Gentoo Bug 249833 - app-antivirus/clamav<0.94.2 DOS in libclamav/special.c (CVE-2008-5314)

First Last Prev Next No search results available Search page Enter new bug

Bug#:	249833
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Stefan Behte <craig@gentoo.org>
Add CC:
CC:

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 249833 depends on:			Show dependency tree
Bug 249833 blocks:			Show dependency tree

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2008-12-04 18:53 0000

CVE-2008-5314 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5314):
  Stack consumption vulnerability in libclamav/special.c in ClamAV
  before 0.94.2 allows remote attackers to cause a denial of service
  (daemon crash) via a crafted JPEG file, related to the
  cli_check_jpeg_exploit, jpeg_check_photoshop, and
  jpeg_check_photoshop_8bim functions.

------- Comment #1 From Stefan Behte 2008-12-04 19:01:31 0000 -------

Thanks to Tobi, we already have 0.94.2 in tree.

Arches, please test and mark stable:
=app-antivirus/clamav-0.94.2
Target keywords : "alpha amd64 hppa ia64 ppc ppc64 sparc x86"

------- Comment #2 From Markus Meier 2008-12-04 22:37:16 0000 -------

amd64/x86 stable

------- Comment #3 From Raúl Porcel 2008-12-05 10:01:35 0000 -------

alpha/ia64/sparc stable

------- Comment #4 From Jeroen Roovers 2008-12-06 18:20:05 0000 -------

Stable for HPPA.

------- Comment #5 From Tobias Scherbaum 2008-12-06 18:53:20 0000 -------

ppc stable

------- Comment #6 From Brent Baude 2008-12-08 19:37:48 0000 -------

ppc6 done

------- Comment #7 From Tobias Heinlein 2008-12-09 22:41:26 0000 -------

GLSA request filed.

------- Comment #8 From Pierre-Yves Rofes 2008-12-23 22:18:26 0000 -------

GLSA 200812-21

First Last Prev Next No search results available Search page Enter new bug

Bugzilla Bug 249833

app-antivirus/clamav<0.94.2 DOS in libclamav/special.c (CVE-2008-5314)

Last modified: 2008-12-23 22:18:26 0000