131791 – app-antivirus/clamav: buffer overflow in freshclam (CVE-2006-1989)

Bug 131791 - app-antivirus/clamav: buffer overflow in freshclam (CVE-2006-1989)

Summary: app-antivirus/clamav: buffer overflow in freshclam (CVE-2006-1989)

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://www.clamav.net/security/0.88.2...
Whiteboard:	B2? [glsa] DerCorny
Keywords:

Duplicates (1):	131919 (view as bug list)
Depends on:
Blocks:

Reported:	2006-04-30 05:25 UTC by Hanno Böck
Modified:	2006-10-15 04:29 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Hanno Böck gentoo-dev

2006-04-30 05:25:20 UTC

From release notes:
"This release improves virus detection, fixes zip handling on 64-bit architectures and possible security problem in freshclam."
[...]
" - freshclam/manager.c: fix possible buffer overflow Reported by Ulf Harnhammar <metaur*telia.com> and Peter <remllov_*gmx.de> See http://www.clamav.net/security/0.88.2.html for details."

Comment 1 Stefan Cornelius (RETIRED) gentoo-dev

2006-04-30 05:49:54 UTC

antivirus/net-mail pls provide fixed ebuilds, thank you

Comment 2 Andrej Kacian (RETIRED) gentoo-dev

2006-05-01 03:15:45 UTC

The ebuild is already in the tree since 2006-04-30 04:46 PST, see bug #129702. :)

Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2006-05-01 07:20:58 UTC

Arches please test and mark clamav-0.88.2 stable.

Comment 4 Jakub Moc (RETIRED) gentoo-dev

2006-05-01 08:41:25 UTC

*** Bug 131919 has been marked as a duplicate of this bug. ***

Comment 5 Fernando J. Pereda (RETIRED) gentoo-dev

2006-05-01 08:44:04 UTC

Is it a plane? a bird? NO! It is a shiny Alpha keyword!

Comment 6 Tobias Scherbaum (RETIRED) gentoo-dev

2006-05-01 09:34:36 UTC

ppc stable

Comment 7 Mark Loeser (RETIRED) gentoo-dev

2006-05-01 09:47:30 UTC

x86 stable

Comment 8 René Nussbaumer (RETIRED) gentoo-dev

2006-05-01 10:38:44 UTC

stable on hppa

Comment 9 Jon Hood (RETIRED) gentoo-dev

2006-05-01 12:17:02 UTC

stable on amd64

Comment 10 Markus Rothe (RETIRED) gentoo-dev

2006-05-01 14:16:55 UTC

stable on ppc64

Comment 11 Jason Wever (RETIRED) gentoo-dev

2006-05-01 15:47:14 UTC

SPARC, it's what's for dinner

Comment 12 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2006-05-01 21:03:56 UTC

GLSA drafted, Security please review.

Comment 13 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2006-05-02 11:31:44 UTC

GLSA 200605-03

Don't forget to mark stable to benifit from the GLSA.

Comment 14 solar (RETIRED) gentoo-dev

2006-05-31 03:14:06 UTC

ia64 poke poke. (stable request)