July 2007

ID: 3280
Date: 27 July 2007 11:23

---

Title: 3280 - Mandriva Security Advisories
Abstract: Details of several Mandriva security advisories
Vendors affected:Mandriva
Applications affected:ImageMagick, tcpdump, bind, clamav, autofs
Warning Status: Imminent
Type of fix: Patch
Source: Mandriva
Reliability of source: Trusted
Source URL: http://www.mandriva.com/security/advisories

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:147
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : ImageMagick
 Date    : July 20, 2007
 Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0  _______________________________________________________________________
 
 Problem Description:
 
 A number of vulnerabilities were discovered in how ImageMagick handles  DCM and XWD image files.  If a user were tricked into processing a  specially crafted image file with an application that uses ImageMagick,  an attacker could cause a heap-based buffer overflow and possibly  execute arbitrary code with the user's privileges.
 
 The updated packages have been patched to prevent these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1667
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1797
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 343587ddd298b9dfb7dc6c5caecb70d0  2007.0/i586/ImageMagick-6.2.9.2-1.3mdv2007.0.i586.rpm
 fcce307ef73994175a3d51137266a6af  2007.0/i586/ImageMagick-doc-6.2.9.2-1.3mdv2007.0.i586.rpm
 64bd268c6592b10f44adc22c16c8034b  2007.0/i586/libMagick10.4.0-6.2.9.2-1.3mdv2007.0.i586.rpm
 83bdd365ddaebdeba93669741053d998  2007.0/i586/libMagick10.4.0-devel-6.2.9.2-1.3mdv2007.0.i586.rpm
 da2075d33957e1cfd48bca48e6045366  2007.0/i586/perl-Image-Magick-6.2.9.2-1.3mdv2007.0.i586.rpm
 9475b65f0389811d6d24b4afb5d1f0f7  2007.0/SRPMS/ImageMagick-6.2.9.2-1.3mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 96bdffd605ca39d1dc0a679cef1ac7fc  2007.0/x86_64/ImageMagick-6.2.9.2-1.3mdv2007.0.x86_64.rpm
 6889ad0d3b9b99744f4e3d245fa09a94  2007.0/x86_64/ImageMagick-doc-6.2.9.2-1.3mdv2007.0.x86_64.rpm
 3d58aa4195fcb658853bd515103e9434  2007.0/x86_64/lib64Magick10.4.0-6.2.9.2-1.3mdv2007.0.x86_64.rpm
 5eddebd9cae0bf6e9aedf8542e880ae1  2007.0/x86_64/lib64Magick10.4.0-devel-6.2.9.2-1.3mdv2007.0.x86_64.rpm
 290cd11e7d80cc96cf633c12aa0907ce  2007.0/x86_64/perl-Image-Magick-6.2.9.2-1.3mdv2007.0.x86_64.rpm
 9475b65f0389811d6d24b4afb5d1f0f7  2007.0/SRPMS/ImageMagick-6.2.9.2-1.3mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 eb87e7c334209c8684a1b67445720fd7  2007.1/i586/ImageMagick-6.3.2.9-5.1mdv2007.1.i586.rpm
 3ae9d9d49b46f327efbcf35967700011  2007.1/i586/ImageMagick-desktop-6.3.2.9-5.1mdv2007.1.i586.rpm
 729b308b20fa3fdf18e262a4da4092d8  2007.1/i586/ImageMagick-doc-6.3.2.9-5.1mdv2007.1.i586.rpm
 174bd6a073bc802246d6e97b1995174e  2007.1/i586/libMagick10.7.0-6.3.2.9-5.1mdv2007.1.i586.rpm
 ffe8d8e96f27eb2b5767f587c03d1c3f  2007.1/i586/libMagick10.7.0-devel-6.3.2.9-5.1mdv2007.1.i586.rpm
 94b7c633860dca3e15f6f93b9690bc06  2007.1/i586/perl-Image-Magick-6.3.2.9-5.1mdv2007.1.i586.rpm
 8d70c1afadd634d2e3b618b14b79efbf  2007.1/SRPMS/ImageMagick-6.3.2.9-5.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 2321dfeec60cd7aa9d10e4b2d3e95c15  2007.1/x86_64/ImageMagick-6.3.2.9-5.1mdv2007.1.x86_64.rpm
 3cab45fe3f4f5d122645de4fe1bf9c03  2007.1/x86_64/ImageMagick-desktop-6.3.2.9-5.1mdv2007.1.x86_64.rpm
 03b60841608c2ccb09f97befca901906  2007.1/x86_64/ImageMagick-doc-6.3.2.9-5.1mdv2007.1.x86_64.rpm
 209cc68583cc4daf0fa9ebd425c94007  2007.1/x86_64/lib64Magick10.7.0-6.3.2.9-5.1mdv2007.1.x86_64.rpm
 edcf84ea5290d2e92ddc2e2cd1f21a03  2007.1/x86_64/lib64Magick10.7.0-devel-6.3.2.9-5.1mdv2007.1.x86_64.rpm
 43ba4dd5a323036259b1b5fdecc2076b  2007.1/x86_64/perl-Image-Magick-6.3.2.9-5.1mdv2007.1.x86_64.rpm
 8d70c1afadd634d2e3b618b14b79efbf  2007.1/SRPMS/ImageMagick-6.3.2.9-5.1mdv2007.1.src.rpm

