| Summary: | clamav new security issue in xar parser | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | herman.viaene, lewyssmith, marja11, nicolas.salguero, sysadmin-bugs, wilcal.int |
| Version: | 6 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA5TOO MGA6-32-OK MGA6-64-OK MGA5-32-OK MGA5-64-OK | ||
| Source RPM: | clamav-0.99.2-2.2.mga6.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2017-09-29 21:27:48 CEST
David Walser
2017-09-29 21:27:56 CEST
Whiteboard:
(none) =>
MGA6TOO, MGA5TOO Assigning to all packagers collectively, since there is no registered maintainer for this package. Assignee:
bugsquad =>
pkg-bugs Suggested advisory: ======================== The updated packages fix a security vulnerability: A malformed xar file can cause an out of bounds heap read in clamav. References: ======================== http://openwall.com/lists/oss-security/2017/09/29/4 Updated packages in 5/core/updates_testing: ======================== clamav-0.99.2-1.2.mga5 clamd-0.99.2-1.2.mga5 clamav-milter-0.99.2-1.2.mga5 clamav-db-0.99.2-1.2.mga5 lib(64)clamav7-0.99.2-1.2.mga5 lib(64)clamav-devel-0.99.2-1.2.mga5 from SRPMS: clamav-0.99.2-1.2.mga5.src.rpm Updated packages in 6/core/updates_testing: ======================== clamav-0.99.2-2.3.mga6 clamd-0.99.2-2.3.mga6 clamav-milter-0.99.2-2.3.mga6 clamav-db-0.99.2-2.3.mga6 lib(64)clamav7-0.99.2-2.3.mga6 lib(64)clamav-devel-0.99.2-2.3.mga6 from SRPMS: clamav-0.99.2-2.3.mga6.src.rpm Source RPM:
clamav-0.99.2-4.mga7.src.rpm =>
clamav-0.99.2-2.2.mga6.src.rpm MGA-32 on Asus A6000VM MATE No installation issues At CLI: $ clamscan -r Documenten/ LibClamAV Warning: ************************************************** LibClamAV Warning: *** The virus database is older than 7 days! *** LibClamAV Warning: *** Please update it as soon as possible. *** LibClamAV Warning: ************************************************** Documenten/javacode/helloworld.java: OK Documenten/javacode/helloworld.class: OK Documenten/javacode/helloworld$1.class: OK Documenten/graphmagi/after: OK and a lot more, then at the end: ----------- SCAN SUMMARY ----------- Known viruses: 4397722 Engine version: 0.99.2 Scanned directories: 3 Scanned files: 76 Infected files: 0 Data scanned: 45.14 MB Data read: 35.89 MB (ratio 1.26:1) Time: 46.398 sec (0 m 46 s) OK for me CC:
(none) =>
herman.viaene In VirtualBox, M6, Plasma, 64-bit Package(s) under test: clamav clamav-db lib64clamav7 install clamav clamav-db & lib64clamav7 [root@localhost wilcal]# urpmi clamav Package clamav-0.99.2-2.2.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi clamav-db Package clamav-db-0.99.2-2.2.mga6.noarch is already installed [root@localhost wilcal]# urpmi lib64clamav7 Package lib64clamav7-0.99.2-2.2.mga6.x86_64 is already installed Update with freshclam ( takes awhile ) [root@localhost wilcal]# freshclam check clamav files: [root@localhost wilcal]# ls -al /var/lib/clamav total 341484 drwxrwxr-x 3 clamav clamav 4096 Oct 5 14:14 ./ drwxr-xr-x 51 root root 4096 Oct 5 14:10 ../ -rw-r--r-- 1 clamav clamav 150963 Oct 5 14:13 bytecode.cvd -rw-r--r-- 1 clamav clamav 42010405 Oct 5 14:13 daily.cvd -rw-r--r-- 1 clamav clamav 307499008 Oct 5 14:11 main.cld -rw------- 1 clamav clamav 364 Oct 5 14:14 mirrors.dat drwxr-xr-x 2 clamav clamav 4096 Aug 19 13:05 tmp/ scan /etc [root@localhost wilcal]# clamscan -r -i /etc ----------- SCAN SUMMARY ----------- Known viruses: 6306711 Engine version: 0.99.2 Scanned directories: 488 Scanned files: 2024 Infected files: 0 Data scanned: 50.72 MB Data read: 27.49 MB (ratio 1.85:1) Time: 22.689 sec (0 m 22 s) clamscan successful install clamav clamav-db & lib64clamav7 from updates_testing [root@localhost wilcal]# urpmi clamav Package clamav-0.99.2-2.3.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi clamav-db Package clamav-db-0.99.2-2.3.mga6.noarch is already installed [root@localhost wilcal]# urpmi lib64clamav7 Package lib64clamav7-0.99.2-2.3.mga6.x86_64 is already installed No need to update ( freshclam ) clamav db scan /var [wilcal@localhost ~]$ clamscan -r -i /var ----------- SCAN SUMMARY ----------- Known viruses: 6306711 Engine version: 0.99.2 Scanned directories: 214 Scanned files: 333 Infected files: 0 Total errors: 51 Data scanned: 351.20 MB Data read: 791.80 MB (ratio 0.44:1) Time: 45.094 sec (0 m 45 s) clamscan successful I had to rebuild the freshclam db to get the new version to use it. Minor wrinkle. CC:
(none) =>
wilcal.int
William Kenney
2017-10-05 23:44:16 CEST
Whiteboard:
MGA5TOO MGA6-32-OK =>
