clamav is vulnerable :(
Damian Put has discovered a vulnerability in Clam AntiVirus, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
The vulnerability is caused due to an boundary error in the "pefromupx()" function in libclamav/upx.c when unpacking PE executable files compressed with UPX. This can be exploited to cause a heap-based buffer overflow via a specially crafted UPX compressed file.
Successful exploitation crashes the service and may allow execution of arbitrary code.
The vulnerability has been confirmed in versions 0.88.2 and 0.88.3. Other versions may also be affected.
Disable the "ScanPE" option for clamd and start clamscan with the "--no-pe" option. Please note that this completely disables the scanning of PE files. Then block or filter PE files in some other way.
Provided and/or discovered by:
note that ScanPE is enabled by default
let's wait for a patch or update...
0.88.4 is out, I'll commit the ebuild in few minutes
Ebuild for 0.88.4 is in the tree now - by the power bestowed unto me by jaervosz, I'm CCing arch teams, please do your magic.
x86 has been stabilized by me already, after testing on two stable boxes.
SPARC virus detected, all your arch are belong to us!
Looks fine on Alpha.
debian isn't updated yet, we may have a chance ! :)
stable on hppa
Ready for GLSA ! :)
thanks for the quick work on this one