 Corporate 3.0:
 16813a44dac74871a5db809ce9f9e002  corporate/3.0/i586/ImageMagick-5.5.7.15-6.11.C30mdk.i586.rpm
 57b4e7c0600b065753442c4b5e221b20  corporate/3.0/i586/ImageMagick-doc-5.5.7.15-6.11.C30mdk.i586.rpm
 0cc167ebf831e7480ae074bd16c15b75  corporate/3.0/i586/libMagick5.5.7-5.5.7.15-6.11.C30mdk.i586.rpm
 25f93102616d5e30e97c145f13a35726  corporate/3.0/i586/libMagick5.5.7-devel-5.5.7.15-6.11.C30mdk.i586.rpm
 60e2ad207a60aaa172f4e3d0f024c122  corporate/3.0/i586/perl-Magick-5.5.7.15-6.11.C30mdk.i586.rpm
 14bc8952ce20fd3849f80b1e78f7043c  corporate/3.0/SRPMS/ImageMagick-5.5.7.15-6.11.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 593bbef64a1dd8be7dff37021a504812  corporate/3.0/x86_64/ImageMagick-5.5.7.15-6.11.C30mdk.x86_64.rpm
 7b9998a9e7f0f653aa57db89c27cb15b  corporate/3.0/x86_64/ImageMagick-doc-5.5.7.15-6.11.C30mdk.x86_64.rpm
 6c7492a96b986962b8f8f9f7925bde8d  corporate/3.0/x86_64/lib64Magick5.5.7-5.5.7.15-6.11.C30mdk.x86_64.rpm
 22f51cc5c770c95958f5e3c344748f5c  corporate/3.0/x86_64/lib64Magick5.5.7-devel-5.5.7.15-6.11.C30mdk.x86_64.rpm
 aefed15ea641344181dddd4ec35752c0  corporate/3.0/x86_64/perl-Magick-5.5.7.15-6.11.C30mdk.x86_64.rpm
 14bc8952ce20fd3849f80b1e78f7043c  corporate/3.0/SRPMS/ImageMagick-5.5.7.15-6.11.C30mdk.src.rpm

 Corporate 4.0:
 95973160bd68a3aed051806372901781  corporate/4.0/i586/ImageMagick-6.2.4.3-1.6.20060mlcs4.i586.rpm
 abde3c8490d43ae6420d0d9956f2aee5  corporate/4.0/i586/ImageMagick-doc-6.2.4.3-1.6.20060mlcs4.i586.rpm
 b6d7c4e7eb3129d9dd7a54fb01ef8092  corporate/4.0/i586/libMagick8.4.2-6.2.4.3-1.6.20060mlcs4.i586.rpm
 d84c750f874a5208012029e3583cb9e4  corporate/4.0/i586/libMagick8.4.2-devel-6.2.4.3-1.6.20060mlcs4.i586.rpm
 f675bf9dca0952142beb708f4810b9c7  corporate/4.0/i586/perl-Image-Magick-6.2.4.3-1.6.20060mlcs4.i586.rpm
 a875a3e81ed37bd88099a44f40f9cb56  corporate/4.0/SRPMS/ImageMagick-6.2.4.3-1.6.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 932916789e755403722596bc6ff5db77  corporate/4.0/x86_64/ImageMagick-6.2.4.3-1.6.20060mlcs4.x86_64.rpm
 4450c7359f47f2dd7bc6792ede57a4e2  corporate/4.0/x86_64/ImageMagick-doc-6.2.4.3-1.6.20060mlcs4.x86_64.rpm
 90666c9e1ed0ac69283ca78892f621ab  corporate/4.0/x86_64/lib64Magick8.4.2-6.2.4.3-1.6.20060mlcs4.x86_64.rpm
 b55e2d4e7bea0f4f6c7ff76cb7cf5b7b  corporate/4.0/x86_64/lib64Magick8.4.2-devel-6.2.4.3-1.6.20060mlcs4.x86_64.rpm
 c2e233ddc77013d62169ea4cb4a1d56f  corporate/4.0/x86_64/perl-Image-Magick-6.2.4.3-1.6.20060mlcs4.x86_64.rpm
 a875a3e81ed37bd88099a44f40f9cb56  corporate/4.0/SRPMS/ImageMagick-6.2.4.3-1.6.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification  of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the  GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGoSrZmqjQ0CJFipgRAtMxAJ9M8C7e4HWz1dumgv8FLsGKJVKCmwCg39ku
W9krF68ToP8F3PwDJxnUjas=
=SyYs
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:148
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : tcpdump
 Date    : July 25, 2007
 Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0  _______________________________________________________________________
 
 Problem Description:
 
 An integer overflow in tcpdump could allow a remote attacker to  execute arbitrary code via crafted TLVs in a BGP packet.
 
 Updated packages have been patched to prevent this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3798
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 73a03979bbb0fef6ecca9cfea8c15293  2007.0/i586/tcpdump-3.9.4-1.2mdv2007.0.i586.rpm
 767f8fbcc96602d5e85c1131ca789323  2007.0/SRPMS/tcpdump-3.9.4-1.2mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 043b7ecea174ab02b651b78a4d163249  2007.0/x86_64/tcpdump-3.9.4-1.2mdv2007.0.x86_64.rpm
 767f8fbcc96602d5e85c1131ca789323  2007.0/SRPMS/tcpdump-3.9.4-1.2mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 2d152372297a0797eb2f91d5eea15d31  2007.1/i586/tcpdump-3.9.5-1.1mdv2007.1.i586.rpm
 15ded4bd5c5d5dfce05348c7eed0a456  2007.1/SRPMS/tcpdump-3.9.5-1.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 0d2602af49e234dbff3cc1cb4f782981  2007.1/x86_64/tcpdump-3.9.5-1.1mdv2007.1.x86_64.rpm
 15ded4bd5c5d5dfce05348c7eed0a456  2007.1/SRPMS/tcpdump-3.9.5-1.1mdv2007.1.src.rpm

 Corporate 3.0:
 3649b10b9d8b03982e40d461bf5f8733  corporate/3.0/i586/tcpdump-3.8.1-1.4.C30mdk.i586.rpm
 ec63bb0a8bc2ea06f5f2218c5e0528b7  corporate/3.0/SRPMS/tcpdump-3.8.1-1.4.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 254d9a3f816f759bacc42e5f24bbc895  corporate/3.0/x86_64/tcpdump-3.8.1-1.4.C30mdk.x86_64.rpm
 ec63bb0a8bc2ea06f5f2218c5e0528b7  corporate/3.0/SRPMS/tcpdump-3.8.1-1.4.C30mdk.src.rpm

