|Summary:||app-antivirus/clamav: RFC2397 Bypass Weakness|
|Product:||Gentoo Security||Reporter:||Luke Macken (RETIRED) <lewk>|
|Component:||Vulnerabilities||Assignee:||Gentoo Security <security>|
|Whiteboard:||B3 [glsa] jaervosz|
|Package list:||Runtime testing required:||---|
Description Luke Macken (RETIRED) 2005-01-19 05:14:23 UTC
TITLE: Clam AntiVirus RFC2397 Bypass Weakness SECUNIA ADVISORY ID: SA13900 VERIFY ADVISORY: http://secunia.com/advisories/13900/ CRITICAL: Not critical IMPACT: Security Bypass WHERE: >From remote SOFTWARE: Clam AntiVirus (clamav) 0.x http://secunia.com/product/2538/ DESCRIPTION: The vendor has acknowledged a weakness in Clam AntiVirus, which allows malware to bypass detection. For more information: SA13792 This has been reported to affect Clam AntiVirus. Other versions may also be affected. SOLUTION: This has been fixed in CVS. Do not rely solely on gateway / perimeter security. Apply patches to fix vulnerabilities in client software and apply other defence in depth measures. PROVIDED AND/OR DISCOVERED BY: Reported by vendor. OTHER REFERENCES: SA13792: http://secunia.com/advisories/13792/
Comment 1 Sune Kloppenborg Jeppesen 2005-01-19 10:43:43 UTC
net-mail, antivirus please advise.
Comment 2 Thierry Carrez (RETIRED) 2005-01-23 04:37:24 UTC
A new clamav version should be released with the fix, so better wait.
Comment 3 Sune Kloppenborg Jeppesen 2005-01-27 00:05:10 UTC
Comment 4 Andrej Kacian (RETIRED) 2005-01-27 00:40:20 UTC
Ebuild for 0.81 in CVS.
Comment 5 Sune Kloppenborg Jeppesen 2005-01-27 01:03:54 UTC
Arches please test and mark stable.
Comment 6 Andrej Kacian (RETIRED) 2005-01-27 02:21:46 UTC
Stable on x86. Added dependency on fixed zlib version (bug #61749), as suggested by jaervosz.
Comment 7 Gustavo Zacarias (RETIRED) 2005-01-27 05:15:07 UTC
Ticho: you lack a DEPEND for USE="milter", so if sendmail isn't around it won't compile because libmilter is missing (dunno if there's another provider for it). Anyway, sparc stable, since it's just a minor compile fix.
Comment 8 Andrej Kacian (RETIRED) 2005-01-27 08:35:05 UTC
Yes, I noticed it earlier today when I tried to compile with +milter. I decided to leave it be for now, because I couldn't think of a way to check for sendmail installed with milter flag. This will probably be best solved by issuing an einfo/ewarn message in pkg_setup().
Comment 9 Jan Brinkmann (RETIRED) 2005-01-28 13:11:40 UTC
stable on amd64
Comment 10 Michael Hanselmann (hansmi) (RETIRED) 2005-01-28 13:22:32 UTC
Stable on ppc.
Comment 11 Bryan Østergaard (RETIRED) 2005-01-30 12:01:51 UTC
Stable on alpha.
Comment 12 Thierry Carrez (RETIRED) 2005-01-31 01:07:20 UTC
ia64 should test and mark stable too.
Comment 13 Sune Kloppenborg Jeppesen 2005-01-31 11:55:24 UTC
GLSA 200501-46 hppa and ia64 please remember to mark stable to benifit from the GLSA.
Comment 14 René Nussbaumer (RETIRED) 2005-06-26 05:44:47 UTC
ebuild no longer in portage.