Bug 9399 - Multiple vulnerabilities in ClamAV
: Multiple vulnerabilities in ClamAV
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: Security
: 2
: i586 Linux
: Normal Severity: normal
: ---
Assigned To: QA Team
: Sec team
:
: has_procedure mga2-64-ok mga2-32-ok
: validated_update
:
:
  Show dependency treegraph
 
Reported: 2013-03-15 08:31 CET by Oden Eriksson
Modified: 2013-03-18 22:46 CET (History)
2 users (show)

See Also:
Source RPM:
CVE:
Status comment:


Attachments

Description Oden Eriksson 2013-03-15 08:31:38 CET
0.97.7
------
ClamAV 0.97.7 addresses several reported potential security bugs.  Thanks to
Felix Groebert, Mateusz Jurczyk and Gynvael Coldwind of the Google Security
Team for finding and reporting these issues.

(that's all she wrote...)

Reproducible: 

Steps to Reproduce:
Comment 1 Oden Eriksson 2013-03-15 08:34:45 CET
Updated to clamav-0.97.7 in svn for cauldron.
Comment 2 Oden Eriksson 2013-03-15 08:43:18 CET
Updated to clamav-0.97.7 for mga2/update_testing.
Comment 3 David Walser 2013-03-15 14:18:42 CET
Don't forget to assign this to QA if it's ready for testing.
Comment 4 Oden Eriksson 2013-03-15 16:01:41 CET
(In reply to David Walser from comment #3)
> Don't forget to assign this to QA if it's ready for testing.

Don't know why i always seem to forget.
Comment 5 David Walser 2013-03-15 16:22:36 CET
(In reply to Oden Eriksson from comment #4)
> (In reply to David Walser from comment #3)
> > Don't forget to assign this to QA if it's ready for testing.
> 
> Don't know why i always seem to forget.

You'll remember eventually.  Just assign to qa-bugs@ml.mageia.org when it's ready.
Comment 6 Oden Eriksson 2013-03-18 09:25:09 CET
Proposed advisory text:

ClamAV 0.97.7 addresses several reported potential security bugs.  Thanks to
Felix Groebert, Mateusz Jurczyk and Gynvael Coldwind of the Google Security
Team for finding and reporting these issues.
Comment 7 Oden Eriksson 2013-03-18 09:29:53 CET
qateam: 

I found no PoCs or other information other than posted here. Usually the clamav security releases can be considered critical. If you want to wait for a CVE assignment you're too late.
Comment 8 claire robinson 2013-03-18 09:41:20 CET
You need to list rpm's too please Oden. QA need to know rpm's so we know what to test and srpm's so we know what to ask sysadmin to push.
Comment 9 Oden Eriksson 2013-03-18 10:09:18 CET
Ah.

Packages:

clamav-0.97.7-1.mga2.src.rpm

clamav-db-0.97.7-1.mga2.noarch.rpm
libclamav6-0.97.7-1.mga2.i586.rpm
clamd-0.97.7-1.mga2.i586.rpm
clamav-milter-0.97.7-1.mga2.i586.rpm
clamav-0.97.7-1.mga2.i586.rpm
libclamav-devel-0.97.7-1.mga2.i586.rpm
lib64clamav-devel-0.97.7-1.mga2.x86_64.rpm
clamav-milter-0.97.7-1.mga2.x86_64.rpm
clamav-0.97.7-1.mga2.x86_64.rpm
clamav-db-0.97.7-1.mga2.noarch.rpm
clamd-0.97.7-1.mga2.x86_64.rpm
lib64clamav6-0.97.7-1.mga2.x86_64.rpm
Comment 10 claire robinson 2013-03-18 11:46:55 CET
Testing complete mga2 64

# urpmi sendmail sendmail-cf
# nano /etc/mail/sendmail.mc

Edit and add the following line in before the first MAILER line.

INPUT_MAIL_FILTER(`clamav-milter',`S=local:/var/lib/clamav/clamav-milter.socket,F=,T=S:4m;R:4m;E:10m')dnl

# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf

start clamd, clamav-milter, sendmail services. ctrl-c if sendmail seems to hang, it will be missing a proper fqdn but should have started.

Testing with eicar test string

# sendmail -t
To: "root" root
Subject: test sendmail with clamav-milter
MIME-Version: 1.0
Content-Type: text/plain

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
.

Before
------
# grep quarantine /var/log/syslog
Mar 18 10:20:49 localhost sendmail[19109]: r2IAKngt019109: milter=clamav-milter, quarantine=quarantined by clamav-milter

# grep FOUND /var/log/clamav/clamd.log
fd[10]: Eicar-Test-Signature FOUND


After
-----
# grep quarantine /var/log/syslog
Mar 18 10:20:49 localhost sendmail[19109]: r2IAKngt019109: milter=clamav-milter, quarantine=quarantined by clamav-milter
Mar 18 10:36:58 localhost sendmail[20415]: r2IAawR1020415: milter=clamav-milter, quarantine=quarantined by clamav-milter

# grep FOUND /var/log/clamav/clamd.log
fd[10]: Eicar-Test-Signature FOUND
fd[10]: Eicar-Test-Signature FOUND

Also

# service freshclam start
Starting freshclam (via systemctl):                     [  OK  ]

# freshclam
ClamAV update process started at Mon Mar 18 10:45:41 2013
main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven)
daily.cld is up to date (version: 16867, sigs: 967606, f-level: 63, builder: ccordes)
bytecode.cld is up to date (version: 214, sigs: 41, f-level: 63, builder: neo)
Comment 11 claire robinson 2013-03-18 15:40:54 CET
Testing complete mga2 32

Using clamtk to find the 4 eicar test files from 
http://www.eicar.org/85-0-Download.html

Validating

Oden, please update the mgasa wiki page with links etc when the CVE becomes available.

Advisory
--------
ClamAV 0.97.7 addresses several reported potential security bugs.  Thanks to
Felix Groebert, Mateusz Jurczyk and Gynvael Coldwind of the Google Security
Team for finding and reporting these issues.
--------

SRPM: clamav-0.97.7-1.mga2.src.rpm

Could sysadmin please push from core/updates_testing to core/updates

Thanks!
Comment 12 D Morgan 2013-03-18 22:46:18 CET
Update Pushed:
       https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0100

Note You need to log in before you can comment on or make changes to this bug.