Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 131791

Summary: app-antivirus/clamav: buffer overflow in freshclam (CVE-2006-1989)
Product: Gentoo Security Reporter: Hanno Böck <hanno>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: antivirus, net-mail+disabled
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.clamav.net/security/0.88.2.html
Whiteboard: B2? [glsa] DerCorny
Package list:
Runtime testing required: ---

Description Hanno Böck gentoo-dev 2006-04-30 05:25:20 UTC 
From release notes:
"This release improves virus detection, fixes zip handling on 64-bit architectures and possible security problem in freshclam."
[...]
" - freshclam/manager.c: fix possible buffer overflow Reported by Ulf Harnhammar <metaur*telia.com> and Peter <remllov_*gmx.de> See http://www.clamav.net/security/0.88.2.html for details."
Comment 1 Stefan Cornelius (RETIRED) gentoo-dev 2006-04-30 05:49:54 UTC 
antivirus/net-mail pls provide fixed ebuilds, thank you
Comment 2 Andrej Kacian (RETIRED) gentoo-dev 2006-05-01 03:15:45 UTC 
The ebuild is already in the tree since 2006-04-30 04:46 PST, see bug #129702. :)
Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-05-01 07:20:58 UTC 
Arches please test and mark clamav-0.88.2 stable.
Comment 4 Jakub Moc (RETIRED) gentoo-dev 2006-05-01 08:41:25 UTC 
*** Bug 131919 has been marked as a duplicate of this bug. ***
Comment 5 Fernando J. Pereda (RETIRED) gentoo-dev 2006-05-01 08:44:04 UTC 
Is it a plane? a bird? NO! It is a shiny Alpha keyword!
Comment 6 Tobias Scherbaum (RETIRED) gentoo-dev 2006-05-01 09:34:36 UTC 
ppc stable
Comment 7 Mark Loeser (RETIRED) gentoo-dev 2006-05-01 09:47:30 UTC 
x86 stable
Comment 8 René Nussbaumer (RETIRED) gentoo-dev 2006-05-01 10:38:44 UTC 
stable on hppa
Comment 9 Jon Hood (RETIRED) gentoo-dev 2006-05-01 12:17:02 UTC 
stable on amd64
Comment 10 Markus Rothe (RETIRED) gentoo-dev 2006-05-01 14:16:55 UTC 
stable on ppc64
Comment 11 Jason Wever (RETIRED) gentoo-dev 2006-05-01 15:47:14 UTC 
SPARC, it's what's for dinner
Comment 12 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-05-01 21:03:56 UTC 
GLSA drafted, Security please review.
Comment 13 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-05-02 11:31:44 UTC 
GLSA 200605-03

Don't forget to mark stable to benifit from the GLSA.
Comment 14 solar (RETIRED) gentoo-dev 2006-05-31 03:14:06 UTC 
ia64 poke poke. (stable request)