Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 209915 (CVE-2008-0318)

Summary: app-antivirus/clamav < 0.92.1 multiple vulnerabilities (CVE-2008-0318,CVE-2008-0728)
Product: Gentoo Security Reporter: Pierre-Yves Rofes (RETIRED) <py>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: antivirus, net-mail+disabled
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://secunia.com/advisories/28907/
Whiteboard: B2 [glsa]
Package list:
Runtime testing required: ---

Description Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-02-12 20:41:50 UTC 
Some vulnerabilities have been reported in ClamAV, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system.

1) An integer overflow error exists within the "cli_scanpe()" function in libclamav/pe.c. No further information is currently available.

2) An error within the "unmew11()" function in libclamav/mew.c can be exploited to corrupt heap memory.

Successful exploitation may allow execution of arbitrary code.

The vulnerabilities are reported in versions prior to 0.92.1.

Solution:
Update to version 0.92.1.
Comment 1 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-02-12 20:43:27 UTC 
net-mail/antivirus, ok for fast-tracking stabilization of 0.92.1?
Comment 2 Lars Hartmann 2008-02-14 16:56:51 UTC 
could someone please add "CVE-2008-0728" to the summary? (i dont have the needed permissions)
Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2008-02-14 19:03:10 UTC 
Maintainers please advise.
Comment 4 Andrej Kacian (RETIRED) gentoo-dev 2008-02-16 17:45:49 UTC 
I'm OK for 0.92.1 stabilization.
Comment 5 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-02-16 20:23:10 UTC 
Arches please test and mark stable app-antivirus/clamav-0.92.1, target "alpha amd64 hppa ia64 ppc ppc64 sparc x86 ~x86-fbsd"
Comment 6 Markus Meier gentoo-dev 2008-02-16 20:42:45 UTC 
x86 stable
Comment 7 Christoph Mende (RETIRED) gentoo-dev 2008-02-17 13:22:20 UTC 
amd64 stable
Comment 8 Raúl Porcel (RETIRED) gentoo-dev 2008-02-18 14:57:18 UTC 
alpha/ia64/sparc stable
Comment 9 Jeroen Roovers (RETIRED) gentoo-dev 2008-02-18 15:45:51 UTC 
Stable for HPPA.
Comment 10 Brent Baude (RETIRED) gentoo-dev 2008-02-18 17:27:29 UTC 
ppc64 done
Comment 11 Tobias Scherbaum (RETIRED) gentoo-dev 2008-02-19 18:04:25 UTC 
ppc stable
Comment 12 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-02-19 20:13:59 UTC 
hmm, don't know why I rated this B3 at first... glsa request filed.
Comment 13 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-02-21 22:53:49 UTC 
GLSA 200802-09
Comment 14 Peter Volkov (RETIRED) gentoo-dev 2008-02-24 19:43:21 UTC 
Fixed in release snapshot.