Upstream has released version 0.98.5 on November 18: http://blog.clamav.net/2014/11/clamav-0985-has-been-released.html The clamscan crash received CVE-2013-6497: http://openwall.com/lists/oss-security/2014/11/19/5 Not sure if the yoda crypter fix will receive a CVE; if so it'll be in that thread. Some side notes about finding the CVE-2013-6497 issue: http://openwall.com/lists/oss-security/2014/11/19/6 Mageia 4 is also affected. Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA4TOO
0.98.5 has been submitted. Someone needs to submit it to cauldron as well.
CC: (none) => oe
Thanks Oden! Freeze push request sent for Cauldron. Assigning to QA. Advisory to come later. Packages uploaded for Mageia 3 and Mageia 4: clamav-0.98.5-1.mga3 clamd-0.98.5-1.mga3 clamav-milter-0.98.5-1.mga3 clamav-db-0.98.5-1.mga3 libclamav6-0.98.5-1.mga3 libclamav-devel-0.98.5-1.mga3 clamav-0.98.5-1.mga4 clamd-0.98.5-1.mga4 clamav-milter-0.98.5-1.mga4 clamav-db-0.98.5-1.mga4 libclamav6-0.98.5-1.mga4 libclamav-devel-0.98.5-1.mga4 from SRPMS: clamav-0.98.5-1.mga3.src.rpm clamav-0.98.5-1.mga4.src.rpm
CC: (none) => thomasVersion: Cauldron => 4Assignee: thomas => qa-bugsWhiteboard: MGA4TOO => MGA3TOO
Testing on Mageia3-64 real hardware Using procedure found https://bugs.mageia.org/show_bug.cgi?id=11288#c9 and reproducing bug found here : https://bugzilla.clamav.net/show_bug.cgi?id=11088 With current packages : -------------------- - clamav-0.98.4-1.mga3.x86_64 - clamav-db-0.98.4-1.mga3.noarch - clamav-milter-0.98.4-1.mga3.x86_64 - clamd-0.98.4-1.mga3.x86_64 - lib64clamav-devel-0.98.4-1.mga3.x86_64 - lib64clamav6-0.98.4-1.mga3.x86_64 # systemctl start clamd OK # systemctl start clamav-milter OK # freshclam #in order to update clamav virus database Clamd successfully notified about the update. # clamscan -r /home/zitounu # in order to scan my user home ----------- SCAN SUMMARY ----------- Known viruses: 3684869 Engine version: 0.98.4 Scanned directories: 902 Scanned files: 1524 Infected files: 0 Data scanned: 439.81 MB Data read: 3585.15 MB (ratio 0.12:1) Time: 31.885 sec (0 m 31 s) Downloaded file which produces crash found here: https://bugzilla.clamav.net/show_bug.cgi?id=11088 In directory where I downloaded the file : # clamscan -a Erreur de segmentation (and crash) Stopped clamd and clamav-milter services Updated to testing packages : --------------------------- - clamav-0.98.5-1.mga3.x86_64 - clamav-db-0.98.5-1.mga3.noarch - clamav-milter-0.98.5-1.mga3.x86_64 - clamd-0.98.5-1.mga3.x86_64 - lib64clamav-devel-0.98.5-1.mga3.x86_64 - lib64clamav6-0.98.5-1.mga3.x86_64 Restarted clamd and clamav-milter services OK # freshclam which told me virusdatabase was up to date # clamscan -r /home/zitounu ----------- SCAN SUMMARY ----------- Known viruses: 3684869 Engine version: 0.98.5 Scanned directories: 945 Scanned files: 1574 Infected files: 0 Data scanned: 460.52 MB Data read: 3602.15 MB (ratio 0.13:1) Time: 27.536 sec (0 m 27 s) In directory where file known to make clamd crash : # clamscan -a ----------- SCAN SUMMARY ----------- Known viruses: 3684869 Engine version: 0.98.5 Scanned directories: 1 Scanned files: 8 Infected files: 0 Data scanned: 0.64 MB Data read: 835.46 MB (ratio 0.00:1) Time: 5.944 sec (0 m 5 s) No crash this time. Could stop and restart services. clamscan could find eicar.com test file Update testing packages working well and fixing bug
CC: (none) => olchalWhiteboard: MGA3TOO => MGA3TOO MGA3-64-OK
Created attachment 5612 [details] Innocuous java script file which causes crash in clamav Found here : https://bugzilla.clamav.net/show_bug.cgi?id=11088
