Home | Docs | Forums | Lists | Bugs | Planet | Store | GMN | Get Gentoo!

Full Text Bug Listing

Two vulnerabilities in F-Prot Antivirus version 4.6.6 for Unix platforms could
allow a remote attacker to cause a denial of service or execute arbitrary code. 

New version 4.6.7 is available and not vulnerable. Gentoo portage is still at
4.6.5.
f-prot can be used as mail scanner in amavis, so the problem is specifically
servere.

Antivirus please advise and bump as necessary.

4.6.7 has just been added to portage.

Thx for the swift response ticho.

Arches please test and mark stable. Target keywords are:

f-prot-4.6.7.ebuild:KEYWORDS="amd64 -ppc -sparc x86"

x86 happy (come to think of it, we're *ALWAYS* happy)

La, la, la...

Emerged fine on amd64, successfully ran a scan of /tmp -- looks good.

Gentoo Base System version 1.12.5
Portage 2.1.1-r1 (default-linux/amd64/2006.1, gcc-4.1.1, glibc-2.4-r3,
2.6.15-gentoo-r72006040301 x86_64)
=================================================================
System uname: 2.6.15-gentoo-r72006040301 x86_64 AMD Athlon(tm) 64 Processor
3700+
Last Sync: Mon, 11 Dec 2006 01:20:01 +0000
app-admin/eselect-compiler: [Not Present]
dev-java/java-config: [Not Present]
dev-lang/python:     2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     [Not Present]
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.60
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.13-r4
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="amd64"
AUTOCLEAN="yes"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O2 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-O2 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig collision-protect confcache digest distlocks
metadata-transfer multilib-strict sandbox sfperms strict"
GENTOO_MIRRORS="http://gentoo.chem.wisc.edu/gentoo/"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress
--force --whole-file --delete --delete-after --stats --timeout=180
--exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.us.gentoo.org/gentoo-portage"
USE="amd64 berkdb bitmap-fonts cli cracklib crypt cups dlloader dri elibc_glibc
fortran gdbm gpm iconv input_devices_evdev input_devices_keyboard
input_devices_mouse ipv6 isdnlog kernel_linux libg++ ncurses nls nptl nptlonly
pam pcre perl ppds pppd python readline reflection session spl ssl tcpd
truetype-fonts type1-fonts udev unicode userland_GNU video_cards_apm
video_cards_ark video_cards_ati video_cards_chips video_cards_cirrus
video_cards_cyrix video_cards_dummy video_cards_fbdev video_cards_glint
video_cards_i128 video_cards_i810 video_cards_mga video_cards_neomagic
video_cards_nv video_cards_rendition video_cards_s3 video_cards_s3virge
video_cards_savage video_cards_siliconmotion video_cards_sis video_cards_sisusb
video_cards_tdfx video_cards_tga video_cards_trident video_cards_tseng
video_cards_v4l video_cards_vesa video_cards_vga video_cards_via
video_cards_vmware video_cards_voodoo xorg zlib"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS,
LINGUAS, MAKEOPTS, PORTAGE_RSYNC_EXTRA_OPTS

Go Go Go! AMD64 gone! *teh poof* magic, innit :)
/me joins Ticho with his La, la, la's 

isn't it a B1 since f-prot is devoted to be used in a mail server?

Yeah Falco I think you're right.

GLSA 200612-12