dc8028c
Little endian MIPS architecture:
Size/MD5 checksum: 412756
54a745933c063daf82903acdfd4c46c1
PowerPC architecture:
Size/MD5 checksum: 462190
1e5d3f5da630a2d89ae3b5cf6181da70
IBM S/390 architecture:
Size/MD5 checksum: 413442
619a0da3c90ab1b989a50b0ebe0cf83c
Sun Sparc architecture:
Size/MD5 checksum: 449508
d716b3120c2747e3f81a41e88afe1ef4
These files will probably be moved into the stable distribution
on its next update.
Debian Security Advisory DSA 1029-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
April 8th, 2006 http://www.debian.org/security/faq
Package : libphp-adodb
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2006-0146 CVE-2006-0147 CVE-2006-0410 CVE-2006-0806
BugTraq IDs : 16187 16364 16720
Debian Bugs : 349985 358872
Several vulnerabilities have been discovered in libphp-adodb,
the ‘adodb’ database abstraction layer for PHP. The Common
Vulnerabilities and Exposures project identifies the following
problems:
CVE-2006-0146
Andreas Sandblad discovered that improper user input
sanitisation results in a potential remote SQL injection
vulnerability enabling an attacker to compromise applications,
access or modify data, or exploit vulnerabilities in the underlying
database implementation. This requires the MySQL root password to
be empty. It is fixed by limiting access to the script in
question.
CVE-2006-0147
A dynamic code evaluation vulnerability allows remote attackers
to execute arbitrary PHP functions via the ‘do’ parameter.
CVE-2006-0410
Andy Staudacher discovered an SQL injection vulnerability due to
insufficient input sanitising that allows remote attackers to
execute arbitrary SQL commands.
CVE-2006-0806
GulfTech Security Research discovered multiple cross-site
scripting vulnerabilities due to improper user-supplied input
sanitisation. Attackers can exploit these vulnerabilities to cause
arbitrary scripts to be executed in the browser of an unsuspecting
user’s machine, or result in the theft of cookie-based
authentication credentials.
For the old stable distribution (woody) these problems have been
fixed in version 1.51-1.2.
For the stable distribution (sarge) these problems have been
fixed in version 4.52-1sarge1.
For the unstable distribution (sid) these problems have been
fixed in version 4.72-0.1.
We recommend that you upgrade your libphp-adodb package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
Source archives:
http://security.debian.org/pool/updates/main/libp/libphp-adodb/libphp-adodb_1.51-1.2.dsc
Size/MD5 checksum: 548
3d374bc44425b7ba258eb8129d02349c
http://security.debian.org/pool/updates/main/libp/libphp-adodb/libphp-adodb_1.51-1.2.diff.gz
Size/MD5 checksum: 2404
9e579561939b10fda54f313294407007
http://security.debian.org/pool/updates/main/libp/libphp-adodb/libphp-adodb_1.51.orig.tar.gz
Size/MD5 checksum: 104759
37c041d0c73b3aa4aa7e1800f9fcd4ff
Architecture independent components:
http://security.debian.org/pool/updates/main/libp/libphp-adodb/libphp-adodb_1.51-1.2_all.deb
Size/MD5 checksum: 104364
e241aeaab484de2b786ac639252f71ca
Debian GNU/Linux 3.1 alias sarge
Source archives:
http://security.debian.org/pool/updates/main/libp/libphp-adodb/libphp-adodb_4.52-1sarge1.dsc
Size/MD5 checksum: 608
d4cc684374fcd789138f695142ef6042
http://security.debian.org/pool/updates/main/libp/libphp-adodb/libphp-adodb_4.52-1sarge1.diff.gz
Size/MD5 checksum: 7746
a8e033f1770717a8990ed498f477dc21
http://security.debian.org/pool/updates/main/libp/libphp-adodb/libphp-adodb_4.52.orig.tar.gz
Size/MD5 checksum: 375443
427ff438939924b32d538eeca4b73743
Architecture independent components:
http://security.debian.org/pool/updates/main/libp/libphp-adodb/libphp-adodb_4.52-1sarge1_all.deb
Size/MD5 checksum: 349856
0ad35b7081f80aa31e44ff6f1473d960
These files will probably be moved into the stable distribution
on its next update.
