Ubuntu has issued an advisory on September 28: http://www.ubuntu.com/usn/usn-3093-1/ The issues are fixed upstream in 0.99.2, which is already in Cauldron.
Assigning to all packagers collectively, because the registered maintainer went to heaven.
CC: (none) => marja11Assignee: bugsquad => pkg-bugs
Testing procedure - https://bugs.mageia.org/show_bug.cgi?id=15792#c6 Patched package uploaded for Mageia 5. Advisory: ======================== Updated clamav package fixes security vulnerabilities: ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted mew packer executable (CVE-2016-1371). ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted 7z file (CVE-2016-1372). libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware Protection (AMP) on Cisco Email Security Appliance (ESA) devices before 9.7.0-125 and Web Security Appliance (WSA) devices before 9.0.1-135 and 9.1.x before 9.1.1-041, allows remote attackers to cause a denial of service (AMP process restart) via a crafted document (CVE-2016-1405). The clavav package has been updated to version 0.99.2, fixing these issues and other bugs. See the upstream release announcements for details. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1371 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1372 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1405 https://www.ubuntu.com/usn/usn-3093-1/ ======================== Updated packages in core/updates_testing: ======================== clamav-0.99.2-1.mga5 clamav-debuginfo-0.99.2-1.mga5 clamav-milter-0.99.2-1.mga5 clamd-0.99.2-1.mga5 lib64clamav7-0.99.2-1.mga5 lib64clamav-devel-0.99.2-1.mga5 from clamav-0.99.2-1.mga5.src.rpm
CC: (none) => mramboAssignee: pkg-bugs => qa-bugsWhiteboard: (none) => has_procedure
CC: (none) => davidwhodginsWhiteboard: has_procedure => has_procedure advisory
Testing MGA5 x64 real HW BEFORE the update. Installed: clamav-0.99.1-1.2.mga5 clamav-db-0.99.1-1.2.mga5 clamav-milter-0.99.1-1.2.mga5 clamd-0.99.1-1.2.mga5 lib64clamav7-0.99.1-1.2.mga5 Without specifically starting clamd, # freshclam ClamAV update process started at Tue Nov 22 10:41:34 2016 WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.99.1 Recommended version: 0.99.2 DON'T PANIC! Read http://www.clamav.net/documents/upgrading-clamav followed by a lot of output about failed connections, WARNINGs, including: ... Downloading main.cvd [100%] main.cvd updated (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer) ... Downloading daily.cvd [100%] daily.cvd updated (version: 22581, sigs: 908294, f-level: 63, builder: neo) Downloading bytecode.cvd [100%] bytecode.cvd updated (version: 284, sigs: 54, f-level: 63, builder: bbaker) Database updated (5127138 signatures) from database.clamav.net (IP: 195.154.7.176) Maybe I should have done sooner: # systemctl start clamd.service # systemctl status clamd.service â clamd.service - Clam AntiVirus Daemon is a TCP/IP or unix domain Loaded: loaded (/usr/lib/systemd/system/clamd.service; enabled) Active: activating (start) since Maw 2016-11-22 12:38:01 CET; 21s ago Control: 15078 (clamd) CGroup: /system.slice/clamd.service ââ15078 /usr/sbin/clamd --config-file=/etc/clamd.conf # clamscan /home/lewis yielded a lot of 'OK' output per file, ending with: ----------- SCAN SUMMARY ----------- Known viruses: 5121717 Engine version: 0.99.1 Scanned directories: 1 Scanned files: 27 Infected files: 0 Data scanned: 0.40 MB Data read: 0.20 MB (ratio 1.96:1) Time: 39.626 sec (0 m 39 s) AFTER successful update to: clamav-0.99.2-1.mga5 clamav-db-0.99.2-1.mga5 clamav-milter-0.99.2-1.mga5 clamd-0.99.2-1.mga5 lib64clamav7-0.99.2-1.mga5 # systemctl status clamd.service â clamd.service - Clam AntiVirus Daemon is a TCP/IP or unix domain Loaded: loaded (/usr/lib/systemd/system/clamd.service; enabled) Active: active (running) since Maw 2016-11-22 12:48:35 CET; 6min ago Main PID: 23273 (clamd) CGroup: /system.slice/clamd.service ââ23273 /usr/sbin/clamd --config-file=/etc/clamd.conf # freshclam ClamAV update process started at Tue Nov 22 12:56:00 2016 main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer) Downloading daily-22582.cdiff [100%] daily.cld updated (version: 22582, sigs: 908294, f-level: 63, builder: neo) bytecode.cvd is up to date (version: 284, sigs: 54, f-level: 63, builder: bbaker) Database updated (5127138 signatures) from database.clamav.net (IP: 46.29.125.16) Clamd successfully notified about the update. which is much better than at installation. $ clamscan /home/lewis gave identical per-file output as previously, to nominally identical summary: ----------- SCAN SUMMARY ----------- Known viruses: 5121717 Engine version: 0.99.2 Scanned directories: 1 Scanned files: 27 Infected files: 0 Data scanned: 0.46 MB Data read: 0.23 MB (ratio 1.95:1) Time: 36.761 sec (0 m 36 s) Deem this update OK.
CC: (none) => lewyssmithWhiteboard: has_procedure advisory => has_procedure advisory MGA5-64-OK
VirtualBox 32 bit instance. MGA 5.1 # uname -a Linux localhost 4.4.30-desktop-2.mga5 #1 SMP Fri Nov 4 20:17:55 UTC 2016 i686 i686 i686 GNU/Linux [root@localhost brian]# systemctl start clamd.service [root@localhost brian]# systemctl status clamd.service â clamd.service - Clam AntiVirus Daemon is a TCP/IP or unix domain Loaded: loaded (/usr/lib/systemd/system/clamd.service; enabled) Active: active (running) since Sat 2016-11-26 06:16:55 CST; 8s ago Process: 3292 ExecStart=/usr/sbin/clamd --config-file=/etc/clamd.conf (code=exited, status=0/SUCCESS) Main PID: 3301 (clamd) CGroup: /system.slice/clamd.service ââ3301 /usr/sbin/clamd --config-file=/etc/clamd.conf Nov 26 06:16:40 localhost clamd[3292]: LibClamAV Warning: *****************...** Nov 26 06:16:40 localhost clamd[3292]: LibClamAV Warning: *** The virus da...** Nov 26 06:16:40 localhost clamd[3292]: LibClamAV Warning: *** Please upda...** Nov 26 06:16:40 localhost clamd[3292]: LibClamAV Warning: *****************...** Hint: Some lines were ellipsized, use -l to show in full. [root@localhost brian]# freshclam ClamAV update process started at Sat Nov 26 06:18:56 2016 Empty script main-56.cdiff, need to download entire database Downloading main.cvd [ 0%] After a couple of restarts the systems was able to reach the mirrors and get the ClamAV updates. [root@localhost brian]# clamscan /home/brian/Music <it listed out the files on the VM instance> ----------- SCAN SUMMARY ----------- Known viruses: 5141668 Engine version: 0.99.2 Scanned directories: 1 Scanned files: 28 Infected files: 0 Data scanned: 73.12 MB Data read: 834.77 MB (ratio 0.09:1) Time: 27.846 sec (0 m 27 s) ClamAv seems to be working as designed.
CC: (none) => brtians1Whiteboard: has_procedure advisory MGA5-64-OK => has_procedure advisory MGA5-64-OK MGA5-32-OK
Validated. Advisory already in place.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0402.html
Status: NEW => RESOLVEDResolution: (none) => FIXED