Ubuntu
clamav package

Update for clamav security fixes from 0.96 release

Bug #553266 reported by Scott Kitterman
260
This bug affects 1 person
Affects Status Importance Assigned to Milestone
clamav (Ubuntu)
Fix Released
Low
Scott Kitterman
Ubuntu ubuntu-10.04-beta-2
Dapper
Fix Released
Low
Unassigned
Hardy
Fix Released
Low
Unassigned
Intrepid
Fix Released
Low
Jamie Strandboge
Jaunty
Fix Released
Low
Jamie Strandboge
Karmic
Fix Released
Low
Unassigned
Lucid
Fix Released
Low
Scott Kitterman
Ubuntu ubuntu-10.04-beta-2

Bug Description

Binary package hint: clamav

http://git.clamav.net/gitweb?p=clamav-devel.git;a=log

* libclamav/mspack.c: improve unpacking of malformed cabinets (bb#1826) (158c35e81a25ea5fda55a2a7f62ea9fec2e883d9) and * libclamav/mspack.c: fix Quantum decompressor (bb#1771) (224fee54dd6cd8933d7007331ec2bfca0398d4b4) are security fixes in 0.96.

Update: CL_FLEVEL_DCONF change isn't needed since no modules are currently disabled.

See original description
Scott Kitterman (kitterman)
Changed in clamav (Ubuntu Dapper):
status: New → Confirmed
Changed in clamav (Ubuntu Hardy):
status: New → Confirmed
Changed in clamav (Ubuntu Jaunty):
status: New → Confirmed
Changed in clamav (Ubuntu Lucid):
status: New → Confirmed
Changed in clamav (Ubuntu Karmic):
status: New → Confirmed
Changed in clamav (Ubuntu Lucid):
milestone: none → ubuntu-10.04
Scott Kitterman (kitterman)
security vulnerability: no → yes
Jamie Strandboge (jdstrand)
Changed in clamav (Ubuntu Lucid):
assignee: nobody → Scott Kitterman (kitterman)
Changed in clamav (Ubuntu Karmic):
assignee: nobody → Scott Kitterman (kitterman)
Changed in clamav (Ubuntu Intrepid):
assignee: nobody → Jamie Strandboge (jdstrand)
Changed in clamav (Ubuntu Jaunty):
assignee: nobody → Jamie Strandboge (jdstrand)
Changed in clamav (Ubuntu Intrepid):
status: New → Confirmed
Changed in clamav (Ubuntu Lucid):
importance: Undecided → Low
Changed in clamav (Ubuntu Karmic):
importance: Undecided → Low
Changed in clamav (Ubuntu Jaunty):
importance: Undecided → Low
Changed in clamav (Ubuntu Hardy):
importance: Undecided → Low
Changed in clamav (Ubuntu Karmic):
status: Confirmed → In Progress
Changed in clamav (Ubuntu Intrepid):
importance: Undecided → Low
Changed in clamav (Ubuntu Dapper):
importance: Undecided → Low
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Per IRC discussion:
08:26 < jdstrand> ScottK: libclamav/mspack.c: improve unpacking of malformed
                  cabinets (bb#1826) does not seem security relevant
08:26 < ScottK> jdstrand: OK. I'll skip that one.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

After further discussion, bb#1826 should probably be included:
08:30 < mdeslaur> well, it is security relevant in a clamav context
08:30 < mdeslaur> virus laden email hides in cabinet files
08:30 < mdeslaur> they make them slightly corrupted so AV scanners can't open them
08:30 < mdeslaur> this makes clamav open more corrupted cabinet files, so it can scan the files inside
08:31 < mdeslaur> so it's security relevant in a "lets less viruses go though" way
08:33 < jdstrand> will clamav reject it if it is malformed?
08:34 < mdeslaur> it depends on what the software that uses clamav does
08:34 < mdeslaur> It's usually configurable
08:36 < jdstrand> ScottK: based on mdeslaur's comments, let's include it for those people who accept attachments that can't be decompressed

Scott Kitterman (kitterman)
description: updated
Revision history for this message
Scott Kitterman (kitterman) wrote :
Download full text (10.6 KiB)

Test results for the modified package (karmic):

Skipping private tests
Test LP: #365823 (clamav-milter chowns directories to clamav) ... (skipped: bug 365823 affected 9.04) ok
Test files from clamav-testfiles ...
  clam-v2.rar... (skipped: RAR support only exists in 0.92 and earlier) ok
  clam.zip... ok
  clam.exe.bz2... ok
  clam.cab... ok
  clam.exe... ok
  clam-v3.rar... (skipped: RAR support only exists in 0.92 and earlier) ok
ok
Test clamd is listening ... ok
Passes clean files ... ok
Passes clean bzip2 ... ok
Passes clean gzip ... ok
Passes clean mbox ... ok
Passes clean RAR ... FAIL
Passes clean ZIP ... FAIL
Flags EICAR ... ok
Flags EICAR bzip2 ... ok
Flags EICAR gzip ... ok ...