Debian Security Advisory DSA 1030-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
April 8th, 2006 http://www.debian.org/security/faq
Package : moodle
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2006-0146 CVE-2006-0147 CVE-2006-0410
CVE-2006-0806
BugTraq IDs : 16187 16364 16720
Debian Bugs : 349985 358872
Several vulnerabilities have been discovered in libphp-adodb,
the ‘adodb’ database abstraction layer for PHP, which is embedded
in moodle, a course management system for online learning. The
Common Vulnerabilities and Exposures project identifies the
following problems:
CVE-2006-0146
Andreas Sandblad discovered that improper user input
sanitisation results in a potential remote SQL injection
vulnerability enabling an attacker to compromise applications,
access or modify data, or exploit vulnerabilities in the underlying
database implementation. This requires the MySQL root password to
be empty. It is fixed by limiting access to the script in
question.
CVE-2006-0147
A dynamic code evaluation vulnerability allows remote attackers
to execute arbitrary PHP functions via the ‘do’ parameter.
CVE-2006-0410
Andy Staudacher discovered an SQL injection vulnerability due to
insufficient input sanitising that allows remote attackers to
execute arbitrary SQL commands.
CVE-2006-0806
GulfTech Security Research discovered multiple cross-site
scripting vulnerabilities due to improper user-supplied input
sanitisation. Attackers can exploit these vulnerabilities to cause
arbitrary scripts to be executed in the browser of an unsuspecting
user’s machine, or result in the theft of cookie-based
authentication credentials.
The old stable distribution (woody) does not contain moodle
packages.
For the stable distribution (sarge) these problems have been
fixed in version 1.4.4.dfsg.1-3sarge1.
For the unstable distribution these problems will be fixed
soon.
We recommend that you upgrade your moodle package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
Source archives:
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.4.4.dfsg.1-3sarge1.dsc
Size/MD5 checksum: 616
5d572ce0e8c11034e62fd3a20b0f9d67
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.4.4.dfsg.1-3sarge1.diff.gz
Size/MD5 checksum: 12159
2868972a9a5b94eb9d8a2575e7fc4937
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.4.4.dfsg.1.orig.tar.gz
Size/MD5 checksum: 9717561
50f0618c0711a7eed3725fea0dd45109
Architecture independent components:
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.4.4.dfsg.1-3sarge1_all.deb
Size/MD5 checksum: 9161960
caabcd722dd1a202e95d1bae8c751bf4
These files will probably be moved into the stable distribution
on its next update.
Debian Security Advisory DSA 1031-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
April 8th, 2006 http://www.debian.org/security/faq
Package : cacti
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2006-0146 CVE-2006-0147 CVE-2006-0410
CVE-2006-0806
BugTraq IDs : 16187 16364 16720
Debian Bugs : 349985 358872
Several vulnerabilities have been discovered in libphp-adodb,
the ‘adodb’ database abstraction layer for PHP, which is embedded
in cacti, a frontend to rrdtool for monitoring systems and
services. The Common Vulnerabilities and Exposures project
identifies the following problems:
CVE-2006-0146
Andreas Sandblad discovered that improper user input
sanitisation results in a potential remote SQL injection
vulnerability enabling an attacker to compromise applications,
access or modify data, or exploit vulnerabilities in the underlying
database implementation. This requires the MySQL root password to
be empty. It is fixed by limiting access to the script in
question.
CVE-2006-0147
A dynamic code evaluation vulnerability allows remote attackers
to execute arbitrary PHP functions via the ‘do’ parameter.
CVE-2006-0410
Andy Staudacher discovered an SQL injection vulnerability due to
insufficient input sanitising that allows remote attackers to
execute arbitrary SQL commands.
CVE-2006-0806
GulfTech Security Research discovered multiple cross-site
scripting vulnerabilities due to improper user-supplied input
sanitisation. Attackers can exploit these vulnerabilities to cause
arbitrary scripts to be executed in the browser of an unsuspecting
user’s machine, or result in the theft of cookie-based
authentication credentials.
The old stable distribution (woody) is not affected by these
problems.
For the stable distribution (sarge) these problems have been
fixed in version 0.8.6c-7sarge3.
For the unstable distribution these problems will be fixed
soon.
We recommend that you upgrade your cacti package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
Source archives:
http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6c-7sarge3.dsc
Size/MD5 checksum: 597
9ad5bc63bba985893a14044dd5b37592
http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6c-7sarge3.diff.gz
Size/MD5 checksum: 43881
b9c59a54f46b820480f4ee4fb7402074
http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6c.orig.tar.gz
Size/MD5 checksum: 1046586
b4130300f671e773ebea3b8f715912c1
Architecture independent components:
http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6c-7sarge3_all.deb
Size/MD5 checksum: 1058818
afe7c7131aacf8eaaaee0a3c39933834
These files will probably be moved into the stable distribution
on its next update.
For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>
Gentoo Linux
Gentoo Linux Security Advisory GLSA 200604-06
Severity: High
Title: ClamAV: Multiple vulnerabilities
Date: April 07, 2006
Bugs: #128963
ID: 200604-06
Synopsis
ClamAV contains multiple vulnerabilities that could lead to
remote execution of arbitrary code or cause an application
crash.
Background
ClamAV is a GPL virus scanner.
Affected packages
Package / Vulnerable / Unaffected
1 app-antivirus/clamav < 0.88.1 >= 0.88.1
Description
ClamAV contains format string vulnerabilities in the logging
code (CVE-2006-1615). Furthermore Damian Put discovered an integer
overflow in ClamAV’s PE header parser (CVE-2006-1614) and David
Luyer discovered that ClamAV can be tricked into performing an
invalid memory access (CVE-2006-1630).
Impact
By sending a malicious attachment to a mail server running
ClamAV, a remote attacker could cause a Denial of Service or the
execution of arbitrary code. Note that the overflow in the PE
header parser is only exploitable when the ArchiveMaxFileSize
option is disabled.
Workaround
There is no known workaround at this time.
Resolution
All ClamAV users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.88.1"
References
[ 1 ] CVE-2006-1614
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1614
[ 2 ] CVE-2006-1615
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1615
[ 3 ] CVE-2006-1630
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1630
Availability
This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200604-06.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).
The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.0
Mandriva Linux
Mandriva Linux Security Advisory MDKSA-2006:067
http://www.mandriva.com/security/
Package : clamav
Date : April 7, 2006
Affected: 10.2, 2006.0, Corporate 3.0
Problem Description:
Damian Put discovered an integer overflow in the PE header
parser in ClamAV that could be exploited if the ArchiveMaxFileSize
option was disabled (CVE-2006-1614).
Format strings in the logging code could possibly lead to the
execution of arbitrary code (CVE-2006-1615).
David Luyer found that ClamAV could be tricked into an invalid
memory access in the cli_bitset_set() function, which could lead to
a Denial of Service (CVE-2006-1630).
This update provides ClamAV 0.88.1 which corrects this issue and
also fixes some other bugs.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1614
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1615
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1630
Updated Packages:
Mandriva Linux 10.2:
78af90cdd26037ecc4753cc223ef1b46
10.2/RPMS/clamav-0.88.1-0.1.102mdk.i586.rpm
386742ea0d3fa49e7d4116c883632c40
10.2/RPMS/clamav-db-0.88.1-0.1.102mdk.i586.rpm
162bac111e036526638c9556404f84ef
10.2/RPMS/clamav-milter-0.88.1-0.1.102mdk.i586.rpm
790cae6bca4f206d0d41ccdc9aab4172
10.2/RPMS/clamd-0.88.1-0.1.102mdk.i586.rpm
f4ec987f6de8dbe0fa0a370a8513576c
10.2/RPMS/libclamav1-0.88.1-0.1.102mdk.i586.rpm
4cf47fde81840efb4c17e24181587fad
10.2/RPMS/libclamav1-devel-0.88.1-0.1.102mdk.i586.rpm
4ae4f91cb63670f018c84644685708d1
10.2/SRPMS/clamav-0.88.1-0.1.102mdk.src.rpm
Mandriva Linux 10.2/X86_64:
d67ab22811cc7329d889fd2953ff98e4
x86_64/10.2/RPMS/clamav-0.88.1-0.1.102mdk.x86_64.rpm
1750f5d9e63d9e37a170114cee64fe7f
x86_64/10.2/RPMS/clamav-db-0.88.1-0.1.102mdk.x86_64.rpm
28310e3fb5eba18cb1312591ee94b747
x86_64/10.2/RPMS/clamav-milter-0.88.1-0.1.102mdk.x86_64.rpm
afa8503930c109873deb561d0bf19637
x86_64/10.2/RPMS/clamd-0.88.1-0.1.102mdk.x86_64.rpm
90b6e2108b96abc940309dbdf277c15b
x86_64/10.2/RPMS/lib64clamav1-0.88.1-0.1.102mdk.x86_64.rpm
53b7e0d8aa707a2679121c1ee3e3a68d
x86_64/10.2/RPMS/lib64clamav1-devel-0.88.1-0.1.102mdk.x86_64.rpm
4ae4f91cb63670f018c84644685708d1
x86_64/10.2/SRPMS/clamav-0.88.1-0.1.102mdk.src.rpm
Mandriva Linux 2006.0:
604deb9acc669892e83889e21003da72
2006.0/RPMS/clamav-0.88.1-0.1.20060mdk.i586.rpm
130c0cd5592f794dff01c816da87a22c
2006.0/RPMS/clamav-db-0.88.1-0.1.20060mdk.i586.rpm
c70b05eb926c8de70e8c61404ffe878d
2006.0/RPMS/clamav-milter-0.88.1-0.1.20060mdk.i586.rpm
744662b01972ca7d4e8cf319778f5e70
2006.0/RPMS/clamd-0.88.1-0.1.20060mdk.i586.rpm
b33e83e43cf31b1cf8b01d4ae0140cb6
2006.0/RPMS/libclamav1-0.88.1-0.1.20060mdk.i586.rpm
494e3c588012bb49c7539379a1ed7d04
2006.0/RPMS/libclamav1-devel-0.88.1-0.1.20060mdk.i586.rpm
ee0dad2e6693a49018772d523b31caf7
2006.0/SRPMS/clamav-0.88.1-0.1.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
9ed21b8dfaf3cc0e97642c01a60cb77e
x86_64/2006.0/RPMS/clamav-0.88.1-0.1.20060mdk.x86_64.rpm
6c9774f949aa4d6543fe73465fa18fd3
x86_64/2006.0/RPMS/clamav-db-0.88.1-0.1.20060mdk.x86_64.rpm
7da7ff8ca78611296e2a9deeb13f3c21
x86_64/2006.0/RPMS/clamav-milter-0.88.1-0.1.20060mdk.x86_64.rpm
0cdd6ea74f17fb4179d86005a0ee74a0
x86_64/2006.0/RPMS/clamd-0.88.1-0.1.20060mdk.x86_64.rpm
e029708922271f57d28fb04fbfbc670e
x86_64/2006.0/RPMS/lib64clamav1-0.88.1-0.1.20060mdk.x86_64.rpm
0c6075c66b0fc5aa791d661e4b356f7e
x86_64/2006.0/RPMS/lib64clamav1-devel-0.88.1-0.1.20060mdk.x86_64.rpm
ee0dad2e6693a49018772d523b31caf7
x86_64/2006.0/SRPMS/clamav-0.88.1-0.1.20060mdk.src.rpm
Corporate 3.0:
338f4fde8dc1b3c025a0aafe7e3f1d16
corporate/3.0/RPMS/clamav-0.88.1-0.1.C30mdk.i586.rpm
0b103f86de58322decb7eab357ae8303
corporate/3.0/RPMS/clamav-db-0.88.1-0.1.C30mdk.i586.rpm
872ff963443a695f7339925e17751fb4
corporate/3.0/RPMS/clamav-milter-0.88.1-0.1.C30mdk.i586.rpm
4398815889ab571ef8a88aaa1cd96d0c
corporate/3.0/RPMS/clamd-0.88.1-0.1.C30mdk.i586.rpm
422f5145947d02532671885b115a6ef6
corporate/3.0/RPMS/libclamav1-0.88.1-0.1.C30mdk.i586.rpm
8b14d93a15408fb129c66d1395c3595c
corporate/3.0/RPMS/libclamav1-devel-0.88.1-0.1.C30mdk.i586.rpm
ad723ef00c23c3b8c36be5aee40abb15
corporate/3.0/SRPMS/clamav-0.88.1-0.1.C30mdk.src.rpm
Corporate 3.0/X86_64:
01fd41e817e1d96789b1b9dc43cbd760
x86_64/corporate/3.0/RPMS/clamav-0.88.1-0.1.C30mdk.x86_64.rpm
434648110ef5603f85049ae02e44b7e4
x86_64/corporate/3.0/RPMS/clamav-db-0.88.1-0.1.C30mdk.x86_64.rpm
10a1d45e5d53d170112b1698fcdb66ba
x86_64/corporate/3.0/RPMS/clamav-milter-0.88.1-0.1.C30mdk.x86_64.rpm
c1f38d2e0d753997b096c5e0fbf4f575
x86_64/corporate/3.0/RPMS/clamd-0.88.1-0.1.C30mdk.x86_64.rpm
b1bd0032ab359f4a25b48675df76e1be
x86_64/corporate/3.0/RPMS/lib64clamav1-0.88.1-0.1.C30mdk.x86_64.rpm
bc9dfa91d651edaf6957def3c502ec21
x86_64/corporate/3.0/RPMS/lib64clamav1-devel-0.88.1-0.1.C30mdk.x86_64.rpm
ad723ef00c23c3b8c36be5aee40abb15
x86_64/corporate/3.0/SRPMS/clamav-0.88.1-0.1.C30mdk.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.
All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:
gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
Mandriva Linux Security Advisory MDKSA-2006:068
http://www.mandriva.com/security/
Package : mplayer
Date : April 7, 2006
Affected: 2006.0, Corporate 3.0
Problem Description:
Multiple integer overflows in MPlayer 1.0pre7try2 allow remote
attackers to cause a denial of service and trigger heap-based
buffer overflows via (1) a certain ASF file handled by asfheader.c
that causes the asf_descrambling function to be passed a negative
integer after the conversion from a char to an int or (2) an AVI
file with a crafted wLongsPerEntry or nEntriesInUse value in the
indx chunk, which is handled in aviheader.c.
