Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 209915 (CVE-2008-0318) - app-antivirus/clamav < 0.92.1 multiple vulnerabilities (CVE-2008-0318,CVE-2008-0728)
Summary: app-antivirus/clamav < 0.92.1 multiple vulnerabilities (CVE-2008-0318,CVE-200...
Alias: CVE-2008-0318
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
Whiteboard: B2 [glsa]
Depends on:
Reported: 2008-02-12 20:41 UTC by Pierre-Yves Rofes (RETIRED)
Modified: 2008-02-24 19:43 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-02-12 20:41:50 UTC
Some vulnerabilities have been reported in ClamAV, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system.

1) An integer overflow error exists within the "cli_scanpe()" function in libclamav/pe.c. No further information is currently available.

2) An error within the "unmew11()" function in libclamav/mew.c can be exploited to corrupt heap memory.

Successful exploitation may allow execution of arbitrary code.

The vulnerabilities are reported in versions prior to 0.92.1.

Update to version 0.92.1.
Comment 1 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-02-12 20:43:27 UTC
net-mail/antivirus, ok for fast-tracking stabilization of 0.92.1?
Comment 2 Lars Hartmann 2008-02-14 16:56:51 UTC
could someone please add "CVE-2008-0728" to the summary? (i dont have the needed permissions)
Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2008-02-14 19:03:10 UTC
Maintainers please advise.
Comment 4 Andrej Kacian (RETIRED) gentoo-dev 2008-02-16 17:45:49 UTC
I'm OK for 0.92.1 stabilization.
Comment 5 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-02-16 20:23:10 UTC
Arches please test and mark stable app-antivirus/clamav-0.92.1, target "alpha amd64 hppa ia64 ppc ppc64 sparc x86 ~x86-fbsd"
Comment 6 Markus Meier gentoo-dev 2008-02-16 20:42:45 UTC
x86 stable
Comment 7 Christoph Mende (RETIRED) gentoo-dev 2008-02-17 13:22:20 UTC
amd64 stable
Comment 8 Raúl Porcel (RETIRED) gentoo-dev 2008-02-18 14:57:18 UTC
alpha/ia64/sparc stable
Comment 9 Jeroen Roovers (RETIRED) gentoo-dev 2008-02-18 15:45:51 UTC
Stable for HPPA.
Comment 10 Brent Baude (RETIRED) gentoo-dev 2008-02-18 17:27:29 UTC
ppc64 done
Comment 11 Tobias Scherbaum (RETIRED) gentoo-dev 2008-02-19 18:04:25 UTC
ppc stable
Comment 12 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-02-19 20:13:59 UTC
hmm, don't know why I rated this B3 at first... glsa request filed.
Comment 13 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-02-21 22:53:49 UTC
GLSA 200802-09
Comment 14 Peter Volkov (RETIRED) gentoo-dev 2008-02-24 19:43:21 UTC
Fixed in release snapshot.