Mandriva has issued an advisory for this today (November 20): http://www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2014%3A217/ Advisory: ======================== Updated clamav packages fix security vulnerability: Certain javascript files causes ClamAV to segfault when scanned with the -a (list archived files) (CVE-2013-6497). ClamAV has been updated to version 0.98.5 to address this and other issues. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6497 https://bugzilla.clamav.net/show_bug.cgi?id=11088 http://blog.clamav.net/2014/11/clamav-0985-has-been-released.html http://www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2014%3A217/
URL: (none) => http://lwn.net/Vulnerabilities/622345/
CVE request for another issue fixed in 0.98.5: http://openwall.com/lists/oss-security/2014/11/21/12
CVE-2014-9050 was allocated for the yoda crypter issue: http://openwall.com/lists/oss-security/2014/11/22/1 Advisory: ======================== Updated clamav packages fix security vulnerability: Certain javascript files causes ClamAV to segfault when scanned with the -a (list archived files) (CVE-2013-6497). A heap buffer overflow was reported in ClamAV when scanning a specially crafted y0da Crypter obfuscated PE file (CVE-2014-9050). ClamAV has been updated to version 0.98.5 to address these and other issues. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6497 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9050 https://bugzilla.clamav.net/show_bug.cgi?id=11088 http://blog.clamav.net/2014/11/clamav-0985-has-been-released.html http://www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2014%3A217/ http://openwall.com/lists/oss-security/2014/11/22/1
In VirtualBox, M3, KDE, 32-bit Package(s) under test: clamav clamav-db libclamav6 install clamav clamav-db & libclamav6 [root@localhost wilcal]# urpmi clamav Package clamav-0.98.4-1.mga3.i586 is already installed [root@localhost wilcal]# urpmi clamav-db Package clamav-db-0.98.4-1.mga3.noarch is already installed [root@localhost wilcal]# urpmi libclamav6 Package libclamav6-0.98.4-1.mga3.i586 is already installed Update with freshclam ( takes awhile ) [root@localhost wilcal]# cd /var/lib/clamav [root@localhost clamav]# ls -al total 94380 drwxr-xr-x 3 clamav clamav 4096 Nov 22 11:02 ./ drwxr-xr-x 43 root root 4096 Nov 22 10:53 ../ -rw-r--r-- 1 clamav clamav 74230 Nov 22 11:02 bytecode.cvd -rw-r--r-- 1 clamav clamav 31823730 Nov 22 11:02 daily.cvd -rw-r--r-- 1 clamav clamav 64720632 Sep 20 2013 main.cvd -rw------- 1 clamav clamav 364 Nov 22 11:02 mirrors.dat drwxr-xr-x 2 clamav clamav 4096 Jun 20 12:21 tmp/ run clamscan [root@localhost wilcal]# clamscan -r -i ----------- SCAN SUMMARY ----------- Known viruses: 3688776 Engine version: 0.98.4 Scanned directories: 1440 Scanned files: 1939 Infected files: 0 Data scanned: 390.61 MB Data read: 353.49 MB (ratio 1.11:1) Time: 36.775 sec (0 m 36 s) install clamav clamav-db & libclamav6 from updates_testing [root@localhost wilcal]# urpmi clamav Package clamav-0.98.5-1.mga3.i586 is already installed [root@localhost wilcal]# urpmi clamav-db Package clamav-db-0.98.5-1.mga3.noarch is already installed [root@localhost wilcal]# urpmi libclamav6 Package libclamav6-0.98.5-1.mga3.i586 is already installed Update with freshclam - database is up-to-date run clamscan [root@localhost wilcal]# clamscan -r -i ----------- SCAN SUMMARY ----------- Known viruses: 3688776 Engine version: 0.98.5 Scanned directories: 1440 Scanned files: 1939 Infected files: 0 Data scanned: 390.62 MB Data read: 353.50 MB (ratio 1.11:1) Time: 30.321 sec (0 m 30 s) Successful clamscan.
CC: (none) => wilcal.intWhiteboard: MGA3TOO MGA3-64-OK => MGA3TOO MGA3-32-OK MGA3-64-OK
In VirtualBox, M4, KDE, 32-bit Package(s) under test: clamav clamav-db libclamav6 install clamav clamav-db & libclamav6 [root@localhost wilcal]# urpmi clamav Package clamav-0.98.4-1.mga4.i586 is already installed [root@localhost wilcal]# urpmi clamav-db Package clamav-db-0.98.4-1.mga4.noarch is already installed [root@localhost wilcal]# urpmi libclamav6 Package libclamav6-0.98.4-1.mga4.i586 is already installed Update with freshclam ( takes awhile ) [root@localhost clamav]# ls -al total 94376 drwxrwxr-x 3 clamav clamav 4096 Nov 22 11:43 ./ drwxr-xr-x 45 root root 4096 Nov 22 11:29 ../ -rw-r--r-- 1 clamav clamav 74230 Nov 22 11:43 bytecode.cvd -rw-r--r-- 1 clamav clamav 31823730 Nov 22 11:43 daily.cvd -rw-r--r-- 1 clamav clamav 64720632 Sep 20 2013 main.cvd -rw------- 1 clamav clamav 312 Nov 22 11:43 mirrors.dat drwxr-xr-x 2 clamav clamav 4096 Jun 22 12:51 tmp/ run clamscan [root@localhost /]# clamscan -i -r /etc ----------- SCAN SUMMARY ----------- Known viruses: 3688776 Engine version: 0.98.5 Scanned directories: 480 Scanned files: 1894 Infected files: 0 Data scanned: 41.51 MB Data read: 31.66 MB (ratio 1.31:1) Time: 9.634 sec (0 m 9 s) install clamav clamav-db & libclamav6 from updates_testing [root@localhost wilcal]# urpmi clamav Package clamav-0.98.5-1.mga4.i586 is already installed [root@localhost wilcal]# urpmi clamav-db Package clamav-db-0.98.5-1.mga4.noarch is already installed [root@localhost wilcal]# urpmi libclamav6 Package libclamav6-0.98.5-1.mga4.i586 is already installed Update with freshclam - database is up-to-date run clamscan [root@localhost wilcal]# clamscan -r -i ----------- SCAN SUMMARY ----------- Known viruses: 3688776 Engine version: 0.98.5 Scanned directories: 1031 Scanned files: 1519 Infected files: 0 Data scanned: 226.45 MB Data read: 328.70 MB (ratio 0.69:1) Time: 26.019 sec (0 m 26 s) Successful clamscan.
Whiteboard: MGA3TOO MGA3-32-OK MGA3-64-OK => MGA3TOO MGA3-32-OK MGA3-64-OK MGA4-32-OK
In VirtualBox, M4, KDE, 64-bit Package(s) under test: clamav clamav-db lib64clamav6 install clamav clamav-db & lib64clamav6 [root@localhost wilcal]# urpmi clamav Package clamav-0.98.4-1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi clamav-db Package clamav-db-0.98.4-1.mga4.noarch is already installed [root@localhost wilcal]# urpmi lib64clamav6 Package lib64clamav6-0.98.4-1.mga4.x86_64 is already installed Update with freshclam ( takes awhile ) [wilcal@localhost ~]$ cd /var/lib/clamav [wilcal@localhost clamav]$ ls -al total 94376 drwxrwxr-x 3 clamav clamav 4096 Nov 22 12:59 ./ drwxr-xr-x 45 root root 4096 Nov 22 12:52 ../ -rw-r--r-- 1 clamav clamav 74230 Nov 22 12:59 bytecode.cvd -rw-r--r-- 1 clamav clamav 31823730 Nov 22 12:59 daily.cvd -rw-r--r-- 1 clamav clamav 64720632 Sep 20 2013 main.cvd -rw------- 1 clamav clamav 364 Nov 22 12:59 mirrors.dat drwxr-xr-x 2 clamav clamav 4096 Jun 22 12:51 tmp/ run clamscan [root@localhost ~]# clamscan -i -r /etc ----------- SCAN SUMMARY ----------- Known viruses: 3688776 Engine version: 0.98.4 Scanned directories: 480 Scanned files: 1894 Infected files: 0 Data scanned: 42.59 MB Data read: 32.71 MB (ratio 1.30:1) Time: 11.620 sec (0 m 11 s) install clamav clamav-db & lib64clamav6 from updates_testing [root@localhost wilcal]# urpmi clamav Package clamav-0.98.5-1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi clamav-db Package clamav-db-0.98.5-1.mga4.noarch is already installed [root@localhost wilcal]# urpmi lib64clamav6 Package lib64clamav6-0.98.5-1.mga4.x86_64 is already installed Update with freshclam - database is up-to-date run clamscan [root@localhost wilcal]# clamscan -i -r /etc ----------- SCAN SUMMARY ----------- Known viruses: 3688776 Engine version: 0.98.5 Scanned directories: 480 Scanned files: 1894 Infected files: 0 Data scanned: 42.59 MB Data read: 32.71 MB (ratio 1.30:1) Time: 12.165 sec (0 m 12 s) Successful clamscan.
Testing complete for mga3 32 & 64 Testing complete for mga4 32 & 64 Validating the update. Could someone from the sysadmin team push to updates. Thanks
Keywords: (none) => validated_updateWhiteboard: MGA3TOO MGA3-32-OK MGA3-64-OK MGA4-32-OK => MGA3TOO MGA3-32-OK MGA3-64-OK MGA4-32-OK MGA4-32-OKCC: (none) => sysadmin-bugs
Advisory uploaded.
CC: (none) => remiWhiteboard: MGA3TOO MGA3-32-OK MGA3-64-OK MGA4-32-OK MGA4-32-OK => MGA3TOO MGA3-32-OK MGA3-64-OK MGA4-32-OK MGA4-32-OK advisory
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2014-0487.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
LWN reference for CVE-2014-9050: http://lwn.net/Vulnerabilities/623205/