-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:185 http://www.mandriva.com/security/ _______________________________________________________________________ Package : bzip2 Date : September 20, 2010 Affected: 2008.0, 2009.0, 2009.1, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: An integer overflow has been found and corrected in bzip2 which could be exploited by using a specially crafted bz2 file and cause a denial of service attack (CVE-2010-0405). Additionally clamav has been upgraded to 0.96.2 and has been patched for this issue. perl-Compress-Bzip2 in MES5 has been linked against the system bzip2 library to resolv this issue. Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0405 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 208f420c851e7a862cbc49048df3460d 2008.0/i586/bzip2-1.0.4-2.2mdv2008.0.i586.rpm d5c478b39b0a06aaad6b77558be03da6 2008.0/i586/clamav-0.96.2-0.1mdv2008.0.i586.rpm 54201efe88ab1f5064b7efbbd7e65708 2008.0/i586/clamav-db-0.96.2-0.1mdv2008.0.i586.rpm 042e719c811b237046c99a06d98e4607 2008.0/i586/clamav-milter-0.96.2-0.1mdv2008.0.i586.rpm 4105a40a7442d1f93d43b9379eafdc58 2008.0/i586/clamd-0.96.2-0.1mdv2008.0.i586.rpm cbd8dbd04e5c2d64be079454df287f4c 2008.0/i586/libbzip2_1-1.0.4-2.2mdv2008.0.i586.rpm 1303149fada878eef9e528118462e196 2008.0/i586/libbzip2_1-devel-1.0.4-2.2mdv2008.0.i586.rpm 8951662548f5990e373bfab9ab270759 2008.0/i586/libclamav6-0.96.2-0.1mdv2008.0.i586.rpm 42ebe0de39a03f4bd225514dca97cb8f 2008.0/i586/libclamav-devel-0.96.2-0.1mdv2008.0.i586.rpm 3f520987cd857a35f7450c902b6099b5 2008.0/SRPMS/bzip2-1.0.4-2.2mdv2008.0.src.rpm 08f4ef7e1a9a3a763e20fe53a53a10c7 2008.0/SRPMS/clamav-0.96.2-0.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 318361945d90569a6492d5e91eee7ca8 2008.0/x86_64/bzip2-1.0.4-2.2mdv2008.0.x86_64.rpm 35d8a1813410f7ee1283ce59f06898c5 2008.0/x86_64/clamav-0.96.2-0.1mdv2008.0.x86_64.rpm ef048ad00bbf398e18d627845661dcb9 2008.0/x86_64/clamav-db-0.96.2-0.1mdv2008.0.x86_64.rpm c054765a0bd19f8f0910927e9a57a8a1 2008.0/x86_64/clamav-milter-0.96.2-0.1mdv2008.0.x86_64.rpm 18e20751418165c622475361c84a4d46 2008.0/x86_64/clamd-0.96.2-0.1mdv2008.0.x86_64.rpm daf0c53ef4d5da6412627570fb3723a6 2008.0/x86_64/lib64bzip2_1-1.0.4-2.2mdv2008.0.x86_64.rpm 8c9efa494dae55b040b509d483741193 2008.0/x86_64/lib64bzip2_1-devel-1.0.4-2.2mdv2008.0.x86_64.rpm ee66da08a714d5bb45b17009ae34feb3 2008.0/x86_64/lib64clamav6-0.96.2-0.1mdv2008.0.x86_64.rpm baccbabbf2d697a10b415c941cb16bbc 2008.0/x86_64/lib64clamav-devel-0.96.2-0.1mdv2008.0.x86_64.rpm 3f520987cd857a35f7450c902b6099b5 2008.0/SRPMS/bzip2-1.0.4-2.2mdv2008.0.src.rpm 08f4ef7e1a9a3a763e20fe53a53a10c7 2008.0/SRPMS/clamav-0.96.2-0.1mdv2008.0.src.rpm Mandriva Linux 2009.0: fd6db21c99977e5a63ffdaf2ea8508b2 2009.0/i586/bzip2-1.0.5-3.1mdv2009.0.i586.rpm a9e0deb0ef8c0f74357f5e1d035365e6 2009.0/i586/clamav-0.96.2-0.1mdv2009.0.i586.rpm 