Bug 45615 - clamav: Multiple issues (4.1)
clamav: Multiple issues (4.1)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.1
Other Linux
: P5 normal (vote)
: UCS 4.1-5-errata
Assigned To: Philipp Hahn
Stefan Gohmann
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-10-30 16:13 CET by Arvid Requate
Modified: 2018-01-31 14:34 CET (History)
1 user (show)

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional): Security
Max CVSS v3 score: 5.5 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
requate: Patch_Available+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2017-10-30 16:13:23 CET
Upstream Debian package version 0.99.2+dfsg-0+deb7u3 fixes:

* libclamav/message.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted e-mail message. (CVE-2017-6418)

* The wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (use-after-free) via a crafted PE file with WWPack compression. (CVE-2017-6420)
Comment 1 Philipp Hahn univentionstaff 2018-01-28 10:08:17 CET
0.99.2+dfsg-0+deb7u4 fixes:

CVE-2017-12374

    ClamAV has a use-after-free condition arising from a lack of input
    validation. A remote attacker could exploit this vulnerability with
    a crafted email message to cause a denial of service.

CVE-2017-12375

    ClamAV has a buffer overflow vulnerability arising from a lack of
    input validation. An unauthenticated remote attacker could send a
    crafted email message to the affected device, triggering a buffer
    overflow and potentially a denial of service when the malicious
    message is scanned.

CVE-2017-12376

    ClamAV has a buffer overflow vulnerability arising from improper
    input validation when handling Portable Document Format (PDF) files.
    An unauthenticated remote attacker could send a crafted PDF file to
    the affected device, triggering a buffer overflow and potentially a
    denial of service or arbitrary code execution when the malicious
    file is scanned.

CVE-2017-12377

    ClamAV has a heap overflow vulnerability arising from improper input
    validation when handling mew packets. An attacker could exploit this
    by sending a crafted message to the affected device, triggering a
    denial of service or possible arbitrary code execution when the
    malicious file is scanned.

CVE-2017-12378

    ClamAV has a buffer overread vulnerability arising from improper
    input validation when handling tape archive (TAR) files. An
    unauthenticated remote attacker could send a crafted TAR file to
    the affected device, triggering a buffer overread and potentially a
    denial of service when the malicious file is scanned.

CVE-2017-12379

    ClamAV has a buffer overflow vulnerability arising from improper
    input validation in the message parsing function. An unauthenticated
    remote attacker could send a crafted email message to the affected
    device, triggering a buffer overflow and potentially a denial of
    service or arbitrary code execution when the malicious message is
    scanned.

CVE-2017-12380

    ClamAV has a NULL dereference vulnerability arising from improper
    input validation in the message parsing function. An unauthenticated
    remote attacker could send a crafted email message to the affected
    device, triggering a NULL pointer dereference, which may result in a
    denial of service

repo_admin.py -U -p clamav -d wheezy -r 4.1 -s errata4.1-5
b41-scope errata4.1-5 clamav

Package: clamav
Version: 0.99.2+dfsg-0.160.201801280950
Branch: ucs_4.1-0
Scope: errata4.1-5

f4e65bf958 Bug #45615: clamav
Comment 2 Stefan Gohmann univentionstaff 2018-01-29 12:38:27 CET
YAML: OK

Build: OK: 
-------------------------------------------
$ zless /usr/share/doc/clamav/changelog.Debian.gz 
clamav (0.99.2+dfsg-0.160.201801280950) ucs4-1-0-0; urgency=low

  * UCS auto build. The following patches have been applied to the original source package
    010-utilize_ucr_autostart_settings
    020-dont_fail_in_postinst_if_start_fails
    030-silence-version-msg

 -- Univention builddaemon <buildd@univention.de>  Sun, 28 Jan 2018 09:50:32 +0100

clamav (0.99.2+dfsg-0+deb7u4) wheezy-security; urgency=high

  * Non-maintainer upload by the LTS Team
    - changes based entirely on jessie patch by Sebastian Andrzej Siewior
  * Apply security patches from 0.99.3 (Closes: #888484):
    - fixes for the following CVE's: CVE-2017-6418, CVE-2017-6420,
      CVE-2017-12374, CVE-2017-12375, CVE-2017-12376, CVE-2017-12377,
      CVE-2017-12378, CVE-2017-12379, CVE-2017-12380.
  * Bump symbol version of cl_retflevel because CL_FLEVEL changed.
  * Cherry-pick patch from bb11549 to fix a temp file cleanup issue
    (Closes: #824196).
-------------------------------------------

Tests: OK. Mail tests were successful.
Comment 3 Arvid Requate univentionstaff 2018-01-31 14:34:49 CET
<http://errata.software-univention.de/ucs/4.1/495.html>