Univention Bugzilla – Bug 46180
clamav: Multiple issues (4.2)
Last modified: 2018-01-29 17:14:08 CET
+++ This bug was initially created as a clone of Bug #45615 +++ ucs_4.2-0 has clamav (0.99.2+dfsg-0+deb8u2) <http://xen1.knut.univention.de:8000/packages/source/clamav/?since=4.1-0> Waiting for <https://bugs.debian.org/888484> and <https://bugs.debian.org/888553> CVE-2017-12374 ClamAV has a use-after-free condition arising from a lack of input validation. A remote attacker could exploit this vulnerability with a crafted email message to cause a denial of service. CVE-2017-12375 ClamAV has a buffer overflow vulnerability arising from a lack of input validation. An unauthenticated remote attacker could send a crafted email message to the affected device, triggering a buffer overflow and potentially a denial of service when the malicious message is scanned. CVE-2017-12376 ClamAV has a buffer overflow vulnerability arising from improper input validation when handling Portable Document Format (PDF) files. An unauthenticated remote attacker could send a crafted PDF file to the affected device, triggering a buffer overflow and potentially a denial of service or arbitrary code execution when the malicious file is scanned. CVE-2017-12377 ClamAV has a heap overflow vulnerability arising from improper input validation when handling mew packets. An attacker could exploit this by sending a crafted message to the affected device, triggering a denial of service or possible arbitrary code execution when the malicious file is scanned. CVE-2017-12378 ClamAV has a buffer overread vulnerability arising from improper input validation when handling tape archive (TAR) files. An unauthenticated remote attacker could send a crafted TAR file to the affected device, triggering a buffer overread and potentially a denial of service when the malicious file is scanned. CVE-2017-12379 ClamAV has a buffer overflow vulnerability arising from improper input validation in the message parsing function. An unauthenticated remote attacker could send a crafted email message to the affected device, triggering a buffer overflow and potentially a denial of service or arbitrary code execution when the malicious message is scanned. CVE-2017-12380 ClamAV has a NULL dereference vulnerability arising from improper input validation in the message parsing function. An unauthenticated remote attacker could send a crafted email message to the affected device, triggering a NULL pointer dereference, which may result in a denial of service. FYI: The previous UCS build was missing all patches: > clamav (0.99.2+dfsg-0.A~4.2.0.201703071307) ucs4-2-0-0; urgency=low > * UCS auto build. No patches were applied to the original source package > clamav (0.99.2+dfsg-0+deb8u2) stable; urgency=medium
r17999 | Bug #46180: clamav Sort as given > 0.99.2+dfsg-0.A~4.2.0.201703071307 (4.2-0) > 0.99.2+dfsg-0.A~4.2.3.201801281200 (4.2-3 errata) <=== > 0.99.2+dfsg-6+b1A~4.3.0.201712111442 (4.3-0) build-package-ng -p clamav -r 4.2 -s errata4.2-3 -v '0.99.2+dfsg-0.A~4.2.3.201801281200' Package: clamav Version: 0.99.2+dfsg-0.A~4.2.3.201801281200 Branch: ucs_4.2-0 Scope: errata4.2-3 6094cee27d Bug #46180: clamav FYI: This can be ignored: dpkg-gensymbols: warning: debian/libclamav7/DEBIAN/symbols doesn't match completely debian/libclamav7.symbols --- debian/libclamav7.symbols (libclamav7_0.99.2+dfsg-0.A~4.2.3.201801281200_i386) +++ dpkg-gensymbolsDksVMK 2018-01-28 11:07:23.810856101 +0000 @@ -63,7 +63,7 @@ cl_load_cert@CLAMAV_PRIVATE 0.99.2 cl_load_crl@CLAMAV_PRIVATE 0.99.2 cl_retdbdir@CLAMAV_PUBLIC 0.99~rc1 - cl_retflevel@CLAMAV_PUBLIC 0.99.2+dfsg-6+deb8u2 + cl_retflevel@CLAMAV_PUBLIC 0.99.2+dfsg-0.A~4.2.3.201801281200 cl_retver@CLAMAV_PUBLIC 0.99~rc1 cl_scandesc@CLAMAV_PUBLIC 0.99~rc1 cl_scandesc_callback@CLAMAV_PUBLIC 0.99~rc1
YAML: OK Build: OK (Patches have been applied) ------------------------------------------- $ zless /usr/share/doc/clamav/changelog.Debian.gz clamav (0.99.2+dfsg-0.A~4.2.3.201801281200) ucs4-2-0-0; urgency=low * UCS auto build. The following patches have been applied to the original source package 010-utilize_ucr_autostart_settings 020-dont_fail_in_postinst_if_start_fails 025-CVE-2017-xxx 030-silence-version-msg -- Univention builddaemon <buildd@univention.de> Sun, 28 Jan 2018 12:04:08 +0100 clamav (0.99.2+dfsg-0+deb8u3) jessie; urgency=medium * Apply security patches from 0.99.3 (Closes: #888484): - fixes for the following CVE's: CVE-2017-6418, CVE-2017-6420, CVE-2017-12374, CVE-2017-12375, CVE-2017-12376, CVE-2017-12377, CVE-2017-12378, CVE-2017-12379, CVE-2017-12380. * Bump symbol version of cl_retflevel because CL_FLEVEL changed. * Cherry-pick patch from bb11549 to fix a temp file cleanup issue (Closes: #824196). ------------------------------------------- Tests: OK. Mail tests were successful.
<http://errata.software-univention.de/ucs/4.2/266.html>