59f24ea15e867d6da8ee312fa47adf6b 2009.0/i586/clamav-db-0.96.2-0.1mdv2009.0.i586.rpm c2ec68a64a6bf8424d1a3c50183f9249 2009.0/i586/clamav-milter-0.96.2-0.1mdv2009.0.i586.rpm d267e9c4e7c89a20feb90c71845db826 2009.0/i586/clamd-0.96.2-0.1mdv2009.0.i586.rpm 398f6174cc4bce5b9003b88b8e521069 2009.0/i586/libbzip2_1-1.0.5-3.1mdv2009.0.i586.rpm 9eb59f0435e387d5ee83320538def286 2009.0/i586/libbzip2-devel-1.0.5-3.1mdv2009.0.i586.rpm c2cb928173bf1d157798cbd2b4a7da0b 2009.0/i586/libclamav6-0.96.2-0.1mdv2009.0.i586.rpm 61dc9e23e85f761e90012d887d92c87a 2009.0/i586/libclamav-devel-0.96.2-0.1mdv2009.0.i586.rpm 9ed76151adc2caca3fd032e6f79af616 2009.0/SRPMS/bzip2-1.0.5-3.1mdv2009.0.src.rpm dd04096ea413293b2750911ae595d92e 2009.0/SRPMS/clamav-0.96.2-0.1mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 9600b4ede2067eab744853e2ca8b0659 2009.0/x86_64/bzip2-1.0.5-3.1mdv2009.0.x86_64.rpm 4f231995c4926085bfb4ea5996799ea2 2009.0/x86_64/clamav-0.96.2-0.1mdv2009.0.x86_64.rpm e1b45400f643ec8ec303922546920f5b 2009.0/x86_64/clamav-db-0.96.2-0.1mdv2009.0.x86_64.rpm 3efc9367300fd41627c575ec228d0a92 2009.0/x86_64/clamav-milter-0.96.2-0.1mdv2009.0.x86_64.rpm bf872e312a88cd8305fbea9c19d98ea4 2009.0/x86_64/clamd-0.96.2-0.1mdv2009.0.x86_64.rpm 69b4a223134c00102eb40856a4677062 2009.0/x86_64/lib64bzip2_1-1.0.5-3.1mdv2009.0.x86_64.rpm adf80fee100128e0bef393b905b23284 2009.0/x86_64/lib64bzip2-devel-1.0.5-3.1mdv2009.0.x86_64.rpm 3b0bb3ba3037ab3dfe6d0456e5972742 2009.0/x86_64/lib64clamav6-0.96.2-0.1mdv2009.0.x86_64.rpm 37376f851e9a9403268f4097e79a6a0e 2009.0/x86_64/lib64clamav-devel-0.96.2-0.1mdv2009.0.x86_64.rpm 9ed76151adc2caca3fd032e6f79af616 2009.0/SRPMS/bzip2-1.0.5-3.1mdv2009.0.src.rpm dd04096ea413293b2750911ae595d92e 2009.0/SRPMS/clamav-0.96.2-0.1mdv2009.0.src.rpm Mandriva Linux 2009.1: b58bfd224d685bc933eefba5ff554726 2009.1/i586/bzip2-1.0.5-5.1mdv2009.1.i586.rpm 0fe8becd5967d67a406cb2bc9432aa7b 2009.1/i586/libbzip2_1-1.0.5-5.1mdv2009.1.i586.rpm 917c1ff311fd8e710bb050cf139031a2 2009.1/i586/libbzip2-devel-1.0.5-5.1mdv2009.1.i586.rpm 3fe179dd2193eaae17fbb6dd58ec1ba4 2009.1/SRPMS/bzip2-1.0.5-5.1mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: 016a47124cd079e2bf6e55d7c9088193 2009.1/x86_64/bzip2-1.0.5-5.1mdv2009.1.x86_64.rpm 8f641d22a43c4aff4ccac848e379f881 2009.1/x86_64/lib64bzip2_1-1.0.5-5.1mdv2009.1.x86_64.rpm 4e4df8103f61e92f5111c2437ec77e00 2009.1/x86_64/lib64bzip2-devel-1.0.5-5.1mdv2009.1.x86_64.rpm 3fe179dd2193eaae17fbb6dd58ec1ba4 2009.1/SRPMS/bzip2-1.0.5-5.1mdv2009.1.src.rpm Mandriva Linux 2010.0: 6268e6b188d0670265dbb90c0c5956d3 2010.0/i586/bzip2-1.0.5-6.1mdv2010.0.i586.rpm 7b34af049f2266a982e9dc179f00cafe 2010.0/i586/libbzip2_1-1.0.5-6.1mdv2010.0.i586.rpm 53773a2856399de8ce8c9317a673e153 2010.0/i586/libbzip2-devel-1.0.5-6.1mdv2010.0.i586.rpm 045fc708dce0b8c053499d4f60c5d665 2010.0/SRPMS/bzip2-1.0.5-6.1mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: 91e8c91b5cf57604923a5fb0cb4e67fd 2010.0/x86_64/bzip2-1.0.5-6.1mdv2010.0.x86_64.rpm bd86abbb47f2c2547f057be43befcac9 2010.0/x86_64/lib64bzip2_1-1.0.5-6.1mdv2010.0.x86_64.rpm 1e0f8c2fe423d6dd6624a71e7fc47922 2010.0/x86_64/lib64bzip2-devel-1.0.5-6.1mdv2010.0.x86_64.rpm 045fc708dce0b8c053499d4f60c5d665 2010.0/SRPMS/bzip2-1.0.5-6.1mdv2010.0.src.rpm Mandriva Linux 2010.1: 99c50a7ded69e267182dd52fe92f1283 2010.1/i586/bzip2-1.0.5-7.1mdv2010.1.i586.rpm 314e947ffbf24717b15ddc603d5388c5 2010.1/i586/libbzip2_1-1.0.5-7.1mdv2010.1.i586.rpm ac1d6098d1da019e890754ea6cc345d8 2010.1/i586/libbzip2-devel-1.0.5-7.1mdv2010.1.i586.rpm 693436a36b7d0c172b5cee2fb56a707c 2010.1/SRPMS/bzip2-1.0.5-7.1mdv2010.1.src.rpm Mandriva Linux 2010.1/X86_64: 714eed658a65f01629a9094cc601cbd2 2010.1/x86_64/bzip2-1.0.5-7.1mdv2010.1.x86_64.rpm 7683e73aef5c9b6fa2b3a054ee8f456c 2010.1/x86_64/lib64bzip2_1-1.0.5-7.1mdv2010.1.x86_64.rpm c9c129fc2d1dad1b3b5b7c64baad3bbe 2010.1/x86_64/lib64bzip2-devel-1.0.5-7.1mdv2010.1.x86_64.rpm 693436a36b7d0c172b5cee2fb56a707c 2010.1/SRPMS/bzip2-1.0.5-7.1mdv2010.1.src.rpm Corporate 4.0: b1ba1ad1832a7ba096f8dd6059396d67 corporate/4.0/i586/bzip2-1.0.3-1.4.20060mlcs4.i586.rpm 6b23f0c89189d36f5854a7bd8149e9f5 corporate/4.0/i586/clamav-0.96.2-0.1.20060mlcs4.i586.rpm 3b5e8c8baccd90efef63ccfe653fcdfc corporate/4.0/i586/clamav-db-0.96.2-0.1.20060mlcs4.i586.rpm 07b13390e7515ea462c311f301b847c9 corporate/4.0/i586/clamav-milter-0.96.2-0.1.20060mlcs4.i586.rpm 2612d120d120ee94eba39480485b4d6f corporate/4.0/i586/clamd-0.96.2-0.1.20060mlcs4.i586.rpm 78b75820cbbe61c35eace2da5988081f corporate/4.0/i586/libbzip2_1-1.0.3-1.4.20060mlcs4.i586.rpm 327772a179a7afe71964217b2ed50ef8 corporate/4.0/i586/libbzip2_1-devel-1.0.3-1.4.20060mlcs4.i586.rpm a4ba0718507ba3a62aab7f5286c20dd7 corporate/4.0/i586/libclamav6-0.96.2-0.1.20060mlcs4.i586.rpm 361c8f3174f0768c7206145513e0dcc8 corporate/4.0/i586/libclamav-devel-0.96.2-0.1.20060mlcs4.i586.rpm 29309bbcf2bdc4794afb272999449f61 corporate/4.0/SRPMS/bzip2-1.0.3-1.4.20060mlcs4.src.rpm eedb0c69f489a0c59e791ab9729088a3 corporate/4.0/SRPMS/clamav-0.96.2-0.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: 46aa0947c3cf56328487c3db78a3af2a corporate/4.0/x86_64/bzip2-1.0.3-1.4.20060mlcs4.x86_64.rpm a66339ac70941f997d275cccf20f3a36 corporate/4.0/x86_64/clamav-0.96.2-0.1.20060mlcs4.x86_64.rpm 17b73e6a89b24fe9447e18ce99551dfe corporate/4.0/x86_64/clamav-db-0.96.2-0.1.20060mlcs4.x86_64.rpm 4ea0a0fe486dc946fa9c07568b940006 corporate/4.0/x86_64/clamav-milter-0.96.2-0.1.20060mlcs4.x86_64.rpm 989fab470af0670fb3aeeef7f3ce4537 corporate/4.0/x86_64/clamd-0.96.2-0.1.20060mlcs4.x86_64.rpm c44b46cfbab7e8a473521bea6b9b9551 corporate/4.0/x86_64/lib64bzip2_1-1.0.3-1.4.20060mlcs4.x86_64.rpm fea82db6ffd3f58bbcea1bc4a64909dd corporate/4.0/x86_64/lib64bzip2_1-devel-1.0.3-1.4.20060mlcs4.x86_64.rpm