[SECURITY] Fedora 7 Update: clamav-0.92-6.fc7

updates at fedoraproject.org updates at fedoraproject.org
Tue Jan 22 15:33:16 UTC 2008 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-0170
2008-01-22 05:27:55
--------------------------------------------------------------------------------

Name        : clamav
Product     : Fedora 7
Version     : 0.92
Release     : 6.fc7
URL         : http://www.clamav.net
Summary     : End-user tools for the Clam Antivirus scanner
Description :
Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this
software is the integration with mail servers (attachment scanning). The
package provides a flexible and scalable multi-threaded daemon, a command
line scanner, and a tool for automatic updating via Internet. The programs
are based on a shared library distributed with the Clam AntiVirus package,
which you can use with your own software. The virus database is based on
the virus database from OpenAntiVirus, but contains additional signatures
(including signatures for popular polymorphic viruses, too) and is KEPT UP
TO DATE.

--------------------------------------------------------------------------------
Update Information:

Upstream clamav 0.92 fixes multiple security issues:
- CVE-2007-6335 (#426210)
- CVE-2007-6336 (#426343)
- CVE-2007-6337 (#426344)

Sendmail-specific parts moved to separate milter subpackage.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan  1 2008 Enrico Scholz <enrico.scholz at informatik.tu-chemnitz.de> - 0.92-6
- redisabled unrar stuff completely by using clean sources
* Tue Jan  1 2008 Enrico Scholz <enrico.scholz at informatik.tu-chemnitz.de> - 0.92-5
- use a better way to disable RPATH-generation (needed for '--with
  unrar' builds)
* Mon Dec 31 2007 Enrico Scholz <enrico.scholz at informatik.tu-chemnitz.de> - 0.92-4
- added a README.fedora to the milter package (#240610)
- ship original sources again; unrar is now licensed correctly (no more
  stolen code put under GPL). Nevertheless, this license is not GPL
  compatible, and to allow libclamav to be used by GPL applications,
  unrar is disabled by a ./configure switch.
- use pkg-config in clamav-config to emulate --cflags and --libs
  operations (fixes partly multilib issues)
- registered some more auto-updated files and marked them as %ghost
* Fri Dec 21 2007 Tom "spot" Callaway <tcallawa at redhat.com> - 0.92-3
- updated to 0.92 (SECURITY):
- CVE-2007-6335 MEW PE File Integer Overflow Vulnerability
* Mon Oct 29 2007 Tom "spot" Callaway <tcallawa at redhat.com> - 0.91.2-3
- remove RAR decompression code from source tarball because of 
  legal problems (resolves 334371)
- correct license tag
* Mon Sep 24 2007 Jesse Keating <jkeating at redhat.com> - 0.91.2-2
- Bump release for upgrade path.
* Sat Aug 25 2007 Enrico Scholz <enrico.scholz at informatik.tu-chemnitz.de> - 0.91.2-1
- updated to 0.91.2 (SECURITY):
- CVE-2007-4510 DOS in RTF parser
- DOS in html normalizer
- arbitrary command execution by special crafted recipients in
  clamav-milter's black-hole mode
- fixed an open(2) issue
* Tue Jul 17 2007 Enrico Scholz <enrico.scholz at informatik.tu-chemnitz.de> - 0.91.1-0
- updated to 0.91.1
* Thu Jul 12 2007 Enrico Scholz <enrico.scholz at informatik.tu-chemnitz.de> - 0.91-1
- updated to 0.91
* Thu May 31 2007 Enrico Scholz <enrico.scholz at informatik.tu-chemnitz.de> - 0.90.3-1
- updated to 0.90.3
- BR tcpd.h instead of tcp_wrappers(-devel) to make it build both
  in FC6- and F7+
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #240610 - clamav-milter socket doesn't agree with sendmail.cf
        https://bugzilla.redhat.com/show_bug.cgi?id=240610
  [ 2 ] Bug #426211 - CVE-2007-6335 CVE-2007-6336 CVE-2007-6337 clamav: multiple vulnerabilities [f7]
        https://bugzilla.redhat.com/show_bug.cgi?id=426211
--------------------------------------------------------------------------------
Updated packages:

