Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 378815 - <app-antivirus/clamav-0.97.2: DoS (CVE-2011-2721)
Summary: <app-antivirus/clamav-0.97.2: DoS (CVE-2011-2721)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A3 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2011-08-11 18:00 UTC by GLSAMaker/CVETool Bot
Modified: 2011-10-23 14:59 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2011-08-11 18:00:29 UTC
CVE-2011-2721 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2721):
  Off-by-one error in the cli_hm_scan function in matcher-hash.c in libclamav
  in ClamAV before 0.97.2 allows remote attackers to cause a denial of service
  (daemon crash) via an e-mail message that is not properly handled during
  certain hash calculations.


Maintainers, can we stabilize 0.97.2?
Comment 1 Agostino Sarubbo gentoo-dev 2011-08-17 10:58:24 UTC
@net-mail

ping
Comment 2 Tony Vroon gentoo-dev 2011-08-17 11:22:46 UTC
Arches, please test & mark stable version 0.97.2; you can use the EICAR test pattern if you want to make sure that the detection engine is functional. Further details here:
http://en.wikipedia.org/wiki/EICAR_test_file
Comment 3 Agostino Sarubbo gentoo-dev 2011-08-17 13:54:48 UTC
amd64 ok

EICAR test passed.


Anyway, @maintainers, check the init script, that not says anything when I start the service:

amd64box ~ # /etc/init.d/clamd start
amd64box ~ #
Comment 4 Tony Vroon gentoo-dev 2011-08-17 13:58:34 UTC
+  17 Aug 2011; Tony Vroon <chainsaw@gentoo.org> clamav-0.97.2.ebuild:
+  Marked stable on AMD64 based on arch testing by Agostino "ago" Sarubbo in
+  security bug #378815.
Comment 5 Myckel Habets 2011-08-18 05:58:12 UTC
Builds and runs fine on x86. Please mark stable for x86.
Comment 6 Kacper Kowalik (Xarthisius) (RETIRED) gentoo-dev 2011-08-18 17:17:01 UTC
ppc/ppc64 stable
Comment 7 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-08-19 17:16:21 UTC
x86 stable, thanks Myckel
Comment 8 Jeroen Roovers (RETIRED) gentoo-dev 2011-08-21 13:57:16 UTC
Stable for HPPA.
Comment 9 Raúl Porcel (RETIRED) gentoo-dev 2011-08-27 17:41:56 UTC
alpha/ia64/sparc stable
Comment 10 Tim Sammut (RETIRED) gentoo-dev 2011-08-28 02:09:11 UTC
Thanks, everyone. Added to existing GLSA request.
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2011-10-23 14:59:31 UTC
This issue was resolved and addressed in
 GLSA 201110-20 at http://security.gentoo.org/glsa/glsa-201110-20.xml
by GLSA coordinator Tim Sammut (underling).