possible integer overflow

Bug #191150 reported by Leonel Nunez
262
Affects Status Importance Assigned to Milestone
clamav (Ubuntu)
Fix Released
High
Unassigned
Dapper
Fix Released
Undecided
Unassigned
Edgy
Invalid
Undecided
Unassigned
Feisty
Fix Released
Undecided
Unassigned
Gutsy
Fix Released
Undecided
Unassigned

Bug Description

Possible Integer overflow in libclamav/pe.c

CVE-2008-0316

Changed in clamav:
assignee: nobody → leonelnunez
status: New → In Progress
Changed in clamav:
assignee: nobody → leonelnunez
status: New → In Progress
assignee: nobody → leonelnunez
status: New → In Progress
assignee: nobody → leonelnunez
status: New → In Progress
assignee: leonelnunez → kitterman
Changed in clamav:
importance: Undecided → High
status: In Progress → Fix Released
assignee: leonelnunez → kitterman
Revision history for this message
Leonel Nunez (leonelnunez) wrote :

Patch for Gutsy

pbuilder builds fine
package installs and works fine

Revision history for this message
Scott Kitterman (kitterman) wrote :

Debdiff for Feisty. Build, installs, runs. Tested virus scanning with klamav. Patch directly ported from Debian fix for Etch.

Changed in clamav:
assignee: kitterman → nobody
status: In Progress → Fix Committed
assignee: leonelnunez → nobody
status: In Progress → Fix Committed
status: Fix Committed → In Progress
assignee: leonelnunez → nobody
status: In Progress → Fix Committed
Revision history for this message
Scott Kitterman (kitterman) wrote :

Doesn't apply to 0.88 versions in Edgy

Changed in clamav:
status: New → Invalid
assignee: nobody → leonelnunez
Revision history for this message
Scott Kitterman (kitterman) wrote :

Draft debdiff for Dapper (still testing).

Revision history for this message
Scott Kitterman (kitterman) wrote :

Build, installs, runs. Tested virus scanning with klamav.

Changed in clamav:
assignee: leonelnunez → nobody
status: In Progress → Fix Committed
assignee: kitterman → nobody
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package clamav - 0.90.2-0ubuntu1.6

---------------
clamav (0.90.2-0ubuntu1.6) feisty-security; urgency=low

  * Security UPDATE: (LP: #191150)
    libclamav/pe.c: possible integer overflow
    libclamav/others.c: tempfile symlink vulnerability
    Thanks to Stephen Gran <email address hidden> for the patches
  * References
    CVE-2008-0318
    CVE-2007-6595

 -- Scott Kitterman <email address hidden> Mon, 11 Feb 2008 23:03:18 -0500

Changed in clamav:
status: Fix Committed → Fix Released
Changed in clamav:
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.