A security issue fixed upstream in ClamAV has been announced: http://openwall.com/lists/oss-security/2017/09/29/4 The message above contains a link to the commit that fixed the issue. Mageia 5 and Mageia 6 are also affected.
Whiteboard: (none) => MGA6TOO, MGA5TOO
Assigning to all packagers collectively, since there is no registered maintainer for this package.
Assignee: bugsquad => pkg-bugsCC: (none) => marja11
Suggested advisory: ======================== The updated packages fix a security vulnerability: A malformed xar file can cause an out of bounds heap read in clamav. References: ======================== http://openwall.com/lists/oss-security/2017/09/29/4 Updated packages in 5/core/updates_testing: ======================== clamav-0.99.2-1.2.mga5 clamd-0.99.2-1.2.mga5 clamav-milter-0.99.2-1.2.mga5 clamav-db-0.99.2-1.2.mga5 lib(64)clamav7-0.99.2-1.2.mga5 lib(64)clamav-devel-0.99.2-1.2.mga5 from SRPMS: clamav-0.99.2-1.2.mga5.src.rpm Updated packages in 6/core/updates_testing: ======================== clamav-0.99.2-2.3.mga6 clamd-0.99.2-2.3.mga6 clamav-milter-0.99.2-2.3.mga6 clamav-db-0.99.2-2.3.mga6 lib(64)clamav7-0.99.2-2.3.mga6 lib(64)clamav-devel-0.99.2-2.3.mga6 from SRPMS: clamav-0.99.2-2.3.mga6.src.rpm
Source RPM: clamav-0.99.2-4.mga7.src.rpm => clamav-0.99.2-2.2.mga6.src.rpmVersion: Cauldron => 6Status: NEW => ASSIGNEDWhiteboard: MGA6TOO, MGA5TOO => MGA5TOOCC: (none) => nicolas.salgueroAssignee: pkg-bugs => qa-bugs
MGA-32 on Asus A6000VM MATE No installation issues At CLI: $ clamscan -r Documenten/ LibClamAV Warning: ************************************************** LibClamAV Warning: *** The virus database is older than 7 days! *** LibClamAV Warning: *** Please update it as soon as possible. *** LibClamAV Warning: ************************************************** Documenten/javacode/helloworld.java: OK Documenten/javacode/helloworld.class: OK Documenten/javacode/helloworld$1.class: OK Documenten/graphmagi/after: OK and a lot more, then at the end: ----------- SCAN SUMMARY ----------- Known viruses: 4397722 Engine version: 0.99.2 Scanned directories: 3 Scanned files: 76 Infected files: 0 Data scanned: 45.14 MB Data read: 35.89 MB (ratio 1.26:1) Time: 46.398 sec (0 m 46 s) OK for me
CC: (none) => herman.viaeneWhiteboard: MGA5TOO => MGA5TOO MGA6-32-OK
In VirtualBox, M6, Plasma, 64-bit Package(s) under test: clamav clamav-db lib64clamav7 install clamav clamav-db & lib64clamav7 [root@localhost wilcal]# urpmi clamav Package clamav-0.99.2-2.2.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi clamav-db Package clamav-db-0.99.2-2.2.mga6.noarch is already installed [root@localhost wilcal]# urpmi lib64clamav7 Package lib64clamav7-0.99.2-2.2.mga6.x86_64 is already installed Update with freshclam ( takes awhile ) [root@localhost wilcal]# freshclam check clamav files: [root@localhost wilcal]# ls -al /var/lib/clamav total 341484 drwxrwxr-x 3 clamav clamav 4096 Oct 5 14:14 ./ drwxr-xr-x 51 root root 4096 Oct 5 14:10 ../ -rw-r--r-- 1 clamav clamav 150963 Oct 5 14:13 bytecode.cvd -rw-r--r-- 1 clamav clamav 42010405 Oct 5 14:13 daily.cvd -rw-r--r-- 1 clamav clamav 307499008 Oct 5 14:11 main.cld -rw------- 1 clamav clamav 364 Oct 5 14:14 mirrors.dat drwxr-xr-x 2 clamav clamav 4096 Aug 19 13:05 tmp/ scan /etc [root@localhost wilcal]# clamscan -r -i /etc ----------- SCAN SUMMARY ----------- Known viruses: 6306711 Engine version: 0.99.2 Scanned directories: 488 Scanned files: 2024 Infected files: 0 Data scanned: 50.72 MB Data read: 27.49 MB (ratio 1.85:1) Time: 22.689 sec (0 m 22 s) clamscan successful install clamav clamav-db & lib64clamav7 from updates_testing [root@localhost wilcal]# urpmi clamav Package clamav-0.99.2-2.3.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi clamav-db Package clamav-db-0.99.2-2.3.mga6.noarch is already installed [root@localhost wilcal]# urpmi lib64clamav7 Package lib64clamav7-0.99.2-2.3.mga6.x86_64 is already installed No need to update ( freshclam ) clamav db scan /var [wilcal@localhost ~]$ clamscan -r -i /var ----------- SCAN SUMMARY ----------- Known viruses: 6306711 Engine version: 0.99.2 Scanned directories: 214 Scanned files: 333 Infected files: 0 Total errors: 51 Data scanned: 351.20 MB Data read: 791.80 MB (ratio 0.44:1) Time: 45.094 sec (0 m 45 s) clamscan successful I had to rebuild the freshclam db to get the new version to use it. Minor wrinkle.