The updated packages have been patched to prevent this
problem.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1502
Updated Packages:
Mandriva Linux 2006.0:
03c437640874758ea658eff341005320
2006.0/RPMS/libdha1.0-1.0-1.pre7.12.3.20060mdk.i586.rpm
a2b8e4aabaafd0c884eb659f6cd0feaf
2006.0/RPMS/libpostproc0-1.0-1.pre7.12.3.20060mdk.i586.rpm
d1676891039ac155896170842f97ed40
2006.0/RPMS/libpostproc0-devel-1.0-1.pre7.12.3.20060mdk.i586.rpm
28fca9318c85691868955113a8c7808b
2006.0/RPMS/mencoder-1.0-1.pre7.12.3.20060mdk.i586.rpm
7c16c92c8ed358e216dacab0b018278b
2006.0/RPMS/mplayer-1.0-1.pre7.12.3.20060mdk.i586.rpm
5a3ff20ed2086148e600d0f1a88e1ef2
2006.0/RPMS/mplayer-gui-1.0-1.pre7.12.3.20060mdk.i586.rpm
b427ac400ce812c26d4a72b9fb0dd20c
2006.0/SRPMS/mplayer-1.0-1.pre7.12.3.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
e0e4cfa862c584978ed8ac02f2be19a0
x86_64/2006.0/RPMS/lib64postproc0-1.0-1.pre7.12.3.20060mdk.x86_64.rpm
a12a7da30ba364ded2558b17ce961ca9
x86_64/2006.0/RPMS/lib64postproc0-devel-1.0-1.pre7.12.3.20060mdk.x86_64.rpm
a0716acb06f3473646a6077f8fb0684c
x86_64/2006.0/RPMS/mencoder-1.0-1.pre7.12.3.20060mdk.x86_64.rpm
2e1e0b7cd6ce8c13f80d4de208550268
x86_64/2006.0/RPMS/mplayer-1.0-1.pre7.12.3.20060mdk.x86_64.rpm
74e8472e651326cf569f912c76548a80
x86_64/2006.0/RPMS/mplayer-gui-1.0-1.pre7.12.3.20060mdk.x86_64.rpm
b427ac400ce812c26d4a72b9fb0dd20c
x86_64/2006.0/SRPMS/mplayer-1.0-1.pre7.12.3.20060mdk.src.rpm
Corporate 3.0:
e96a39ec87ce97b97a3ccc10b7ea80cc
corporate/3.0/RPMS/libdha0.1-1.0-0.pre3.14.7.C30mdk.i586.rpm
6466d0a2b2a01ddf3bb4d25f477e8fb6
corporate/3.0/RPMS/libpostproc0-1.0-0.pre3.14.7.C30mdk.i586.rpm
ac89e6c99a5f83217bf0633661d035e1
corporate/3.0/RPMS/libpostproc0-devel-1.0-0.pre3.14.7.C30mdk.i586.rpm
301733fd13558987b64c3404cbe992d6
corporate/3.0/RPMS/mencoder-1.0-0.pre3.14.7.C30mdk.i586.rpm
ff5e64d0353c5047711b71a472816b20
corporate/3.0/RPMS/mplayer-1.0-0.pre3.14.7.C30mdk.i586.rpm
92337dd6b2c24822e0473a9f89680163
corporate/3.0/RPMS/mplayer-gui-1.0-0.pre3.14.7.C30mdk.i586.rpm
70e6a51230bf28e9215b0036f3290d55
corporate/3.0/SRPMS/mplayer-1.0-0.pre3.14.7.C30mdk.src.rpm
Corporate 3.0/X86_64:
7d84b489e9df376ef008a309f0da66c7
x86_64/corporate/3.0/RPMS/lib64postproc0-1.0-0.pre3.14.7.C30mdk.x86_64.rpm
f9003ffa5f6b32b6d677208d71bebf11
x86_64/corporate/3.0/RPMS/lib64postproc0-devel-1.0-0.pre3.14.7.C30mdk.x86_64.rpm
5363a56acd413b4e93f22897eaf38c2b
x86_64/corporate/3.0/RPMS/mencoder-1.0-0.pre3.14.7.C30mdk.x86_64.rpm
1c493d2eddd5cc94b1d32cdc52f16ca1
x86_64/corporate/3.0/RPMS/mplayer-1.0-0.pre3.14.7.C30mdk.x86_64.rpm
b58a53a83e69fc98a739c447272c2174
x86_64/corporate/3.0/RPMS/mplayer-gui-1.0-0.pre3.14.7.C30mdk.x86_64.rpm
70e6a51230bf28e9215b0036f3290d55
x86_64/corporate/3.0/SRPMS/mplayer-1.0-0.pre3.14.7.C30mdk.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.
All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:
gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>