Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 249833 (CVE-2008-5314)

Summary: app-antivirus/clamav<0.94.2 DOS in libclamav/special.c (CVE-2008-5314)
Product: Gentoo Security Reporter: Stefan Behte (RETIRED) <craig>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal    
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5314
Whiteboard: B2 [glsa]
Package list:
Runtime testing required: ---

Description Stefan Behte (RETIRED) gentoo-dev Security 2008-12-04 18:53:00 UTC 
CVE-2008-5314 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5314):
  Stack consumption vulnerability in libclamav/special.c in ClamAV
  before 0.94.2 allows remote attackers to cause a denial of service
  (daemon crash) via a crafted JPEG file, related to the
  cli_check_jpeg_exploit, jpeg_check_photoshop, and
  jpeg_check_photoshop_8bim functions.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2008-12-04 19:01:31 UTC 
Thanks to Tobi, we already have 0.94.2 in tree.

Arches, please test and mark stable:
=app-antivirus/clamav-0.94.2
Target keywords : "alpha amd64 hppa ia64 ppc ppc64 sparc x86"
Comment 2 Markus Meier gentoo-dev 2008-12-04 22:37:16 UTC 
amd64/x86 stable
Comment 3 Raúl Porcel (RETIRED) gentoo-dev 2008-12-05 10:01:35 UTC 
alpha/ia64/sparc stable
Comment 4 Jeroen Roovers (RETIRED) gentoo-dev 2008-12-06 18:20:05 UTC 
Stable for HPPA.
Comment 5 Tobias Scherbaum (RETIRED) gentoo-dev 2008-12-06 18:53:20 UTC 
ppc stable
Comment 6 Brent Baude (RETIRED) gentoo-dev 2008-12-08 19:37:48 UTC 
ppc6 done
Comment 7 Tobias Heinlein (RETIRED) gentoo-dev 2008-12-09 22:41:26 UTC 
GLSA request filed.
Comment 8 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-12-23 22:18:26 UTC 
GLSA 200812-21