CC: (none) => wilcal.int
Whiteboard: MGA5TOO MGA6-32-OK => MGA5TOO MGA6-32-OK MGA6-64-OK
In VirtualBox, M5.1, KDE, 64-bit Package(s) under test: clamav clamav-db lib64clamav7 install clamav clamav-db & lib64clamav7 [root@localhost wilcal]# urpmi clamav Package clamav-0.99.2-1.1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi clamav-db Package clamav-db-0.99.2-1.1.mga5.noarch is already installed [root@localhost wilcal]# urpmi lib64clamav7 Package lib64clamav7-0.99.2-1.1.mga5.x86_64 is already installed Update with freshclam ( takes awhile ) [root@localhost wilcal]# freshclam check clamav files: [root@localhost wilcal]# ls -al /var/lib/clamav total 341484 drwxrwxr-x 3 clamav clamav 4096 Oct 5 14:54 ./ drwxr-xr-x 44 root root 4096 Oct 5 14:47 ../ -rw-r--r-- 1 clamav clamav 150963 Oct 5 14:53 bytecode.cvd -rw-r--r-- 1 clamav clamav 42010405 Oct 5 14:53 daily.cvd -rw-r--r-- 1 clamav clamav 307499008 Oct 5 14:50 main.cld -rw------- 1 clamav clamav 468 Oct 5 14:54 mirrors.dat drwxr-xr-x 2 clamav clamav 4096 Aug 19 13:57 tmp/ scan /etc [root@localhost wilcal]# clamscan -r -i /etc ----------- SCAN SUMMARY ----------- Known viruses: 6306711 Engine version: 0.99.2 Scanned directories: 464 Scanned files: 1810 Infected files: 0 Data scanned: 41.75 MB Data read: 22.18 MB (ratio 1.88:1) Time: 18.247 sec (0 m 18 s) clamscan successful install clamav clamav-db & lib64clamav7 from updates_testing [root@localhost wilcal]# urpmi clamav Package clamav-0.99.2-1.2.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi clamav-db Package clamav-db-0.99.2-1.2.mga5.noarch is already installed [root@localhost wilcal]# urpmi lib64clamav7 Package lib64clamav7-0.99.2-1.2.mga5.x86_64 is already installed No need to update ( freshclam ) clamav db scan /var [root@localhost wilcal]# clamscan -r -i /var ----------- SCAN SUMMARY ----------- Known viruses: 6306711 Engine version: 0.99.2 Scanned directories: 274 Scanned files: 373 Infected files: 0 Data scanned: 502.08 MB Data read: 751.22 MB (ratio 0.67:1) Time: 68.540 sec (1 m 8 s) clamscan successful Rebuilt the freshclam db again
Whiteboard: MGA5TOO MGA6-32-OK MGA6-64-OK => MGA5TOO MGA6-32-OK MGA6-64-OK MGA5-64-OK
In VirtualBox, M5.1, KDE, 32-bit Package(s) under test: clamav clamav-db libclamav7 install clamav clamav-db & libclamav7 [root@localhost wilcal]# urpmi clamav Package clamav-0.99.2-1.1.mga5.i586 is already installed [root@localhost wilcal]# urpmi clamav-db Package clamav-db-0.99.2-1.1.mga5.noarch is already installed [root@localhost wilcal]# urpmi libclamav7 Package libclamav7-0.99.2-1.1.mga5.i586 is already installed Update with freshclam ( takes awhile ) [root@localhost wilcal]# freshclam check clamav files: [root@localhost wilcal]# ls -al /var/lib/clamav total 341484 drwxrwxr-x 3 clamav clamav 4096 Oct 5 16:28 ./ drwxr-xr-x 44 root root 4096 Oct 5 16:22 ../ -rw-r--r-- 1 clamav clamav 150963 Oct 5 16:26 bytecode.cvd -rw-r--r-- 1 clamav clamav 42010405 Oct 5 16:25 daily.cvd -rw-r--r-- 1 clamav clamav 307499008 Oct 5 15:49 main.cld -rw------- 1 clamav clamav 364 Oct 5 16:28 mirrors.dat drwxr-xr-x 2 clamav clamav 4096 Aug 19 13:57 tmp/ scan /etc [root@localhost wilcal]# clamscan -r -i /etc ----------- SCAN SUMMARY ----------- Known viruses: 6306711 Engine version: 0.99.2 Scanned directories: 464 Scanned files: 1810 Infected files: 0 Data scanned: 41.74 MB Data read: 22.18 MB (ratio 1.88:1) Time: 19.885 sec (0 m 19 s) clamscan successful install clamav clamav-db & libclamav7 from updates_testing [root@localhost wilcal]# urpmi clamav Package clamav-0.99.2-1.2.mga5.i586 is already installed [root@localhost wilcal]# urpmi clamav-db Package clamav-db-0.99.2-1.2.mga5.noarch is already installed [root@localhost wilcal]# urpmi libclamav7 Package libclamav7-0.99.2-1.2.mga5.i586 is already installed No need to update ( freshclam ) clamav db scan /var [root@localhost wilcal]# clamscan -r -i /var ----------- SCAN SUMMARY ----------- Known viruses: 6306711 Engine version: 0.99.2 Scanned directories: 271 Scanned files: 379 Infected files: 0 Data scanned: 486.41 MB Data read: 767.73 MB (ratio 0.63:1) Time: 82.387 sec (1 m 22 s) clamscan successful Rebuilt the freshclam db again
Whiteboard: MGA5TOO MGA6-32-OK MGA6-64-OK MGA5-64-OK => MGA5TOO MGA6-32-OK MGA6-64-OK MGA5-32-OK MGA5-64-OK
This update works fine. Testing complete for MGA6, 32-bit & 64-bit Validating the update. Could someone from the sysadmin team push to updates. Thanks
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Advisoried; but no CVE.
Keywords: (none) => advisoryCC: (none) => lewyssmith
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2017-0363.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED