Description of problem: clamav-0.98.7 has just been released by upstream. We nned to update it for security reasons. Reproducible: Steps to Reproduce:
The new packages are in updates testing: clamav-0.98.7-1.mga4.src.rpm clamav-0.98.7-1.mga4.x86_64.rpm clamd-0.98.7-1.mga4.x86_64.rpm clamav-milter-0.98.7-1.mga4.x86_64.rpm clamav-db-0.98.7-1.mga4.noarch.rpm lib64clamav6-0.98.7-1.mga4.x86_64.rpm lib64clamav-devel-0.98.7-1.mga4.x86_64.rpm clamav-debuginfo-0.98.7-1.mga4.x86_64.rpm and corresponding i586 packages
Status: NEW => ASSIGNEDAssignee: bugsquad => qa-bugsWhiteboard: (none) => mga5, cauldron TOO
Fixing the whiteboard...also a bit premature to assign to QA as there's no advisory and it hasn't been pushed in Cauldron yet. Here's the upstream release announcement: http://blog.clamav.net/2015/04/clamav-0987-has-been-released.html
CC: (none) => qa-bugsVersion: 4 => CauldronAssignee: qa-bugs => thomasSummary: Update to ver. 0.98.7 => clamav update to 0.98.7 (fixes CVE-2015-222[12], CVE-2015-2668, CVE-2015-2305, CVE-2015-2170)Whiteboard: mga5, cauldron TOO => MGA5TOO, MGA4TOO
Component: RPM Packages => SecurityQA Contact: (none) => security
Assigning back to QA now that this is pushed in Cauldron. Until Thomas posts an advisory, please refer to the release announcement posted in Comment 2.
CC: qa-bugs => thomasVersion: Cauldron => 4Assignee: thomas => qa-bugsWhiteboard: MGA5TOO, MGA4TOO => (none)
This updates fixes the following security issues: - Fix infinite loop condition on crafted y0da cryptor file. Identified and patch suggested by Sebastian Andrzej Siewior. CVE-2015-2221 - Fix crash on crafted petite packed file. Reported and patch supplied by Sebastian Andrzej Siewior. CVE-2015-2222. - Fix an infinite loop condition on a crafted "xz" archive file. This was reported by Dimitri Kirchner and Goulven Guiheux.CVE-2015-2668 - Apply upstream patch for possible heap overflow in Henry Spencer's regex library. CVE-2015-2305 - Fix crash in upx decoder with crafted file. Discovered and patch supplied by Sebastian Andrzej Siewior. CVE-2015-2170
More info on some of the security issues fixed in clamav 0.98.7: http://openwall.com/lists/oss-security/2015/05/03/1 http://openwall.com/lists/oss-security/2015/05/03/2 http://openwall.com/lists/oss-security/2015/05/03/3 http://openwall.com/lists/oss-security/2015/05/03/4 http://openwall.com/lists/oss-security/2015/05/03/5
In VirtualBox, M3, KDE, 32-bit Package(s) under test: clamav clamav-db libclamav6 install clamav clamav-db & libclamav6 [root@localhost wilcal]# urpmi clamav Package clamav-0.98.6-1.mga4.i586 is already installed [root@localhost wilcal]# urpmi clamav-db Package clamav-db-0.98.6-1.mga4.noarch is already installed [root@localhost wilcal]# urpmi libclamav6 Package libclamav6-0.98.6-1.mga4.i586 is already installed Update with freshclam ( takes awhile ) [root@localhost wilcal]# cd /var/lib/clamav [root@localhost clamav]# ls -al total 97096 drwxrwxr-x 3 clamav clamav 4096 May 4 07:52 ./ drwxr-xr-x 45 root root 4096 May 4 07:45 ../ -rw-r--r-- 1 clamav clamav 75408 May 4 07:52 bytecode.cvd -rw-r--r-- 1 clamav clamav 34602749 May 4 07:52 daily.cvd -rw-r--r-- 1 clamav clamav 64720632 Sep 20 2013 main.cvd -rw------- 1 clamav clamav 312 May 4 07:52 mirrors.dat drwxr-xr-x 2 clamav clamav 4096 Jan 29 07:11 tmp/ run clamscan [root@localhost wilcal]# clamscan /home/wilcal /home/wilcal/.desktop: OK /home/wilcal/.kinorc: OK /home/wilcal/.vboxclient-draganddrop.pid: OK /home/wilcal/.recently-used: OK /home/wilcal/.bash_history: OK /home/wilcal/.bash_logout: OK /home/wilcal/.Xauthority: OK..... ----------- SCAN SUMMARY ----------- Known viruses: 3800543 Engine version: 0.98.6 Scanned directories: 1 Scanned files: 18 Infected files: 0 Data scanned: 0.04 MB Data read: 0.02 MB (ratio 1.80:1) Time: 7.828 sec (0 m 7 s) [root@localhost wilcal]# No problems found install clamav clamav-db & libclamav6 from updates_testing [root@localhost wilcal]# urpmi clamav Package clamav-0.98.7-1.mga4.i586 is already installed [root@localhost wilcal]# urpmi clamav-db Package clamav-db-0.98.7-1.mga4.noarch is already installed [root@localhost wilcal]# urpmi libclamav6 Package libclamav6-0.98.7-1.mga4.i586 is already installed run freshclam. No updates available [root@localhost wilcal]# cd /var/lib/clamav [root@localhost clamav]# ls -al total 97092 drwxrwxr-x 3 clamav clamav 4096 May 4 08:13 ./ drwxr-xr-x 45 root root 4096 May 4 07:45 ../ -rw-r--r-- 1 clamav clamav 75408 May 4 07:52 bytecode.cvd -rw-r--r-- 1 clamav clamav 34602749 May 4 07:52 daily.cvd -rw-r--r-- 1 clamav clamav 64720632 Sep 20 2013 main.cvd -rw------- 1 clamav clamav 312 May 4 08:13 mirrors.dat drwxr-xr-x 2 clamav clamav 4096 Apr 28 17:20 tmp/ run clamscan [root@localhost clamav]# clamscan /home/wilcal /home/wilcal/.desktop: OK /home/wilcal/.kinorc: OK /home/wilcal/.vboxclient-draganddrop.pid: OK /home/wilcal/.recently-used: OK /home/wilcal/.bash_history: OK /home/wilcal/.bash_logout: OK /home/wilcal/.Xauthority: OK........ ----------- SCAN SUMMARY ----------- Known viruses: 3800543 Engine version: 0.98.7 Scanned directories: 1 Scanned files: 18 Infected files: 0 Data scanned: 0.02 MB Data read: 0.01 MB (ratio 2.00:1) Time: 7.712 sec (0 m 7 s) [root@localhost clamav]# No problems found. Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver virtualbox-4.3.26-1.mga4.x86_64 virtualbox-guest-additions-4.3.26-1.mga4.x86_64
CC: (none) => wilcal.int
Whiteboard: (none) => MGA4-32-OK
In VirtualBox, M3, KDE, 64-bit Package(s) under test: clamav clamav-db lib64clamav6 install clamav clamav-db & lib64clamav6 [root@localhost wilcal]# urpmi clamav Package clamav-0.98.6-1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi clamav-db Package clamav-db-0.98.6-1.mga4.noarch is already installed [root@localhost wilcal]# urpmi lib64clamav6 Package lib64clamav6-0.98.6-1.mga4.x86_64 is already installed Update with freshclam ( takes awhile ) [root@localhost wilcal]# cd /var/lib/clamav [root@localhost clamav]# ls -al total 97088 drwxrwxr-x 3 clamav clamav 4096 May 4 08:41 ./ drwxr-xr-x 45 root root 4096 May 4 08:34 ../ -rw-r--r-- 1 clamav clamav 75408 May 4 08:37 bytecode.cvd -rw-r--r-- 1 clamav clamav 34602749 May 4 08:37 daily.cvd -rw-r--r-- 1 clamav clamav 64720632 Sep 20 2013 main.cvd -rw------- 1 clamav clamav 312 May 4 08:41 mirrors.dat drwxr-xr-x 2 clamav clamav 4096 Jan 29 07:11 tmp/ run clamscan [root@localhost clamav]# clamscan /home/wilcal /home/wilcal/.Xauthority: OK /home/wilcal/.bash_history: OK /home/wilcal/.vboxclient-clipboard.pid: OK /home/wilcal/.bash_completion: OK /home/wilcal/.bashrc: OK /home/wilcal/.esd_auth: OK /home/wilcal/.vboxclient-display.pid: OK /home/wilcal/.vboxclient-seamless.pid: OK /home/wilcal/.bash_logout: OK....... ----------- SCAN SUMMARY ----------- Known viruses: 3800543 Engine version: 0.98.6 Scanned directories: 1 Scanned files: 17 Infected files: 0 Data scanned: 0.04 MB Data read: 0.02 MB (ratio 2.00:1) Time: 6.927 sec (0 m 6 s) [root@localhost clamav]# No problems found install clamav clamav-db & lib64clamav6 from updates_testing [root@localhost wilcal]# urpmi clamav Package clamav-0.98.7-1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi clamav-db Package clamav-db-0.98.7-1.mga4.noarch is already installed [root@localhost wilcal]# urpmi lib64clamav6 Package lib64clamav6-0.98.7-1.mga4.x86_64 is already installed run freshclam. No updates available [root@localhost wilcal]# cd /var/lib/clamav [root@localhost clamav]# ls -al total 97092 drwxrwxr-x 3 clamav clamav 4096 May 4 08:48 ./ drwxr-xr-x 45 root root 4096 May 4 08:34 ../ -rw-r--r-- 1 clamav clamav 75408 May 4 08:37 bytecode.cvd -rw-r--r-- 1 clamav clamav 34602749 May 4 08:37 daily.cvd -rw-r--r-- 1 clamav clamav 64720632 Sep 20 2013 main.cvd -rw------- 1 clamav clamav 312 May 4 08:48 mirrors.dat drwxr-xr-x 2 clamav clamav 4096 Apr 28 17:20 tmp/ run clamscan [root@localhost clamav]# clamscan /home/wilcal /home/wilcal/.Xauthority: OK /home/wilcal/.bash_history: OK /home/wilcal/.vboxclient-clipboard.pid: OK /home/wilcal/.bash_completion: OK /home/wilcal/.bashrc: OK /home/wilcal/.esd_auth: OK /home/wilcal/.vboxclient-display.pid: OK /home/wilcal/.vboxclient-seamless.pid: OK /home/wilcal/.bash_logout: OK...... ----------- SCAN SUMMARY ----------- Known viruses: 3800543 Engine version: 0.98.7 Scanned directories: 1 Scanned files: 17 Infected files: 0 Data scanned: 0.02 MB Data read: 0.01 MB (ratio 2.00:1) Time: 6.989 sec (0 m 6 s) [root@localhost clamav]# No problems found. Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver virtualbox-4.3.26-1.mga4.x86_64 virtualbox-guest-additions-4.3.26-1.mga4.x86_64
Whiteboard: MGA4-32-OK => MGA4-32-OK MGA4-64-OK
This update works fine. Testing complete for mga4 32-bit & 64-bit Validating the update. Could someone from the sysadmin team push this to updates. Thanks
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Nicely done Bill. Advisory from comment 4 and comment 5 uploaded. You can also use the eicar test file, which is just a text file but should be recognised by clamav. http://www.eicar.org/85-0-Download.html
Whiteboard: MGA4-32-OK MGA4-64-OK => has_procedure advisory MGA4-32-OK MGA4-64-OK
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0190.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED
URL: (none) => http://lwn.net/Vulnerabilities/643130/
I tested this in MGA5 Beta 3 KDE Live DVD (NOT INSTALLED) Install OK, required reboot for glibc (skip it because i am from Live DVD) Scanned the entire File System Scanned the entire NTFS FileSystem Reported all OK After all OK, as root: freshclamd, this updated all the signature files and re-scanned both File Systems Is all OK
CC: (none) => neoser10