Summary: | <app-antivirus/clamav-0.96.5: Denial of Service and Memory Corruption Vulnerabilities (CVE-2010-{4260,4261,4479}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Tim Sammut (RETIRED) <underling> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | antivirus, giampaolo, hanno, joe, kilburna, net-mail+disabled |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=master | ||
Whiteboard: | B1 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Tim Sammut (RETIRED)
2010-12-03 08:07:58 UTC
*** Bug 347666 has been marked as a duplicate of this bug. *** CVEs from http://permalink.gmane.org/gmane.comp.security.oss.general/3883. <-- > > Seems like two security issues: > > "1) Multiple errors within the processing of PDF files can be > exploited to e.g. cause a crash. Please use CVE-2010-4260 > > 2) An off-by-one error within the "icon_cb()" function can be > exploited to cause a memory corruption." > Please use CVE-2010-4261 *** Bug 347700 has been marked as a duplicate of this bug. *** *** Bug 347735 has been marked as a duplicate of this bug. *** Bumped after talking back with radhermit on irc. Arches, please test and mark stable: =app-antivirus/clamav-0.96.5 Target keywords : "alpha amd64 hppa ia64 ppc ppc64 sparc x86" x86 stable Tested on SPARC, works just fine. Stabilisation asap would be ideal. I'm not an arch member, anyway the unstable package version seems to compile and work fine on my amd64 server. Stable for HPPA. amd64 done ppc done alpha/ia64/sparc stable ppc64 stable. @security: last arch done Thanks, everyone. GLSA Vote: Yes, CVE-2010-4261 scores a 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) according to the NVD. Yes, together with #338226. CVE-2010-4261 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4261): Off-by-one error in the icon_cb function in pe_icons.c in libclamav in ClamAV before 0.96.5 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. NOTE: some of these details are obtained from third party information. CVE-2010-4260 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4260): Multiple unspecified vulnerabilities in pdf.c in libclamav in ClamAV before 0.96.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, aka (1) "bb #2358" and (2) "bb #2396." CVE-2010-4479 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4479): Unspecified vulnerability in pdf.c in libclamav in ClamAV before 0.96.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, aka "bb #2380," a different vulnerability than CVE-2010-4260. Rerating B1 since clamav often runs in automated systems where it simply scans all email processed, i.e. no user action is required to be exploited. This issue was resolved and addressed in GLSA 201110-20 at http://security.gentoo.org/glsa/glsa-201110-20.xml by GLSA coordinator Tim Sammut (underling). |