Summary: | <app-antivirus/clamav-0.98.5: multiple vulnerabilities (CVE-2014-9050) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Hanno Böck <hanno> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | antivirus, jaco, kevin, net-mail+disabled |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://blog.clamav.net/2014/11/clamav-0985-has-been-released.html | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Hanno Böck
2014-11-18 23:05:45 UTC
This sounds more severe: http://www.openwall.com/lists/oss-security/2014/11/21/12 Please update as soon as possible. Thanks for reminding me Hanno. I am guilty of seeing the release mail for 0.98.5 but not reading it (therefore I hadn't noticed the security fix) Looking at it now (just deciding what to do about the new feature which requires libjson-c) Committed. I assume you want it stabilized asap but leaving the rest to Security Team. Maintainer(s): Please let us know when the ebuild is ready for stabilization, or call for stabilization. Notes on compromise: A heap buffer overflow was reported in [1] in ClamAV when scanning a specially crafted y0da Crypter obfuscated PE file. Note that this is remotely exploitable when ClamAV is used as a mail gateway scanner. Works for me on 2 machines so afaik ok -> STABLEREQ + CC Arch teams no extensive tests yet but compiles and runs for me -- amd64 amd64 stable x86 stable Stable for HPPA. ppc64 stable sparc stable alpha stable ppc stable ia64 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. CVE-2014-9050 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9050): Heap-based buffer overflow in the cli_scanpe function in libclamav/pe.c in ClamAV before 0.95.4 allows remote attackers to cause a denial of service (crash) via a crafted y0da Crypter PE file. Arches, Thank you for your work Maintainer(s), please drop the vulnerable version(s). New GLSA Request filed. + 09 Dec 2014; Sergey Popov <pinkbyte@gentoo.org> package.mask: + Mask vulnerable versions of app-antivirus/clamav This issue was resolved and addressed in GLSA 201412-05 at http://security.gentoo.org/glsa/glsa-201412-05.xml by GLSA coordinator Mikle Kolyada (Zlogene). removed old versions after waiting a bit in case there were some issues/complaints. |