 Corporate 4.0:
 51de8a617eeb1ee78dc0c86999911e20  corporate/4.0/i586/tcpdump-3.9.3-1.4.20060mlcs4.i586.rpm
 7228692328e815bdd36c34c9c205fd0a  corporate/4.0/SRPMS/tcpdump-3.9.3-1.4.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 28924494741b88fd6b3dfdd924e08a96  corporate/4.0/x86_64/tcpdump-3.9.3-1.4.20060mlcs4.x86_64.rpm
 7228692328e815bdd36c34c9c205fd0a  corporate/4.0/SRPMS/tcpdump-3.9.3-1.4.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification  of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the  GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGp20vmqjQ0CJFipgRAmsLAJ0SIow8rgYGHAdd2kOuYYRZEJU5JgCg55ub
Tm6UF+FjCyRy8fGK6kri+PY=
=quRo
-----END PGP SIGNATURE-----

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:149
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : bind
 Date    : December 31, 1969
 Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0,
           Multi Network Firewall 2.0
 _______________________________________________________________________
 
 Problem Description:
 
 The DNS query id generation code in BIND9 is vulnerable to  cryptographic analysis which provides a 1-in-8 change of guessing the  next query ID for 50% of the query IDs, which could be used by a remote  attacker to perform cache poisoning by an attacker (CVE-2007-2926).
 
 As well, in BIND9 9.4.x, the default ACLs were note being correctly  set, which could allow anyone to make recursive queries and/or query  the cache contents (CVE-2007-2925).
 
 This update provides packages which are patched to prevent these  issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2925
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926
 http://www.isc.org/index.pl?/sw/bind/bind-security.php
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 2ebbd9a8148b7b4f05d255724627e348  2007.0/i586/bind-9.3.2-8.3mdv2007.0.i586.rpm
 386aa2bab5b3e23cb0c6f19bc17b0cd5  2007.0/i586/bind-devel-9.3.2-8.3mdv2007.0.i586.rpm
 d8e4b592f2d0fa630e32c23c50ab2565  2007.0/i586/bind-utils-9.3.2-8.3mdv2007.0.i586.rpm
 557c41948b1ff0e4f329e2592c0dcb9f  2007.0/SRPMS/bind-9.3.2-8.3mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 7fe09bf456f8a4d83ee7e4caad08b791  2007.0/x86_64/bind-9.3.2-8.3mdv2007.0.x86_64.rpm
 e5d4a371c47e6a6f6567c454766ea734  2007.0/x86_64/bind-devel-9.3.2-8.3mdv2007.0.x86_64.rpm
 5a41c963b1e5fab7515856f14ec4c3c4  2007.0/x86_64/bind-utils-9.3.2-8.3mdv2007.0.x86_64.rpm
 557c41948b1ff0e4f329e2592c0dcb9f  2007.0/SRPMS/bind-9.3.2-8.3mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 c5edcec0bc385a1a2c717963b0f15dc0  2007.1/i586/bind-9.4.1-0.2mdv2007.1.i586.rpm
 9c579fed148a85a852b73828613cafde  2007.1/i586/bind-devel-9.4.1-0.2mdv2007.1.i586.rpm
 9a761cb0c7128b83522934b2d9cc2dfc  2007.1/i586/bind-utils-9.4.1-0.2mdv2007.1.i586.rpm
 af14ae7948a33b1bf21d9bcafbf0e98e  2007.1/SRPMS/bind-9.4.1-0.2mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 7a612949e7810f83e1322a574be9500c  2007.1/x86_64/bind-9.4.1-0.2mdv2007.1.x86_64.rpm
 ece5e802b3d5928999c34b1f9c95dfc8  2007.1/x86_64/bind-devel-9.4.1-0.2mdv2007.1.x86_64.rpm
 b3ccec62bfc5d07b9858f04ce8de8fd1  2007.1/x86_64/bind-utils-9.4.1-0.2mdv2007.1.x86_64.rpm
 af14ae7948a33b1bf21d9bcafbf0e98e  2007.1/SRPMS/bind-9.4.1-0.2mdv2007.1.src.rpm

