|Summary:||app-antivirus/clamav 0.86.2 fixes integer overflows|
|Product:||Gentoo Security||Reporter:||Sune Kloppenborg Jeppesen <jaervosz>|
|Component:||Vulnerabilities||Assignee:||Gentoo Security <security>|
|Severity:||critical||CC:||antivirus, net-mail+disabled, reb|
|Whiteboard:||A1 [glsa] jaervosz|
|Package list:||Runtime testing required:||---|
Description Sune Kloppenborg Jeppesen 2005-07-24 22:21:28 UTC
From Changelog: libclamav/fsg.c: Fix possible integer overflow (acab) Reported by Alex Wheeler. libclamav/chmunpack.c: Fix possible malloc overflow (trog) Reported by Alex Wheeler. libclamav/tnef.c: Fix possible crash if the length field is 0 or negative in headers (njh) Reported by Alex Wheeler (alexbling at gmail.com)
Comment 1 Sune Kloppenborg Jeppesen 2005-07-24 22:25:06 UTC
net-mail/antivirus please advise and provide an updated ebuild if needed. I'm not sure how easy these are to exploit, not much detail provided.
Comment 2 Andrej Kacian (RETIRED) 2005-07-25 02:44:14 UTC
Eh, I have committed the ebuild first thing this morning, when I found sf.net release announce in my mail, before reading this bug. So, there goes, unstable for all used arches. :)
Comment 3 Andrej Kacian (RETIRED) 2005-07-25 02:59:04 UTC
Looks like the third mentioned overflow would be easy to exploit, since all it takes is wrong value in headers of incoming data. Second one should be exploitable as well, judging from the code, since it deals with too long filename. As for the first mentioned changelog entry, it's some sort of boundary checking, but I don't know clamav code too well, so I couldn't say whether it was something with internal data, or with outside data.
Comment 4 Stefan Cornelius (RETIRED) 2005-07-25 09:42:04 UTC
*** Bug 100248 has been marked as a duplicate of this bug. ***
Comment 5 Sune Kloppenborg Jeppesen 2005-07-25 10:38:02 UTC
Arches please test and mark stable.
Comment 6 René Nussbaumer (RETIRED) 2005-07-25 11:28:31 UTC
Stable on hppa
Comment 7 Herbie Hopkins (RETIRED) 2005-07-25 12:03:50 UTC
Stable on amd64.
Comment 8 Gustavo Zacarias (RETIRED) 2005-07-25 12:06:08 UTC
Comment 9 Tobias Scherbaum (RETIRED) 2005-07-25 12:30:53 UTC
Comment 10 Andrej Kacian (RETIRED) 2005-07-25 13:01:41 UTC
Comment 11 Markus Rothe (RETIRED) 2005-07-25 23:36:56 UTC
stable on ppc64
Comment 12 Sune Kloppenborg Jeppesen 2005-07-26 13:31:58 UTC
Stable on alpha, bug 100178. Thx kloeri
Comment 13 Sune Kloppenborg Jeppesen 2005-07-26 13:57:10 UTC