Summary: | <app-antivirus/clamav-0.99.3-r2: libclamunrar: Vulnerable to VMSF_DELTA Filter Signedness Error (CVE-2012-6706) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Thomas Deutschmann (RETIRED) <whissi> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | antivirus, candrews, net-mail+disabled |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.clamav.net/show_bug.cgi?id=11859 | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=623538 | ||
Whiteboard: | B2 [glsa+ cve] | ||
Package list: |
app-antivirus/clamav-0.99.3-r2
|
Runtime testing required: | --- |
Bug Depends on: | 649314 | ||
Bug Blocks: | 622380 |
Description
Thomas Deutschmann (RETIRED)
2017-07-02 14:38:13 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=69c038dd6c5f79aa46eb92543bed649d50857b66 commit 69c038dd6c5f79aa46eb92543bed649d50857b66 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2018-02-23 19:00:09 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2018-02-23 19:00:23 +0000 app-antivirus/clamav: Rev bump to add patch for CVE-2012-6706 ...aka VMSF_DELTA Filter Signedness Error. Bug: https://bugs.gentoo.org/623534 Package-Manager: Portage-2.3.24, Repoman-2.3.6 app-antivirus/clamav/clamav-0.99.3-r2.ebuild | 160 ++++++++++++++++++ ...lamav-0.99.3-VMSF_DELTA-fix-CVE-2012-6706.patch | 186 +++++++++++++++++++++ 2 files changed, 346 insertions(+)} I intend to add 0.99.4 later (Release annoucement: http://blog.clamav.net/2018/03/clamav-0994-has-been-released.html x86 stable I marked =app-antivirus/clamav-0.99.3-r2 stable on x86 because this is the latest version which works on x86. So instead of waiting for a fixed 0.99.4 via bug 649314 which contains more security fixes it is better to get available working fixes ASAP than being vulnerable to everything. This issue was resolved and addressed in GLSA 201804-16 at https://security.gentoo.org/glsa/201804-16 by GLSA coordinator Aaron Bauman (b-man). |