 Corporate 3.0:
 d0dae82e4a5f3e1e4c13c8886daa7e7b  corporate/3.0/i586/bind-9.2.3-6.4.C30mdk.i586.rpm
 237a8a3b0d0f3407a93a7f308eb7ac06  corporate/3.0/i586/bind-devel-9.2.3-6.4.C30mdk.i586.rpm
 abcf17e76c7cdf8ec8e6bbef2adfd79c  corporate/3.0/i586/bind-utils-9.2.3-6.4.C30mdk.i586.rpm
 bf83bec867df0283d4977e50b8a51a09  corporate/3.0/SRPMS/bind-9.2.3-6.4.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 1394468eeb12fb9c2c52147eb1637a83  corporate/3.0/x86_64/bind-9.2.3-6.4.C30mdk.x86_64.rpm
 cd488003e8eb7174aa844896ace756f2  corporate/3.0/x86_64/bind-devel-9.2.3-6.4.C30mdk.x86_64.rpm
 f2fb153097f51bc2e99e31051b8b83cb  corporate/3.0/x86_64/bind-utils-9.2.3-6.4.C30mdk.x86_64.rpm
 bf83bec867df0283d4977e50b8a51a09  corporate/3.0/SRPMS/bind-9.2.3-6.4.C30mdk.src.rpm

 Corporate 4.0:
 324fe3327eada40144bf44b4a31ba869  corporate/4.0/i586/bind-9.3.2-7.3.20060mlcs4.i586.rpm
 c2f1b22c3edd38f9a8c87d96ca36b271  corporate/4.0/i586/bind-devel-9.3.2-7.3.20060mlcs4.i586.rpm
 6f1cc8352c44a5ecf3affaf86981d505  corporate/4.0/i586/bind-utils-9.3.2-7.3.20060mlcs4.i586.rpm
 e36c4caca840fb114238bffa3875e8a5  corporate/4.0/SRPMS/bind-9.3.2-7.3.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 c7a8dfd717b9a09d8dc41a3cb965dc5b  corporate/4.0/x86_64/bind-9.3.2-7.3.20060mlcs4.x86_64.rpm
 138e7372d556d5d9e4752fd8b0f2a51f  corporate/4.0/x86_64/bind-devel-9.3.2-7.3.20060mlcs4.x86_64.rpm
 bea2637f03f65bb5348518be66829d73  corporate/4.0/x86_64/bind-utils-9.3.2-7.3.20060mlcs4.x86_64.rpm
 e36c4caca840fb114238bffa3875e8a5  corporate/4.0/SRPMS/bind-9.3.2-7.3.20060mlcs4.src.rpm

 Multi Network Firewall 2.0:
 518dcd7390cbb5e05d2303ca1743c793  mnf/2.0/i586/bind-9.2.3-6.4.M20mdk.i586.rpm
 22b28fe7739525ac2fe596a522473c32  mnf/2.0/i586/bind-devel-9.2.3-6.4.M20mdk.i586.rpm
 a6cb4e78f4f0f59a173ac58abd50011c  mnf/2.0/i586/bind-utils-9.2.3-6.4.M20mdk.i586.rpm
 00a33a7531bbf5bad6d74bb9f3978a78  mnf/2.0/SRPMS/bind-9.2.3-6.4.M20mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification  of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the  GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGp5JimqjQ0CJFipgRAqD6AJ9OTBYJpKC/KgUUCTznXm0MpPuWTQCfcVP9
ZQO+2o8wd82rf9m4/arm09M=
=vTH7
-----END PGP SIGNATURE-----

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:150
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : clamav
 Date    : July 25, 2007
 Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0  _______________________________________________________________________
 
 Problem Description:
 
 A vulnerability in the RAR VM in ClamAV allowed user-assisted remote  attackers to cause a crash via a crafted RAR archive which resulted  in a NULL pointer dereference.
 
