Ubuntu
clamav package

possible integer overflow

Bug #191150 reported by Leonel Nunez on 2008-02-12

262

Affects		Status	Importance	Assigned to	Milestone
	clamav (Ubuntu)	Fix Released	High	Unassigned
	Dapper	Fix Released	Undecided	Unassigned
	Edgy	Invalid	Undecided	Unassigned
	Feisty	Fix Released	Undecided	Unassigned
	Gutsy	Fix Released	Undecided	Unassigned

Bug Description

Possible Integer overflow in libclamav/pe.c

CVE-2008-0316

Related branches

lp:ubuntu/feisty-security/clamav

CVE References

Leonel Nunez (leonelnunez) on 2008-02-12

Changed in clamav:
assignee:	nobody → leonelnunez
status:	New → In Progress

Scott Kitterman (kitterman) on 2008-02-12

Changed in clamav:
assignee:	nobody → leonelnunez
status:	New → In Progress
assignee:	nobody → leonelnunez
status:	New → In Progress
assignee:	nobody → leonelnunez
status:	New → In Progress
assignee:	leonelnunez → kitterman

Scott Kitterman (kitterman) on 2008-02-12

Changed in clamav:
importance:	Undecided → High
status:	In Progress → Fix Released
assignee:	leonelnunez → kitterman

Revision history for this message

Leonel Nunez (leonelnunez) wrote on 2008-02-12:

#1

Gutsy Debdiff Edit (3.0 KiB, text/plain)

Patch for Gutsy

pbuilder builds fine
package installs and works fine

Revision history for this message

Scott Kitterman (kitterman) wrote on 2008-02-12:

#2

Feisty Debdiff Edit (2.7 KiB, text/plain)

Debdiff for Feisty. Build, installs, runs. Tested virus scanning with klamav. Patch directly ported from Debian fix for Etch.

Changed in clamav:
assignee:	kitterman → nobody
status:	In Progress → Fix Committed
assignee:	leonelnunez → nobody
status:	In Progress → Fix Committed
status:	Fix Committed → In Progress
assignee:	leonelnunez → nobody
status:	In Progress → Fix Committed

Revision history for this message

Scott Kitterman (kitterman) wrote on 2008-02-12:

#3

Doesn't apply to 0.88 versions in Edgy

Changed in clamav:
status:	New → Invalid
assignee:	nobody → leonelnunez

Revision history for this message

Scott Kitterman (kitterman) wrote on 2008-02-12:

#4

Dapper fix Edit (3.4 KiB, text/plain)

Draft debdiff for Dapper (still testing).

Revision history for this message

Scott Kitterman (kitterman) wrote on 2008-02-12:

#5

Build, installs, runs. Tested virus scanning with klamav.

Changed in clamav:
assignee:	leonelnunez → nobody
status:	In Progress → Fix Committed
assignee:	kitterman → nobody

Revision history for this message

Launchpad Janitor (janitor) wrote on 2008-02-13:

#6

This bug was fixed in the package clamav - 0.90.2-0ubuntu1.6

---------------
clamav (0.90.2-0ubuntu1.6) feisty-security; urgency=low

  * Security UPDATE: (LP: #191150)
    libclamav/pe.c: possible integer overflow
    libclamav/others.c: tempfile symlink vulnerability
    Thanks to Stephen Gran <email address hidden> for the patches
  * References
    CVE-2008-0318
    CVE-2007-6595

-- Scott Kitterman <email address hidden> Mon, 11 Feb 2008 23:03:18 -0500

Changed in clamav:
status:	Fix Committed → Fix Released

Scott Kitterman (kitterman) on 2008-02-26

Changed in clamav:
status:	Fix Committed → Fix Released
status:	Fix Committed → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

Duplicates of this bug

Bug #195685

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

Add patch

Remote bug watches

Bug watches keep track of this bug in other bug trackers.