Ubuntu
clamav package

Remote Code Execution

Bug #177537 reported by Leonel Nunez
266
Affects Status Importance Assigned to Milestone
Feisty Backports
Fix Released
Undecided
Brandon Holtsclaw
clamav (Ubuntu)
Fix Released
Undecided
Scott Kitterman
Dapper
Won't Fix
Undecided
Unassigned
Edgy
Won't Fix
Undecided
Unassigned
Feisty
Fix Released
Undecided
Leonel Nunez
Gutsy
Fix Released
Undecided
Leonel Nunez
Hardy
Fix Released
Undecided
Scott Kitterman

Bug Description

Remote code Excecution
Integer overflow in decompression code for MEW
and off-by-one in MS-ZIP
References CVE-2007-6335 and CVE-2007-6336

CVE References

Revision history for this message
Leonel Nunez (leonelnunez) wrote :

Debdiff For Gutsy

Revision history for this message
Leonel Nunez (leonelnunez) wrote :

package builds and installs

Changed in clamav:
assignee: nobody → leonelnunez
status: New → In Progress
Revision history for this message
Scott Kitterman (kitterman) wrote :

Fix in binary NEW (clamav 0.92)

Changed in clamav:
assignee: nobody → nunez
status: New → In Progress
assignee: nunez → leonelnunez
assignee: leonelnunez → kitterman
status: In Progress → Fix Committed
status: New → Won't Fix
status: New → Won't Fix
status: In Progress → Fix Committed
assignee: nobody → leonelnunez
status: New → In Progress
Changed in feisty-backports:
assignee: nobody → kitterman
status: New → In Progress
Revision history for this message
Kees Cook (kees) wrote :

Gutsy uploaded to security queue (after adjusting pocket and version). Thanks for the fix! It should be published shortly...

Revision history for this message
Leonel Nunez (leonelnunez) wrote :

Feisty debdiff
Package build , install and works fine

Kees Cook (kees)
Changed in clamav:
status: Fix Committed → Fix Released
status: In Progress → Fix Committed
Scott Kitterman (kitterman)
Changed in feisty-backports:
assignee: kitterman → imbrandon
status: In Progress → New
Scott Kitterman (kitterman)
Changed in clamav:
status: Fix Committed → Fix Released
Scott Kitterman (kitterman)
Changed in clamav:
status: Fix Committed → Fix Released
Brandon Holtsclaw (imbrandon)
Changed in feisty-backports:
status: New → Confirmed
status: Confirmed → Fix Released
Scott Kitterman (kitterman)
Changed in feisty-backports:
status: Fix Released → In Progress
Revision history for this message
Martin Pitt (pitti) wrote :

 * Trying to backport clamav...
  - <clamav_0.92~dfsg.orig.tar.gz: downloading from librarian>
  - <clamav_0.92~dfsg-2.diff.gz: downloading from librarian>
  - <clamav_0.92~dfsg-2.dsc: downloading from librarian>
I: Extracting clamav_0.92~dfsg-2.dsc ... done.
I: Building backport of clamav-0.92~dfsg as 0.92~dfsg-2~feisty1 ... done.

Changed in feisty-backports:
status: In Progress → Fix Released
Revision history for this message
Martin Pitt (pitti) wrote :

Bad hardy->feisty backport (library transition); I rejected the packages from binary NEW and removed the source package from feisty-backports. Once this is published (i. e. the package actually got removed), I'll backport the gutsy-security version.

Changed in feisty-backports:
status: Fix Released → Confirmed
Revision history for this message
Martin Pitt (pitti) wrote :

 * Trying to backport clamav...
  - <clamav_0.91.2.orig.tar.gz: downloading from librarian>
  - <clamav_0.91.2-3ubuntu2.1.diff.gz: downloading from librarian>
  - <clamav_0.91.2-3ubuntu2.1.dsc: downloading from librarian>
I: Extracting clamav_0.91.2-3ubuntu2.1.dsc ... done.
I: Building backport of clamav-0.91.2 as 0.91.2-3ubuntu2.1~feisty1 ... done.

Changed in feisty-backports:
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.