 Other bugs have also been corrected in 0.91.1 which is being provided  with this update.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3725
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 a1d7123d64b17de98db72e05959657e0  2007.0/i586/clamav-0.91.1-1.1mdv2007.0.i586.rpm
 4e814bbff65dc4129f398f72b6d62640  2007.0/i586/clamav-db-0.91.1-1.1mdv2007.0.i586.rpm
 c6267bcae66562a2458cf9ad5d6de8f4  2007.0/i586/clamav-milter-0.91.1-1.1mdv2007.0.i586.rpm
 1f263279bf4cd5460786fe0759c0ec96  2007.0/i586/clamd-0.91.1-1.1mdv2007.0.i586.rpm
 0b14d3e33ba65c556cbea0dd4b55a51c  2007.0/i586/clamdmon-0.91.1-1.1mdv2007.0.i586.rpm
 2bd3ff262e1f1b5d261e2aa986d23ad5  2007.0/i586/libclamav2-0.91.1-1.1mdv2007.0.i586.rpm
 b9b0dac5eccf1000b8301187bcad99b2  2007.0/i586/libclamav2-devel-0.91.1-1.1mdv2007.0.i586.rpm
 d1b697088a726c293ee54cc25b660308  2007.0/SRPMS/clamav-0.91.1-1.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 c0b6dc4ec4ab20dba0129966d42cd75e  2007.0/x86_64/clamav-0.91.1-1.1mdv2007.0.x86_64.rpm
 8c28b0917575a5b0f2306f6c30d35df8  2007.0/x86_64/clamav-db-0.91.1-1.1mdv2007.0.x86_64.rpm
 fbf470d9921d86b6cfbf0b75a8723f71  2007.0/x86_64/clamav-milter-0.91.1-1.1mdv2007.0.x86_64.rpm
 9dbff52f73edb4b10efa681b2c3b6b38  2007.0/x86_64/clamd-0.91.1-1.1mdv2007.0.x86_64.rpm
 60f9f0b6e869e4931ea6a5e1521d079b  2007.0/x86_64/clamdmon-0.91.1-1.1mdv2007.0.x86_64.rpm
 4de72c8d9cd714e0b1b7d9d1aadcb131  2007.0/x86_64/lib64clamav2-0.91.1-1.1mdv2007.0.x86_64.rpm
 63dc325ae89be61dca20128ae021a812  2007.0/x86_64/lib64clamav2-devel-0.91.1-1.1mdv2007.0.x86_64.rpm
 d1b697088a726c293ee54cc25b660308  2007.0/SRPMS/clamav-0.91.1-1.1mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 5044c759d6cad93402ddd5350262f5fb  2007.1/i586/clamav-0.91.1-1.1mdv2007.1.i586.rpm
 9fdbb064de5d4752bf29b68edf86c9b7  2007.1/i586/clamav-db-0.91.1-1.1mdv2007.1.i586.rpm
 0bb59e9542365b9bd1faf3cdb041e1d1  2007.1/i586/clamav-milter-0.91.1-1.1mdv2007.1.i586.rpm
 2f95a4750b57cd52a8f8fe30ff62ad85  2007.1/i586/clamd-0.91.1-1.1mdv2007.1.i586.rpm
 33548bc49879899559d5700f7ec0add2  2007.1/i586/clamdmon-0.91.1-1.1mdv2007.1.i586.rpm
 4dc6d180ee9e306fa5eb3a1dfe81aa9e  2007.1/i586/libclamav2-0.91.1-1.1mdv2007.1.i586.rpm
 f2e5333e7c60c9cbc7b70f3994a867c3  2007.1/i586/libclamav2-devel-0.91.1-1.1mdv2007.1.i586.rpm
 fdb6ea9465c87b3206051df922e509d0  2007.1/SRPMS/clamav-0.91.1-1.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 15b628de57bf9b067dfe17e4050eae06  2007.1/x86_64/clamav-0.91.1-1.1mdv2007.1.x86_64.rpm
 f53ae231e7591079b7a9f88c948527d5  2007.1/x86_64/clamav-db-0.91.1-1.1mdv2007.1.x86_64.rpm
 be2c036992c7ebd82ffdc45e4679c83c  2007.1/x86_64/clamav-milter-0.91.1-1.1mdv2007.1.x86_64.rpm
 cabcdcf73a9e49ead2db583e1a55af71  2007.1/x86_64/clamd-0.91.1-1.1mdv2007.1.x86_64.rpm
 8f8e068f16c979be31d688069c76b797  2007.1/x86_64/clamdmon-0.91.1-1.1mdv2007.1.x86_64.rpm
 c37ebfab59ca964727252852af351988  2007.1/x86_64/lib64clamav2-0.91.1-1.1mdv2007.1.x86_64.rpm
 744eaf423e847ad4ed1204cfde0bac22  2007.1/x86_64/lib64clamav2-devel-0.91.1-1.1mdv2007.1.x86_64.rpm
 fdb6ea9465c87b3206051df922e509d0  2007.1/SRPMS/clamav-0.91.1-1.1mdv2007.1.src.rpm

