Date: Thu, 6 Apr 2006 11:24:49 +0000 (GMT) From: Alessandro Dellavedova <alessandro.dellavedova@ifom-ieo-campus.it> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/95404: Upgrade /security/clamav to version 0.88.1 Message-ID: <20060406112449.5D3BA43D49@mx1.FreeBSD.org> Resent-Message-ID: <200604061130.k36BUIdA007459@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 95404
>Category: ports
>Synopsis: Upgrade /security/clamav to version 0.88.1
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Thu Apr 06 11:30:17 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: Alessandro Dellavedova
>Release: FreeBSD 5.4-RELEASE-p8 i386
>Organization:
European Institute of Oncology
>Environment:
System: FreeBSD aaatest 5.4-RELEASE-p8 FreeBSD 5.4-RELEASE-p8 #0: Wed Nov 16 14:30:10 CET 2005 root@genebox:/usr/obj/usr/src/sys/GENEBOX i386
>Description:
Security update, fixes the following CVE IDs:
CVE ID : CVE-2006-1614 CVE-2006-1615 CVE-2006-1630
Several remote vulnerabilities have been discovered in the ClamAV
anti-virus toolkit, which may lead to denial of service and potentially
to the execution of arbitrary code. The Common Vulnerabilities and
Exposures project identifies the following problems:
CVE-2006-1614
Damian Put discovered an integer overflow in the PE header parser.
This is only exploitable if the ArchiveMaxFileSize option is disabled.
CVE-2006-1615
Format string vulnerabilities in the logging code have been discovered,
which might lead to the execution of arbitrary code.
CVE-2006-1630
David Luyer discovered, that ClamAV can be tricked into an invalid
memory access in the cli_bitset_set() function, which may lead to
a denial of service.
>How-To-Repeat:
>Fix:
--- patch-clamav-0.88.1 begins here ---
diff -ruN clamav/Makefile clamav-0.88.1/Makefile
--- clamav/Makefile Fri Mar 24 10:28:14 2006
+++ clamav-0.88.1/Makefile Thu Apr 6 09:33:10 2006
@@ -6,8 +6,8 @@
#
PORTNAME= clamav
-PORTVERSION= 0.88
-PORTREVISION= 1
+PORTVERSION= 0.88.1
+PORTREVISION= 0
CATEGORIES= security
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE_EXTENDED}
MASTER_SITE_SUBDIR= clamav
diff -ruN clamav/distinfo clamav-0.88.1/distinfo
--- clamav/distinfo Thu Jan 12 02:18:14 2006
+++ clamav-0.88.1/distinfo Thu Apr 6 09:41:54 2006
@@ -1,3 +1,3 @@
-MD5 (clamav-0.88.tar.gz) = 5d23205673c32e2b1b6db95000e6da74
-SHA256 (clamav-0.88.tar.gz) = 7912be29d13dae676691fbad7fa5fc1518eb3b8b45f8d147097908533ca1f8db
-SIZE (clamav-0.88.tar.gz) = 4564473
+MD5 (clamav-0.88.1.tar.gz) = 9fe8c47037051e350077513dd94fb76a
+SHA256 (clamav-0.88.1.tar.gz) = 25f678d1268fa91913dd2f0b7e08338faf65a4f48618ce59d773e3c42e606cff
+SIZE (clamav-0.88.1.tar.gz) = 5348769
--- patch-clamav-0.88.1 ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060406112449.5D3BA43D49>