Date: Thu, 6 Apr 2006 11:24:49 +0000 (GMT) From: Alessandro Dellavedova <alessandro.dellavedova@ifom-ieo-campus.it> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/95404: Upgrade /security/clamav to version 0.88.1 Message-ID: <20060406112449.5D3BA43D49@mx1.FreeBSD.org> Resent-Message-ID: <200604061130.k36BUIdA007459@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 95404 >Category: ports >Synopsis: Upgrade /security/clamav to version 0.88.1 >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Thu Apr 06 11:30:17 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Alessandro Dellavedova >Release: FreeBSD 5.4-RELEASE-p8 i386 >Organization: European Institute of Oncology >Environment: System: FreeBSD aaatest 5.4-RELEASE-p8 FreeBSD 5.4-RELEASE-p8 #0: Wed Nov 16 14:30:10 CET 2005 root@genebox:/usr/obj/usr/src/sys/GENEBOX i386 >Description: Security update, fixes the following CVE IDs: CVE ID : CVE-2006-1614 CVE-2006-1615 CVE-2006-1630 Several remote vulnerabilities have been discovered in the ClamAV anti-virus toolkit, which may lead to denial of service and potentially to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2006-1614 Damian Put discovered an integer overflow in the PE header parser. This is only exploitable if the ArchiveMaxFileSize option is disabled. CVE-2006-1615 Format string vulnerabilities in the logging code have been discovered, which might lead to the execution of arbitrary code. CVE-2006-1630 David Luyer discovered, that ClamAV can be tricked into an invalid memory access in the cli_bitset_set() function, which may lead to a denial of service. >How-To-Repeat: >Fix: --- patch-clamav-0.88.1 begins here --- diff -ruN clamav/Makefile clamav-0.88.1/Makefile --- clamav/Makefile Fri Mar 24 10:28:14 2006 +++ clamav-0.88.1/Makefile Thu Apr 6 09:33:10 2006 @@ -6,8 +6,8 @@ # PORTNAME= clamav -PORTVERSION= 0.88 -PORTREVISION= 1 +PORTVERSION= 0.88.1 +PORTREVISION= 0 CATEGORIES= security MASTER_SITES= ${MASTER_SITE_SOURCEFORGE_EXTENDED} MASTER_SITE_SUBDIR= clamav diff -ruN clamav/distinfo clamav-0.88.1/distinfo --- clamav/distinfo Thu Jan 12 02:18:14 2006 +++ clamav-0.88.1/distinfo Thu Apr 6 09:41:54 2006 @@ -1,3 +1,3 @@ -MD5 (clamav-0.88.tar.gz) = 5d23205673c32e2b1b6db95000e6da74 -SHA256 (clamav-0.88.tar.gz) = 7912be29d13dae676691fbad7fa5fc1518eb3b8b45f8d147097908533ca1f8db -SIZE (clamav-0.88.tar.gz) = 4564473 +MD5 (clamav-0.88.1.tar.gz) = 9fe8c47037051e350077513dd94fb76a +SHA256 (clamav-0.88.1.tar.gz) = 25f678d1268fa91913dd2f0b7e08338faf65a4f48618ce59d773e3c42e606cff +SIZE (clamav-0.88.1.tar.gz) = 5348769 --- patch-clamav-0.88.1 ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060406112449.5D3BA43D49>