Revision history for this message
Scott Kitterman (kitterman) wrote :

Actually it's only 3. I didn't have zip installed:

======================================================================
FAIL: Passes clean RAR
----------------------------------------------------------------------
Traceback (most recent call last):
  File "./test-clamav.py", line 246, in test_clean_rar
    self._flag_container(['/usr/bin/rar', 'a'], 'rar', 0)
  File "./test-clamav.py", line 177, in _flag_container
    self.assertEquals(rc, 0, out)
AssertionError: [Errno 2] No such file or directory

======================================================================
FAIL: Flags EICAR RAR
----------------------------------------------------------------------
Traceback (most recent call last):
  File "./test-clamav.py", line 239, in test_eicar_rar
    self._flag_container(['/usr/bin/rar', 'a'], 'rar', expected)
  File "./test-clamav.py", line 177, in _flag_container
    self.assertEquals(rc, 0, out)
AssertionError: [Errno 2] No such file or directory

======================================================================
FAIL: Test freshclam
----------------------------------------------------------------------
Traceback (most recent call last):
  File "./test-clamav.py", line 419, in test_freshclam
    self.assertTrue(rc == expected, result + report)
AssertionError: Got exit code 127
[Errno 2] No such file or directory

----------------------------------------------------------------------
Ran 19 tests in 194.402s

FAILED (failures=3)

Revision history for this message
Scott Kitterman (kitterman) wrote :

The current packages in karmic-updates fail the same 3 tests, so I think this is a chroot issue:

======================================================================
FAIL: Passes clean RAR
----------------------------------------------------------------------
Traceback (most recent call last):
  File "./test-clamav.py", line 246, in test_clean_rar
    self._flag_container(['/usr/bin/rar', 'a'], 'rar', 0)
  File "./test-clamav.py", line 177, in _flag_container
    self.assertEquals(rc, 0, out)
AssertionError: [Errno 2] No such file or directory

======================================================================
FAIL: Flags EICAR RAR
----------------------------------------------------------------------
Traceback (most recent call last):
  File "./test-clamav.py", line 239, in test_eicar_rar
    self._flag_container(['/usr/bin/rar', 'a'], 'rar', expected)
  File "./test-clamav.py", line 177, in _flag_container
    self.assertEquals(rc, 0, out)
AssertionError: [Errno 2] No such file or directory

======================================================================
FAIL: Test freshclam
----------------------------------------------------------------------
Traceback (most recent call last):
  File "./test-clamav.py", line 419, in test_freshclam
    self.assertTrue(rc == expected, result + report)
AssertionError: Got exit code 127
[Errno 2] No such file or directory

----------------------------------------------------------------------
Ran 19 tests in 173.528s

FAILED (failures=3)

Revision history for this message
Scott Kitterman (kitterman) wrote :

Except for versioning, Dapper and Jaunty should be the same.

Changed in clamav (Ubuntu Karmic):
assignee: Scott Kitterman (kitterman) → nobody
status: In Progress → Confirmed
Revision history for this message
Scott Kitterman (kitterman) wrote :

Tested that the diff applies to the current Hardy package, but not beyond that.

Revision history for this message
Scott Kitterman (kitterman) wrote :

Same for Dapper.

Changed in clamav (Ubuntu Lucid):
status: Confirmed → In Progress
milestone: ubuntu-10.04 → ubuntu-10.04-beta-2
Scott Kitterman (kitterman)
Changed in clamav (Ubuntu Lucid):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package clamav - 0.96~rc2+dfsg-0ubuntu3

---------------
clamav (0.96~rc2+dfsg-0ubuntu3) lucid; urgency=high

  * SECURITY UPDATE: (LP: #553266)
  * References clamav bugs #1771 and #1826
  * libclamav/mspack.c: fix Quantum decompressor (bb#1771)
    - clamav git 224fee54dd6cd8933d7007331ec2bfca0398d4b4
  * libclamav/mspack.c: improve unpacking of malformed cabinets (bb#1826)
    - clamav git 31b77b3fb589ab07e7b4d84f8b3825178864ee51
 -- Scott Kitterman <email address hidden> Thu, 01 Apr 2010 11:09:57 -0400

Changed in clamav (Ubuntu Lucid):
status: Fix Committed → Fix Released
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1826
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1771