MGA5TOO MGA6-32-OK MGA6-64-OK In VirtualBox, M5.1, KDE, 64-bit Package(s) under test: clamav clamav-db lib64clamav7 install clamav clamav-db & lib64clamav7 [root@localhost wilcal]# urpmi clamav Package clamav-0.99.2-1.1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi clamav-db Package clamav-db-0.99.2-1.1.mga5.noarch is already installed [root@localhost wilcal]# urpmi lib64clamav7 Package lib64clamav7-0.99.2-1.1.mga5.x86_64 is already installed Update with freshclam ( takes awhile ) [root@localhost wilcal]# freshclam check clamav files: [root@localhost wilcal]# ls -al /var/lib/clamav total 341484 drwxrwxr-x 3 clamav clamav 4096 Oct 5 14:54 ./ drwxr-xr-x 44 root root 4096 Oct 5 14:47 ../ -rw-r--r-- 1 clamav clamav 150963 Oct 5 14:53 bytecode.cvd -rw-r--r-- 1 clamav clamav 42010405 Oct 5 14:53 daily.cvd -rw-r--r-- 1 clamav clamav 307499008 Oct 5 14:50 main.cld -rw------- 1 clamav clamav 468 Oct 5 14:54 mirrors.dat drwxr-xr-x 2 clamav clamav 4096 Aug 19 13:57 tmp/ scan /etc [root@localhost wilcal]# clamscan -r -i /etc ----------- SCAN SUMMARY ----------- Known viruses: 6306711 Engine version: 0.99.2 Scanned directories: 464 Scanned files: 1810 Infected files: 0 Data scanned: 41.75 MB Data read: 22.18 MB (ratio 1.88:1) Time: 18.247 sec (0 m 18 s) clamscan successful install clamav clamav-db & lib64clamav7 from updates_testing [root@localhost wilcal]# urpmi clamav Package clamav-0.99.2-1.2.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi clamav-db Package clamav-db-0.99.2-1.2.mga5.noarch is already installed [root@localhost wilcal]# urpmi lib64clamav7 Package lib64clamav7-0.99.2-1.2.mga5.x86_64 is already installed No need to update ( freshclam ) clamav db scan /var [root@localhost wilcal]# clamscan -r -i /var ----------- SCAN SUMMARY ----------- Known viruses: 6306711 Engine version: 0.99.2 Scanned directories: 274 Scanned files: 373 Infected files: 0 Data scanned: 502.08 MB Data read: 751.22 MB (ratio 0.67:1) Time: 68.540 sec (1 m 8 s) clamscan successful Rebuilt the freshclam db again
William Kenney
2017-10-06 00:24:27 CEST
Whiteboard:
MGA5TOO MGA6-32-OK MGA6-64-OK =>
MGA5TOO MGA6-32-OK MGA6-64-OK MGA5-64-OK In VirtualBox, M5.1, KDE, 32-bit
Package(s) under test:
clamav clamav-db libclamav7
install clamav clamav-db & libclamav7
[root@localhost wilcal]# urpmi clamav
Package clamav-0.99.2-1.1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi clamav-db
Package clamav-db-0.99.2-1.1.mga5.noarch is already installed
[root@localhost wilcal]# urpmi libclamav7
Package libclamav7-0.99.2-1.1.mga5.i586 is already installed
Update with freshclam ( takes awhile )
[root@localhost wilcal]# freshclam
check clamav files:
[root@localhost wilcal]# ls -al /var/lib/clamav
total 341484
drwxrwxr-x 3 clamav clamav 4096 Oct 5 16:28 ./
drwxr-xr-x 44 root root 4096 Oct 5 16:22 ../
-rw-r--r-- 1 clamav clamav 150963 Oct 5 16:26 bytecode.cvd
-rw-r--r-- 1 clamav clamav 42010405 Oct 5 16:25 daily.cvd
-rw-r--r-- 1 clamav clamav 307499008 Oct 5 15:49 main.cld
-rw------- 1 clamav clamav 364 Oct 5 16:28 mirrors.dat
drwxr-xr-x 2 clamav clamav 4096 Aug 19 13:57 tmp/
scan /etc
[root@localhost wilcal]# clamscan -r -i /etc
----------- SCAN SUMMARY -----------
Known viruses: 6306711
Engine version: 0.99.2
Scanned directories: 464
Scanned files: 1810
Infected files: 0
Data scanned: 41.74 MB
Data read: 22.18 MB (ratio 1.88:1)
Time: 19.885 sec (0 m 19 s)
clamscan successful
install clamav clamav-db & libclamav7 from updates_testing
[root@localhost wilcal]# urpmi clamav
Package clamav-0.99.2-1.2.mga5.i586 is already installed
[root@localhost wilcal]# urpmi clamav-db
Package clamav-db-0.99.2-1.2.mga5.noarch is already installed
[root@localhost wilcal]# urpmi libclamav7
Package libclamav7-0.99.2-1.2.mga5.i586 is already installed
No need to update ( freshclam ) clamav db
scan /var
[root@localhost wilcal]# clamscan -r -i /var
----------- SCAN SUMMARY -----------
Known viruses: 6306711
Engine version: 0.99.2
Scanned directories: 271
Scanned files: 379
Infected files: 0
Data scanned: 486.41 MB
Data read: 767.73 MB (ratio 0.63:1)
Time: 82.387 sec (1 m 22 s)
clamscan successful
Rebuilt the freshclam db again
William Kenney
2017-10-06 01:57:35 CEST
Whiteboard:
MGA5TOO MGA6-32-OK MGA6-64-OK MGA5-64-OK =>
MGA5TOO MGA6-32-OK MGA6-64-OK MGA5-32-OK MGA5-64-OK This update works fine. Testing complete for MGA6, 32-bit & 64-bit Validating the update. Could someone from the sysadmin team push to updates. Thanks Keywords:
(none) =>
validated_update Advisoried; but no CVE. Keywords:
(none) =>
advisory An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2017-0363.html Resolution:
(none) =>
FIXED |