e9ad04d2b7aaf351cf126293cb63e6b5 corporate/4.0/x86_64/lib64clamav6-0.96.2-0.1.20060mlcs4.x86_64.rpm ab5026465e94a70a72ca1cefdc524874 corporate/4.0/x86_64/lib64clamav-devel-0.96.2-0.1.20060mlcs4.x86_64.rpm 29309bbcf2bdc4794afb272999449f61 corporate/4.0/SRPMS/bzip2-1.0.3-1.4.20060mlcs4.src.rpm eedb0c69f489a0c59e791ab9729088a3 corporate/4.0/SRPMS/clamav-0.96.2-0.1.20060mlcs4.src.rpm Mandriva Enterprise Server 5: d827d299d5a4205bdc0faceb6b2d7f34 mes5/i586/bzip2-1.0.5-3.1mdvmes5.1.i586.rpm 1c83dd65b90f0d488a7fb19dc5db8b66 mes5/i586/clamav-0.96.2-0.1mdvmes5.1.i586.rpm a9ad04b15a2556a6408d727121e7ec62 mes5/i586/clamav-db-0.96.2-0.1mdvmes5.1.i586.rpm da5eae6ba6b44f5716f31b989bf2799d mes5/i586/clamav-milter-0.96.2-0.1mdvmes5.1.i586.rpm a8614740ba8707eceb0687ef6852620a mes5/i586/clamd-0.96.2-0.1mdvmes5.1.i586.rpm ced60348c12f4615cfbbebb928edf7cf mes5/i586/libbzip2_1-1.0.5-3.1mdvmes5.1.i586.rpm 3a35bf17183e938449aa73dabc5320cb mes5/i586/libbzip2-devel-1.0.5-3.1mdvmes5.1.i586.rpm ff58293b747aac4e574b249d78e60d69 mes5/i586/libclamav6-0.96.2-0.1mdvmes5.1.i586.rpm 407eb98f3a0b43f444ef6d58c3724978 mes5/i586/libclamav-devel-0.96.2-0.1mdvmes5.1.i586.rpm 8e7a6c673b50b8cf565db9c425e614f4 mes5/i586/perl-Compress-Bzip2-2.09-6.1mdvmes5.1.i586.rpm 3962dda9b4bfca75ce205e09da56daec mes5/SRPMS/bzip2-1.0.5-3.1mdvmes5.1.src.rpm 4c284198a38a800bde7d111ba7986750 mes5/SRPMS/clamav-0.96.2-0.1mdvmes5.1.src.rpm d48ef5d54841f35312a852f00b94dd04 mes5/SRPMS/perl-Compress-Bzip2-2.09-6.1mdvmes5.1.src.rpm Mandriva Enterprise Server 5/X86_64: a9c39d551ae1dbec30029f099d3a2739 mes5/x86_64/bzip2-1.0.5-3.1mdvmes5.1.x86_64.rpm 3edbf1083c02602aea55b24059e93b20 mes5/x86_64/clamav-0.96.2-0.1mdvmes5.1.x86_64.rpm adeadebc3810dd00bfe62923d03b647f mes5/x86_64/clamav-db-0.96.2-0.1mdvmes5.1.x86_64.rpm 93e04c4d98acdda846957314323d4d42 mes5/x86_64/clamav-milter-0.96.2-0.1mdvmes5.1.x86_64.rpm bcc29f7977da80e5f91bf1e40aec1c25 mes5/x86_64/clamd-0.96.2-0.1mdvmes5.1.x86_64.rpm aab9831f478c6d3dfd8c45cc646602fb mes5/x86_64/lib64bzip2_1-1.0.5-3.1mdvmes5.1.x86_64.rpm 47202cc8e93b191cc9c2fd49a7f17b84 mes5/x86_64/lib64bzip2-devel-1.0.5-3.1mdvmes5.1.x86_64.rpm 06014379c24c7e4d9009252333c1c597 mes5/x86_64/lib64clamav6-0.96.2-0.1mdvmes5.1.x86_64.rpm e7d924b393cac661385cbb4b3c4068e2 mes5/x86_64/lib64clamav-devel-0.96.2-0.1mdvmes5.1.x86_64.rpm 6e7a4164d865f1e5f4a4f45514fbe6d2 mes5/x86_64/perl-Compress-Bzip2-2.09-6.1mdvmes5.1.x86_64.rpm 3962dda9b4bfca75ce205e09da56daec mes5/SRPMS/bzip2-1.0.5-3.1mdvmes5.1.src.rpm 4c284198a38a800bde7d111ba7986750 mes5/SRPMS/clamav-0.96.2-0.1mdvmes5.1.src.rpm d48ef5d54841f35312a852f00b94dd04 mes5/SRPMS/perl-Compress-Bzip2-2.09-6.1mdvmes5.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFMl3DlmqjQ0CJFipgRAqmNAKDCrDqw4UpvV0qI0+JhzlhW5RrdIwCdHIGz 2jU/naEdoGP+YspVRSC+uAg= =zwtV -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/