The first has been assigned CVE-2010-0098

Jamie Strandboge (jdstrand)
Changed in clamav (Ubuntu Intrepid):
status: Confirmed → Fix Committed
Changed in clamav (Ubuntu Jaunty):
status: Confirmed → Fix Committed
Changed in clamav (Ubuntu Karmic):
status: Confirmed → Fix Committed
Jamie Strandboge (jdstrand)
Changed in clamav (Ubuntu Dapper):
status: Confirmed → Fix Committed
Changed in clamav (Ubuntu Hardy):
status: Confirmed → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package clamav - 0.95.3+dfsg-1ubuntu0.09.10.1

---------------
clamav (0.95.3+dfsg-1ubuntu0.09.10.1) karmic-security; urgency=high

  * SECURITY UPDATE: (LP: #553266)
  * References clamav bugs #1771 and #1826
  * libclamav/mspack.c: fix Quantum decompressor (bb#1771)
    - clamav git 224fee54dd6cd8933d7007331ec2bfca0398d4b4
  * libclamav/mspack.c: improve unpacking of malformed cabinets (bb#1826)
    - clamav git 31b77b3fb589ab07e7b4d84f8b3825178864ee51
 -- Scott Kitterman <email address hidden> Thu, 01 Apr 2010 09:15:53 -0400

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package clamav - 0.95.3+dfsg-1ubuntu0.09.04.1

---------------
clamav (0.95.3+dfsg-1ubuntu0.09.04.1) jaunty-security; urgency=low

  * SECURITY UPDATE: (LP: #553266)
  * References clamav bugs #1771 and #1826
  * libclamav/mspack.c: fix Quantum decompressor (bb#1771)
    - clamav git 224fee54dd6cd8933d7007331ec2bfca0398d4b4
  * libclamav/mspack.c: improve unpacking of malformed cabinets (bb#1826)
    - clamav git 31b77b3fb589ab07e7b4d84f8b3825178864ee51
  * based on work by Scott Kitterman
 -- Jamie Strandboge <email address hidden> Tue, 06 Apr 2010 14:21:16 -0500

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package clamav - 0.95.3+dfsg-1ubuntu0.09.04~intrepid3

---------------
clamav (0.95.3+dfsg-1ubuntu0.09.04~intrepid3) intrepid-security; urgency=low

  * SECURITY UPDATE: (LP: #553266)
  * References clamav bugs #1771 and #1826
  * libclamav/mspack.c: fix Quantum decompressor (bb#1771)
    - clamav git 224fee54dd6cd8933d7007331ec2bfca0398d4b4
  * libclamav/mspack.c: improve unpacking of malformed cabinets (bb#1826)
    - clamav git 31b77b3fb589ab07e7b4d84f8b3825178864ee51
  * patch based on work by Scott Kitterman
 -- Jamie Strandboge <email address hidden> Tue, 06 Apr 2010 13:09:52 -0500

Changed in clamav (Ubuntu Intrepid):
status: Fix Committed → Fix Released
Changed in clamav (Ubuntu Jaunty):
status: Fix Committed → Fix Released
Changed in clamav (Ubuntu Karmic):
status: Fix Committed → Fix Released
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

http://www.ubuntu.com/usn/USN-624-2

Changed in clamav (Ubuntu Dapper):
status: Fix Committed → Fix Released
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Oops! Didn't mean to paste that USN here. This is what I meant to paste:

clamav (0.95.3+dfsg-1ubuntu0.09.04~dapper3) dapper-security; urgency=high

  * SECURITY UPDATE: (LP: #553266)
  * References clamav bugs #1771 and #1826
  * libclamav/mspack.c: fix Quantum decompressor (bb#1771)
    - clamav git 224fee54dd6cd8933d7007331ec2bfca0398d4b4
  * libclamav/mspack.c: improve unpacking of malformed cabinets (bb#1826)
    - clamav git 31b77b3fb589ab07e7b4d84f8b3825178864ee51
  * debian/clamav-milter.templates: remove comments and blank lines at the
    beginning of the file since Dapper doesn't like them (LP: #558598)

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package clamav - 0.95.3+dfsg-1ubuntu0.09.04~hardy2.3

---------------
clamav (0.95.3+dfsg-1ubuntu0.09.04~hardy2.3) hardy-security; urgency=high

  * SECURITY UPDATE: (LP: #553266)
  * References clamav bugs #1771 and #1826
  * libclamav/mspack.c: fix Quantum decompressor (bb#1771)
    - clamav git 224fee54dd6cd8933d7007331ec2bfca0398d4b4
  * libclamav/mspack.c: improve unpacking of malformed cabinets (bb#1826)
    - clamav git 31b77b3fb589ab07e7b4d84f8b3825178864ee51
 -- Scott Kitterman <email address hidden> Thu, 01 Apr 2010 09:15:53 -0400

Changed in clamav (Ubuntu Hardy):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.