 Corporate 3.0:
 3d676fd4f9e9ded80498b13ee9703447  corporate/3.0/i586/clamav-0.91.1-0.1.C30mdk.i586.rpm
 b9b12ef53061ccf1f695c2fffe6a04bb  corporate/3.0/i586/clamav-db-0.91.1-0.1.C30mdk.i586.rpm
 24da7dc91cbe989c78c7bdf6dba9e900  corporate/3.0/i586/clamav-milter-0.91.1-0.1.C30mdk.i586.rpm
 bc9fdfa2c9a6c356f7f14f186d2e57d9  corporate/3.0/i586/clamd-0.91.1-0.1.C30mdk.i586.rpm
 3e930ebd2759f14da53b0f2f4d8cf7da  corporate/3.0/i586/clamdmon-0.91.1-0.1.C30mdk.i586.rpm
 5897ace4abdc86cff7c7f9b073c4a046  corporate/3.0/i586/libclamav2-0.91.1-0.1.C30mdk.i586.rpm
 56909a444cdc2b2c60f4c07d8d829034  corporate/3.0/i586/libclamav2-devel-0.91.1-0.1.C30mdk.i586.rpm
 b1c34cc12fb36c73c469dcfbf4bcaa4e  corporate/3.0/SRPMS/clamav-0.91.1-0.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 1d9868884be1e6222e4161458bb66c26  corporate/3.0/x86_64/clamav-0.91.1-0.1.C30mdk.x86_64.rpm
 7cfa0abb1592069c41b7a9e413c9c087  corporate/3.0/x86_64/clamav-db-0.91.1-0.1.C30mdk.x86_64.rpm
 eebc3cadf53dd91a4ce07e24f52dc769  corporate/3.0/x86_64/clamav-milter-0.91.1-0.1.C30mdk.x86_64.rpm
 51c2d25c6a9daaf22e4de6664f59214b  corporate/3.0/x86_64/clamd-0.91.1-0.1.C30mdk.x86_64.rpm
 7204fe1ba0c6bf928e5acf49be41162f  corporate/3.0/x86_64/clamdmon-0.91.1-0.1.C30mdk.x86_64.rpm
 0a35b0352337135ef77792872c1b2f3c  corporate/3.0/x86_64/lib64clamav2-0.91.1-0.1.C30mdk.x86_64.rpm
 ac762dda202af6e7c334aeb4281478c8  corporate/3.0/x86_64/lib64clamav2-devel-0.91.1-0.1.C30mdk.x86_64.rpm
 b1c34cc12fb36c73c469dcfbf4bcaa4e  corporate/3.0/SRPMS/clamav-0.91.1-0.1.C30mdk.src.rpm

