CVE-2008-5747 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5747): F-Prot 4.6.8 for GNU/Linux allows remote attackers to bypass anti-virus protection via a crafted ELF program with a "corrupted" header that still allows the program to be executed. NOTE: due to an error in the initial disclosure, F-secure was incorrectly stated as the vendor.
from $URL: "frisk f-prot com Version 4.6.8 is an old, obsolete version of F-PROT that is no longer supported by the developers. We no longer release regular virus definition updates for this version, and as far as we know, we have no paying customers of F-PROT 4.6.8 for Linux. The security issue is not present in the current version." Antivirus, please update to 6.0.2 (see http://www.f-prot.com/download/home_user/) and remove 4.6.7. This would also fix #233928 and #232665! :)
once the 6.* version goes stable, we can finally remove the 4.x version.
Arches, please test and mark stable: =app-antivirus/f-prot-6.0.2 Target keywords : "amd64 x86"
This does not fix #233928! Fabian, the latest versions are: Linux Workstation 32 bit 6.0.2 Linux Workstation 64 bit 6.0.2 FreeBSD Workstation 6.0.1 But f-prot-6.0.1.ebuild has: KEYWORDS="~amd64 -sparc ~x86" Shouldn't it have ~ppc, too?! CVE-2008-3243 only *seems* to affect Versions <6.0.9.0 on Windows, NIST lists the Windows changelog as CONFIRM for it.
(In reply to comment #4) > This does not fix #233928! > > Fabian, the latest versions are: > > Linux Workstation 32 bit 6.0.2 > Linux Workstation 64 bit 6.0.2 > FreeBSD Workstation 6.0.1 > > But f-prot-6.0.1.ebuild has: > KEYWORDS="~amd64 -sparc ~x86" > > Shouldn't it have ~ppc, too?! ~ppc and ~x86-fbsd are not in there, as I couldn't test on those arches, and they were not previously keyworded. Since 6.0.1 is still vulnerable, I'm first waiting for you guys, before I will ask the respective arch-teams to look at it. > CVE-2008-3243 only *seems* to affect Versions <6.0.9.0 on Windows, NIST lists > the Windows changelog as CONFIRM for it. That means all versions for non-Windows are affected and useless. (If we ignore the version that fpscan spits out, and go by the version as announced on the download webpage.)
Well, but we still should stabalize 6.0.2, because it fixes CVE-2008-5747. The other bugs will be handled when updates are available. Sorry for this, re-adding arches. Arches, please test and mark stable: =app-antivirus/f-prot-6.0.2 Target keywords : "amd64 x86"
amd64/x86 stable, all arches done.
Ready for vote, I vote YES.
Yes, too. Request filed.
GLSA 200904-14