Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 100178
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Sune Kloppenborg Jeppesen <jaervosz@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 100178 depends on: Show dependency tree
Bug 100178 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2005-07-24 22:21 0000 
From Changelog: 
 
libclamav/fsg.c: Fix possible integer overflow (acab) Reported by Alex 
Wheeler. 
libclamav/chmunpack.c: Fix possible malloc overflow (trog) Reported by Alex 
Wheeler. 
libclamav/tnef.c: Fix possible crash if the length field is 0 or negative in 
headers (njh) Reported by Alex Wheeler (alexbling at gmail.com)

------- Comment #1 From Sune Kloppenborg Jeppesen 2005-07-24 22:25:06 0000 ------- 
net-mail/antivirus please advise and provide an updated ebuild if needed. I'm 
not sure how easy these are to exploit, not much detail provided.

------- Comment #2 From Andrej Kacian (RETIRED) 2005-07-25 02:44:14 0000 ------- 
Eh, I have committed the ebuild first thing this morning, when I found sf.net
release announce in my mail, before reading this bug. So, there goes, unstable
for all used arches. :)

------- Comment #3 From Andrej Kacian (RETIRED) 2005-07-25 02:59:04 0000 ------- 
Looks like the third mentioned overflow would be easy to exploit, since all it
takes is wrong value in headers of incoming data. Second one should be
exploitable as well, judging from the code, since it deals with too long filename.

As for the first mentioned changelog entry, it's some sort of boundary checking,
but I don't know clamav code too well, so I couldn't say whether it was
something with internal data, or with outside data.

------- Comment #4 From Stefan Cornelius (RETIRED) 2005-07-25 09:42:04 0000 ------- 
*** Bug 100248 has been marked as a duplicate of this bug. ***

------- Comment #5 From Sune Kloppenborg Jeppesen 2005-07-25 10:38:02 0000 ------- 
Arches please test and mark stable.

------- Comment #6 From René Nussbaumer 2005-07-25 11:28:31 0000 ------- 
Stable on hppa

------- Comment #7 From Herbie Hopkins (RETIRED) 2005-07-25 12:03:50 0000 ------- 
Stable on amd64.

------- Comment #8 From Gustavo Zacarias (RETIRED) 2005-07-25 12:06:08 0000 ------- 
sparc stable.

------- Comment #9 From Tobias Scherbaum 2005-07-25 12:30:53 0000 ------- 
ppc stable

------- Comment #10 From Andrej Kacian (RETIRED) 2005-07-25 13:01:41 0000 ------- 
x86 happy

------- Comment #11 From Markus Rothe 2005-07-25 23:36:56 0000 ------- 
stable on ppc64

------- Comment #12 From Sune Kloppenborg Jeppesen 2005-07-26 13:31:58 0000 ------- 
Stable on alpha, bug 100178.  
 
Thx kloeri

------- Comment #13 From Sune Kloppenborg Jeppesen 2005-07-26 13:57:10 0000 ------- 
GLSA 200507-25
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug