9399 – Multiple vulnerabilities in ClamAV

Bug 9399 - Multiple vulnerabilities in ClamAV

Summary: Multiple vulnerabilities in ClamAV

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	2
Hardware:	i586 Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	has_procedure mga2-64-ok mga2-32-ok
Keywords:	validated_update

Depends on:
Blocks:

Reported:	2013-03-15 08:31 CET by Oden Eriksson
Modified:	2013-03-18 22:46 CET (History)
CC List:	2 users (show)

See Also:
Source RPM:
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Oden Eriksson 2013-03-15 08:31:38 CET

0.97.7
------
ClamAV 0.97.7 addresses several reported potential security bugs.  Thanks to
Felix Groebert, Mateusz Jurczyk and Gynvael Coldwind of the Google Security
Team for finding and reporting these issues.

(that's all she wrote...)

Reproducible: 

Steps to Reproduce:

Comment 1 Oden Eriksson 2013-03-15 08:34:45 CET

Updated to clamav-0.97.7 in svn for cauldron.

Comment 2 Oden Eriksson 2013-03-15 08:43:18 CET

Updated to clamav-0.97.7 for mga2/update_testing.

Comment 3 David Walser 2013-03-15 14:18:42 CET

Don't forget to assign this to QA if it's ready for testing.

Comment 4 Oden Eriksson 2013-03-15 16:01:41 CET

(In reply to David Walser from comment #3)
> Don't forget to assign this to QA if it's ready for testing.

Don't know why i always seem to forget.

Comment 5 David Walser 2013-03-15 16:22:36 CET

(In reply to Oden Eriksson from comment #4)
> (In reply to David Walser from comment #3)
> > Don't forget to assign this to QA if it's ready for testing.
> 
> Don't know why i always seem to forget.

You'll remember eventually.  Just assign to qa-bugs@ml.mageia.org when it's ready.

Comment 6 Oden Eriksson 2013-03-18 09:25:09 CET

Proposed advisory text:

ClamAV 0.97.7 addresses several reported potential security bugs.  Thanks to
Felix Groebert, Mateusz Jurczyk and Gynvael Coldwind of the Google Security
Team for finding and reporting these issues.

Comment 7 Oden Eriksson 2013-03-18 09:29:53 CET

qateam: 

I found no PoCs or other information other than posted here. Usually the clamav security releases can be considered critical. If you want to wait for a CVE assignment you're too late.

Assignee: bugsquad => qa-bugs

Comment 8 claire robinson 2013-03-18 09:41:20 CET

You need to list rpm's too please Oden. QA need to know rpm's so we know what to test and srpm's so we know what to ask sysadmin to push.

Comment 9 Oden Eriksson 2013-03-18 10:09:18 CET

Ah.

Packages:

clamav-0.97.7-1.mga2.src.rpm

clamav-db-0.97.7-1.mga2.noarch.rpm
libclamav6-0.97.7-1.mga2.i586.rpm
clamd-0.97.7-1.mga2.i586.rpm
clamav-milter-0.97.7-1.mga2.i586.rpm
clamav-0.97.7-1.mga2.i586.rpm
libclamav-devel-0.97.7-1.mga2.i586.rpm
lib64clamav-devel-0.97.7-1.mga2.x86_64.rpm
clamav-milter-0.97.7-1.mga2.x86_64.rpm
clamav-0.97.7-1.mga2.x86_64.rpm
clamav-db-0.97.7-1.mga2.noarch.rpm
clamd-0.97.7-1.mga2.x86_64.rpm
lib64clamav6-0.97.7-1.mga2.x86_64.rpm

Comment 10 claire robinson 2013-03-18 11:46:55 CET

Testing complete mga2 64

# urpmi sendmail sendmail-cf
# nano /etc/mail/sendmail.mc

Edit and add the following line in before the first MAILER line.

INPUT_MAIL_FILTER(`clamav-milter',`S=local:/var/lib/clamav/clamav-milter.socket,F=,T=S:4m;R:4m;E:10m')dnl

# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf

start clamd, clamav-milter, sendmail services. ctrl-c if sendmail seems to hang, it will be missing a proper fqdn but should have started.

Testing with eicar test string

# sendmail -t
To: "root" root
Subject: test sendmail with clamav-milter
MIME-Version: 1.0
Content-Type: text/plain

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
.

Before
------
# grep quarantine /var/log/syslog
Mar 18 10:20:49 localhost sendmail[19109]: r2IAKngt019109: milter=clamav-milter, quarantine=quarantined by clamav-milter

# grep FOUND /var/log/clamav/clamd.log
fd[10]: Eicar-Test-Signature FOUND


After
-----
# grep quarantine /var/log/syslog
Mar 18 10:20:49 localhost sendmail[19109]: r2IAKngt019109: milter=clamav-milter, quarantine=quarantined by clamav-milter
Mar 18 10:36:58 localhost sendmail[20415]: r2IAawR1020415: milter=clamav-milter, quarantine=quarantined by clamav-milter

# grep FOUND /var/log/clamav/clamd.log
fd[10]: Eicar-Test-Signature FOUND
fd[10]: Eicar-Test-Signature FOUND

Also

# service freshclam start
Starting freshclam (via systemctl):                     [  OK  ]

# freshclam
ClamAV update process started at Mon Mar 18 10:45:41 2013
main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven)
daily.cld is up to date (version: 16867, sigs: 967606, f-level: 63, builder: ccordes)
bytecode.cld is up to date (version: 214, sigs: 41, f-level: 63, builder: neo)

Whiteboard: (none) => has_procedure mga2-64-ok

Comment 11 claire robinson 2013-03-18 15:40:54 CET

Testing complete mga2 32

Using clamtk to find the 4 eicar test files from 
http://www.eicar.org/85-0-Download.html

Validating

Oden, please update the mgasa wiki page with links etc when the CVE becomes available.

Advisory
--------
ClamAV 0.97.7 addresses several reported potential security bugs.  Thanks to
Felix Groebert, Mateusz Jurczyk and Gynvael Coldwind of the Google Security
Team for finding and reporting these issues.
--------

SRPM: clamav-0.97.7-1.mga2.src.rpm

Could sysadmin please push from core/updates_testing to core/updates

Thanks!

Keywords: (none) => validated_update
Whiteboard: has_procedure mga2-64-ok => has_procedure mga2-64-ok mga2-32-ok
CC: (none) => sysadmin-bugs

Comment 12 D Morgan 2013-03-18 22:46:18 CET

Update Pushed:
       https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0100

Status: NEW => RESOLVED
CC: (none) => dmorganec
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.