 Corporate 4.0:
 07b49366a22bd05a2a2bb04301e4f7ea  corporate/4.0/i586/clamav-0.91.1-0.1.20060mlcs4.i586.rpm
 ef63aaea4109ca3a3f1fd2faafef6cc7  corporate/4.0/i586/clamav-db-0.91.1-0.1.20060mlcs4.i586.rpm
 b05e11e5f7ede181d6160976f52c8fb0  corporate/4.0/i586/clamav-milter-0.91.1-0.1.20060mlcs4.i586.rpm
 153c8daee5528351b1dc9488d462f39d  corporate/4.0/i586/clamd-0.91.1-0.1.20060mlcs4.i586.rpm
 51b0ece4e3aea78fc412595687817edf  corporate/4.0/i586/clamdmon-0.91.1-0.1.20060mlcs4.i586.rpm
 8fbd33f837d05be535798d580105d4d8  corporate/4.0/i586/libclamav2-0.91.1-0.1.20060mlcs4.i586.rpm
 ad7330c0fdfc2a372d462991701c3462  corporate/4.0/i586/libclamav2-devel-0.91.1-0.1.20060mlcs4.i586.rpm
 3e04440a073f6c606289c90280cf3c7c  corporate/4.0/SRPMS/clamav-0.91.1-0.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 c4bbd2429700fbe41ae69d9926b40569  corporate/4.0/x86_64/clamav-0.91.1-0.1.20060mlcs4.x86_64.rpm
 4bba7834c9a14cf2098f3993389d78af  corporate/4.0/x86_64/clamav-db-0.91.1-0.1.20060mlcs4.x86_64.rpm
 b185a885f6c1038fcc6332a0d4edd5bb  corporate/4.0/x86_64/clamav-milter-0.91.1-0.1.20060mlcs4.x86_64.rpm
 a3a66b6dcd5834b765339d4e821608dd  corporate/4.0/x86_64/clamd-0.91.1-0.1.20060mlcs4.x86_64.rpm
 9f2edd76e48cd6c77e8fd847beb8710d  corporate/4.0/x86_64/clamdmon-0.91.1-0.1.20060mlcs4.x86_64.rpm
 b446eebd29ba07eaea893bb68c9932ba  corporate/4.0/x86_64/lib64clamav2-0.91.1-0.1.20060mlcs4.x86_64.rpm
 f4735af15e3e15bc26bc188743c3856e  corporate/4.0/x86_64/lib64clamav2-devel-0.91.1-0.1.20060mlcs4.x86_64.rpm
 3e04440a073f6c606289c90280cf3c7c  corporate/4.0/SRPMS/clamav-0.91.1-0.1.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification  of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the  GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGp7IGmqjQ0CJFipgRAhriAKC+4jhYAgFtzMrinpv0xgx9iGYYFgCdFSQW
TQG7/bzoIJGeWikzMQr+KsA=
=kAPB
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Advisory                                   MDKA-2007:082
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : autofs
 Date    : July 21, 2007
 Affected: Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 The previous autofs packages would not properly umount auto-mounted  devices regardless of the timeout setting, which could leave lingering  mounts, such as NFS exports, mounted indefinitely.
 
 This update fixes the problem.
 _______________________________________________________________________

 Updated Packages:
 
 Corporate 4.0:
 29d9a78fc7868bfb8126028872316c09  corporate/4.0/i586/autofs-4.1.4-4.3.20060mlcs4.i586.rpm
 50c0f02a20c6ddb23e5d46b83a4d7e0d  corporate/4.0/SRPMS/autofs-4.1.4-4.3.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 90517d2a23b9555ed397508200e4455b  corporate/4.0/x86_64/autofs-4.1.4-4.3.20060mlcs4.x86_64.rpm
 50c0f02a20c6ddb23e5d46b83a4d7e0d  corporate/4.0/SRPMS/autofs-4.1.4-4.3.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification  of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the  GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGokn0mqjQ0CJFipgRArJNAJ4laXNnLF8kL9UWQv7yJNo3xyGrVACeLbMb
UXHtPMgwdznV19KoPMFAZbU=
=fgeG
-----END PGP SIGNATURE-----

 

This advisory contains information released by the original author. Some of the information may have changed since it was released. If the issue affects you, it may be prudent to retrieve the advisory from the site of the original source to ensure that you receive the most current information concerning that problem. Reference to any specific commercial product, process, or service by trade name, trademark manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favouring by CPNI.

The views and opinions of authors expressed within this notice shall not be used for advertising or product endorsement purposes. CPNI shall not accept responsibility for any errors or omissions contained within this advisory. In particular, they shall not be liable for any loss or damage whatsoever, arising from or in connection with the usage of information contained within this advisory.

CSIRTUK is a member of the Forum of Incident Response and Security Teams (FIRST) and has contacts with other international Incident Response Teams (IRTs) in order to foster cooperation and coordination in incident prevention, to prompt rapid reaction to incidents, and to promote information sharing amongst its members and the community at large.