50f398f9324c01588d440ee7d79ec18e24ca41e5 clamav-debuginfo-0.92-6.fc7.ppc64.rpm
b43e3a01c5591d363d3269d54fc45c5db6625bf3 clamav-milter-sysv-0.92-6.fc7.ppc64.rpm
704cc7d00636774528b8beb6e46656f299ba6c54 clamav-milter-0.92-6.fc7.ppc64.rpm
c610f65307ce8fa828fd9200b1036110480405c9 clamav-server-sysv-0.92-6.fc7.ppc64.rpm
75317cd209ec6aff3966ca1e3154f3579b33bec2 clamav-server-0.92-6.fc7.ppc64.rpm
4dce1c6a9776e5ed3c5c92ef1a78dc8de4686c66 clamav-update-0.92-6.fc7.ppc64.rpm
344058649c77ac75ba82ed32ba452f4a0839b3b4 clamav-data-empty-0.92-6.fc7.ppc64.rpm
3ce69922b964e7fa740ae3d011ab90919ecb9286 clamav-data-0.92-6.fc7.ppc64.rpm
f669f07214963fc79ffd48b408096d3aee9a7f53 clamav-devel-0.92-6.fc7.ppc64.rpm
243b2b8d8e8d53471044f20f2aa35a6d2ddc6c60 clamav-lib-0.92-6.fc7.ppc64.rpm
73023d97c6b2ac6f83cdc0a25282ba85cf7935d4 clamav-filesystem-0.92-6.fc7.ppc64.rpm
e5f444ce833cd4574f77c98efb0e82871095467e clamav-0.92-6.fc7.ppc64.rpm
eca40f00948a81bcb23958b2d58c31e99f16d213 clamav-debuginfo-0.92-6.fc7.i386.rpm
8d395c2e283531688afc81e7338a8bcf6515d3f2 clamav-milter-sysv-0.92-6.fc7.i386.rpm
20c64f6c7ef43943dfe76866ea8d2c59a3442083 clamav-milter-0.92-6.fc7.i386.rpm
cf143275cf6a36a21a70f6ac613d539c3407716b clamav-server-sysv-0.92-6.fc7.i386.rpm
aaaa7b2bb64c24263b7f27fcadc7e3d2e1a14083 clamav-server-0.92-6.fc7.i386.rpm
3f80c5435a5d2646e0387c1d6bc97560683c1b11 clamav-update-0.92-6.fc7.i386.rpm
4cd4daaefdface589edc0e75e71e36c2bd4d2f3b clamav-data-empty-0.92-6.fc7.i386.rpm
3b096fd61f70da8e31cdce18ef222fd1f89870b3 clamav-data-0.92-6.fc7.i386.rpm
f91553851c1f0ce410e86066d6c05436f171a084 clamav-devel-0.92-6.fc7.i386.rpm
b3c118747299329588b97db4910a20f64c85c491 clamav-lib-0.92-6.fc7.i386.rpm
09135443cd373406de5323fe2a27c78f0cb17509 clamav-filesystem-0.92-6.fc7.i386.rpm
e1f3a99fb99e1bcd809c92f73f596d4272209aa0 clamav-0.92-6.fc7.i386.rpm
ec7bd9504c23a299714509870269c8f4c6a4564b clamav-debuginfo-0.92-6.fc7.x86_64.rpm
f52dbc07b0cb8df25744ed8090f51a1bfd16e6e5 clamav-milter-sysv-0.92-6.fc7.x86_64.rpm
b8a39b0c224ec377675be59a2e5de20cfa954eb2 clamav-milter-0.92-6.fc7.x86_64.rpm
c276523c105131ce2be27f7de0953ec309f35788 clamav-server-sysv-0.92-6.fc7.x86_64.rpm
d0ce6de6139b30efd43c426bd18b904d2472e520 clamav-server-0.92-6.fc7.x86_64.rpm
78e7257323f720f8368a8c60d997db31d6d8ab0e clamav-update-0.92-6.fc7.x86_64.rpm
a1b2e3a757e1fdac893c48d2115e0e7de22caa03 clamav-data-empty-0.92-6.fc7.x86_64.rpm
e970d41be935e0d317e7571a8b826cc67275265a clamav-data-0.92-6.fc7.x86_64.rpm
ace5760f1ef02fca246b76028966267a92a03632 clamav-devel-0.92-6.fc7.x86_64.rpm
271149064fb6b92b3670cd2cef5a20ee753c0fd1 clamav-lib-0.92-6.fc7.x86_64.rpm
c0c073fbded78f7595ed3a01953f1784299daae2 clamav-filesystem-0.92-6.fc7.x86_64.rpm
d36b441464effe488284c8ea803698f71678197a clamav-0.92-6.fc7.x86_64.rpm
02a37903ab0ea307b2ffa25252240318a0c3f48c clamav-debuginfo-0.92-6.fc7.ppc.rpm
c5f8734546d88bd5ff6bbd5c4abdbe7190420b05 clamav-milter-sysv-0.92-6.fc7.ppc.rpm
1218db73f514b35449b606962aa3129ec256013a clamav-milter-0.92-6.fc7.ppc.rpm
a88a5d9dc35e440aae79f0229da6c9ef1054587b clamav-server-sysv-0.92-6.fc7.ppc.rpm
9ff2a747214f62ed6937f7dd7005dfd944afb75e clamav-server-0.92-6.fc7.ppc.rpm
2a4f624c3ea6cc75ae7163ea6109f0898a1c25c7 clamav-update-0.92-6.fc7.ppc.rpm
2aa3736d76d6872b5b46e7f93386a4a7d1306a5f clamav-data-empty-0.92-6.fc7.ppc.rpm
b2d9565601a2211207a660889b64acb327da0439 clamav-data-0.92-6.fc7.ppc.rpm
7fc3c4c94db40fc737fab58d1997480024697c96 clamav-devel-0.92-6.fc7.ppc.rpm
6f8ee63e9efa3450ae9717e0e9662d1583b8bfd5 clamav-lib-0.92-6.fc7.ppc.rpm
e0b7974c8481dba9dac6ca6b06b62aeea731d82d clamav-filesystem-0.92-6.fc7.ppc.rpm
ba1b876062bf1250734ce9a34f62489a571da4d6 clamav-0.92-6.fc7.ppc.rpm
bc3c5b0f76bd940f874961295ded1c7d8c2f2653 clamav-0.92-6.fc7.src.rpm

This update can be installed with the "yum" update program.  Use 
su -c 'yum update clamav' 
at the command line.  For more information, refer to "Managing Software
with yum", available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------

More information about the Fedora-package-announce mailing list