Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 131791

Summary: app-antivirus/clamav: buffer overflow in freshclam (CVE-2006-1989)
Product: Gentoo Security Reporter: Hanno Böck <hanno>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: normal CC: antivirus, net-mail+disabled
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B2? [glsa] DerCorny
Package list:
Runtime testing required: ---

Description Hanno Böck gentoo-dev 2006-04-30 05:25:20 UTC
From release notes:
"This release improves virus detection, fixes zip handling on 64-bit architectures and possible security problem in freshclam."
" - freshclam/manager.c: fix possible buffer overflow Reported by Ulf Harnhammar <metaur*> and Peter <remllov_*> See for details."
Comment 1 Stefan Cornelius (RETIRED) gentoo-dev 2006-04-30 05:49:54 UTC
antivirus/net-mail pls provide fixed ebuilds, thank you
Comment 2 Andrej Kacian (RETIRED) gentoo-dev 2006-05-01 03:15:45 UTC
The ebuild is already in the tree since 2006-04-30 04:46 PST, see bug #129702. :)
Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-05-01 07:20:58 UTC
Arches please test and mark clamav-0.88.2 stable.
Comment 4 Jakub Moc (RETIRED) gentoo-dev 2006-05-01 08:41:25 UTC
*** Bug 131919 has been marked as a duplicate of this bug. ***
Comment 5 Fernando J. Pereda (RETIRED) gentoo-dev 2006-05-01 08:44:04 UTC
Is it a plane? a bird? NO! It is a shiny Alpha keyword!
Comment 6 Tobias Scherbaum (RETIRED) gentoo-dev 2006-05-01 09:34:36 UTC
ppc stable
Comment 7 Mark Loeser (RETIRED) gentoo-dev 2006-05-01 09:47:30 UTC
x86 stable
Comment 8 René Nussbaumer (RETIRED) gentoo-dev 2006-05-01 10:38:44 UTC
stable on hppa
Comment 9 Jon Hood (RETIRED) gentoo-dev 2006-05-01 12:17:02 UTC
stable on amd64
Comment 10 Markus Rothe (RETIRED) gentoo-dev 2006-05-01 14:16:55 UTC
stable on ppc64
Comment 11 Jason Wever (RETIRED) gentoo-dev 2006-05-01 15:47:14 UTC
SPARC, it's what's for dinner
Comment 12 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-05-01 21:03:56 UTC
GLSA drafted, Security please review.
Comment 13 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-05-02 11:31:44 UTC
GLSA 200605-03

Don't forget to mark stable to benifit from the GLSA.
Comment 14 solar (RETIRED) gentoo-dev 2006-05-31 03:14:06 UTC
ia64 poke poke. (stable request)