rpms/clamav/F-9 clamav-0.93.3-CVE-2008-1389.diff, NONE, 1.1 clamav-0.93.3-CVE-2008-3912.diff, NONE, 1.1 clamav-0.93.3-CVE-2008-3913.diff, NONE, 1.1 clamav-0.93.3-CVE-2008-3914.diff, NONE, 1.1 clamav-0.93.3-CVE-2008-5050.diff, NONE, 1.1 clamav.spec, 1.74, 1.75
Tomas Hoger
thoger at fedoraproject.org
Thu Nov 13 18:34:17 UTC 2008
- Previous message (by thread): rpms/clamav/F-8 clamav-0.92.1-CVE-2008-3912.diff, NONE, 1.1 clamav-0.92.1-CVE-2008-3913.diff, NONE, 1.1 clamav-0.92.1-CVE-2008-3914.diff, NONE, 1.1 clamav-0.92.1-CVE-2008-5050.diff, NONE, 1.1 clamav.spec, 1.71, 1.72
- Next message (by thread): rpms/swfdec-gnome/devel swfdec-gnome.spec,1.14,1.15
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: thoger
Update of /cvs/pkgs/rpms/clamav/F-9
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv15472/F-9
Modified Files:
clamav.spec
Added Files:
clamav-0.93.3-CVE-2008-1389.diff
clamav-0.93.3-CVE-2008-3912.diff
clamav-0.93.3-CVE-2008-3913.diff
clamav-0.93.3-CVE-2008-3914.diff
clamav-0.93.3-CVE-2008-5050.diff
Log Message:
Backport security fixes from 0.94 and 0.94.1
CVE-2008-1389 (F9 only), CVE-2008-3912, CVE-2008-3913, CVE-2008-3914, CVE-2008-5050
clamav-0.93.3-CVE-2008-1389.diff:
--- NEW FILE clamav-0.93.3-CVE-2008-1389.diff ---
Fix for CVE-2008-1389, applied upstream in 0.94
svn diff -c 4157 http://svn.clamav.net/svn/clamav-devel/trunk/
diff -pruN clamav-0.93.3.orig/libclamav/chmunpack.c clamav-0.93.3/libclamav/chmunpack.c
--- clamav-0.93.3.orig/libclamav/chmunpack.c 2008-04-07 11:18:42.000000000 +0200
+++ clamav-0.93.3/libclamav/chmunpack.c 2008-11-13 17:50:49.000000000 +0100
@@ -449,7 +449,7 @@ static int read_chunk(chm_metadata_t *me
cli_dbgmsg("in read_chunk\n");
if (metadata->itsp_hdr.block_len < 8 || metadata->itsp_hdr.block_len > 33554432) {
- return FALSE;
+ return CL_EFORMAT;
}
if (metadata->m_area != NULL) {
@@ -911,7 +911,9 @@ int cli_chm_open(int fd, const char *dir
cli_dbgmsg("read_chunk failed");
goto abort;
}
- read_control_entries(metadata);
+ if (read_control_entries(metadata) == FALSE) {
+ goto abort;
+ }
metadata->num_chunks--;
metadata->chunk_offset += metadata->itsp_hdr.block_len;
}
clamav-0.93.3-CVE-2008-3912.diff:
--- NEW FILE clamav-0.93.3-CVE-2008-3912.diff ---
Fix for CVE-2008-3912, applied upstream in 0.94
svn diff -c 4158 http://svn.clamav.net/svn/clamav-devel/trunk/
diff -pruN clamav-0.93.3.orig/libclamav/mbox.c clamav-0.93.3/libclamav/mbox.c
--- clamav-0.93.3.orig/libclamav/mbox.c 2008-06-04 14:13:34.000000000 +0200
+++ clamav-0.93.3/libclamav/mbox.c 2008-11-13 18:10:37.000000000 +0100
@@ -1463,6 +1463,8 @@ cli_parse_mbox(const char *dir, int desc
}
}
+ if(body->isTruncated && retcode == CL_SUCCESS)
+ retcode = CL_EMEM;
/*
* Tidy up and quit
*/
@@ -1639,6 +1641,11 @@ parseEmailFile(FILE *fin, const table_t
}
fullline = cli_strdup(line);
fulllinelength = strlen(line) + 1;
+ if(!fullline) {
+ if(ret)
+ ret->isTruncated = TRUE;
+ break;
+ }
} else if(line != NULL) {
fulllinelength += strlen(line);
ptr = cli_realloc(fullline, fulllinelength);
diff -pruN clamav-0.93.3.orig/libclamav/message.c clamav-0.93.3/libclamav/message.c
--- clamav-0.93.3.orig/libclamav/message.c 2008-04-14 21:03:06.000000000 +0200
+++ clamav-0.93.3/libclamav/message.c 2008-11-13 18:10:37.000000000 +0100
@@ -1819,14 +1819,13 @@ messageToText(message *m)
for(t_line = messageGetBody(m); t_line; t_line = t_line->t_next) {
if(first == NULL)
first = last = cli_malloc(sizeof(text));
- else {
+ else if (last) {
last->t_next = cli_malloc(sizeof(text));
last = last->t_next;
}
if(last == NULL) {
if(first) {
- last->t_next = NULL;
textDestroy(first);
}
return NULL;
@@ -1840,7 +1839,8 @@ messageToText(message *m)
case UUENCODE:
cli_errmsg("messageToText: Unexpected attempt to handle uuencoded file - report to http://bugs.clamav.net\n");
if(first) {
- last->t_next = NULL;
+ if(last)
+ last->t_next = NULL;
textDestroy(first);
}
return NULL;
@@ -1850,7 +1850,8 @@ messageToText(message *m)
if(t_line == NULL) {
/*cli_warnmsg("YENCODED attachment is missing begin statement\n");*/
if(first) {
- last->t_next = NULL;
+ if(last)
+ last->t_next = NULL;
textDestroy(first);
}
return NULL;
@@ -1886,7 +1887,7 @@ messageToText(message *m)
if(first == NULL)
first = last = cli_malloc(sizeof(text));
- else {
+ else if (last) {
last->t_next = cli_malloc(sizeof(text));
last = last->t_next;
}
@@ -1924,7 +1925,7 @@ messageToText(message *m)
if(decode(m, NULL, data, base64, FALSE) && data[0]) {
if(first == NULL)
first = last = cli_malloc(sizeof(text));
- else {
+ else if (last) {
last->t_next = cli_malloc(sizeof(text));
last = last->t_next;
}
diff -pruN clamav-0.93.3.orig/libclamav/message.h clamav-0.93.3/libclamav/message.h
--- clamav-0.93.3.orig/libclamav/message.h 2008-04-02 22:17:27.000000000 +0200
+++ clamav-0.93.3/libclamav/message.h 2008-11-13 18:10:37.000000000 +0100
@@ -46,6 +46,7 @@ typedef struct message {
char base64_1, base64_2, base64_3;
unsigned int isInfected : 1;
+ unsigned int isTruncated : 1;
} message;
clamav-0.93.3-CVE-2008-3913.diff:
--- NEW FILE clamav-0.93.3-CVE-2008-3913.diff ---
Fix for CVE-2008-3913, applied upstream in 0.94
svn diff -c 4126 http://svn.clamav.net/svn/clamav-devel/trunk/
diff -pruN clamav-0.93.3.orig/freshclam/manager.c clamav-0.93.3/freshclam/manager.c
--- clamav-0.93.3.orig/freshclam/manager.c 2008-07-03 14:27:00.000000000 +0200
+++ clamav-0.93.3/freshclam/manager.c 2008-11-13 18:55:34.000000000 +0100
@@ -325,6 +325,7 @@ static char *proxyauth(const char *user,
buf[len] = '\0';
auth = malloc(strlen(buf) + 30);
if(!auth) {
+ free(buf);
logg("!proxyauth: Can't allocate memory for 'authorization'\n");
return NULL;
}
@@ -357,8 +358,10 @@ static struct cl_cvd *remote_cvdhead(con
if(user) {
authorization = proxyauth(user, pass);
- if(!authorization)
+ if(!authorization) {
+ free(remotename);
return NULL;
+ }
}
}
@@ -522,8 +525,10 @@ static int getfile(const char *srcfile,
if(user) {
authorization = proxyauth(user, pass);
- if(!authorization)
+ if(!authorization) {
+ free(remotename);
return 75; /* FIXME */
+ }
}
}
@@ -546,6 +551,12 @@ static int getfile(const char *srcfile,
"Connection: close\r\n"
"\r\n", (remotename != NULL) ? remotename : "", srcfile, hostname, (authorization != NULL) ? authorization : "", agent);
+ if(remotename)
+ free(remotename);
+
+ if(authorization)
+ free(authorization);
+
memset(ipaddr, 0, sizeof(ipaddr));
if(ip[0]) /* use ip to connect */
@@ -568,12 +579,6 @@ static int getfile(const char *srcfile,
return 52;
}
- if(remotename)
- free(remotename);
-
- if(authorization)
- free(authorization);
-
/* read http headers */
ch = buffer;
i = 0;
clamav-0.93.3-CVE-2008-3914.diff:
--- NEW FILE clamav-0.93.3-CVE-2008-3914.diff ---
Fix for CVE-2008-3914, applied upstream in 0.94
svn diff -c 4123 http://svn.clamav.net/svn/clamav-devel/trunk/
svn diff -c 4124 http://svn.clamav.net/svn/clamav-devel/trunk/
Invalid fd close, not really part of the CVE
svn diff -c 4125 http://svn.clamav.net/svn/clamav-devel/trunk/
diff -pruN clamav-0.93.3.orig/libclamav/others.c clamav-0.93.3/libclamav/others.c
--- clamav-0.93.3.orig/libclamav/others.c 2008-07-07 13:06:30.000000000 +0200
+++ clamav-0.93.3/libclamav/others.c 2008-11-13 19:02:13.000000000 +0100
@@ -799,8 +799,11 @@ int cli_filecopy(const char *src, const
return -1;
}
- if(!(buffer = cli_malloc(FILEBUFF)))
+ if(!(buffer = cli_malloc(FILEBUFF))) {
+ close(s);
+ close(d);
return -1;
+ }
while((bytes = cli_readn(s, buffer, FILEBUFF)) > 0)
cli_writen(d, buffer, bytes);
diff -pruN clamav-0.93.3.orig/libclamav/sis.c clamav-0.93.3/libclamav/sis.c
--- clamav-0.93.3.orig/libclamav/sis.c 2008-04-02 22:17:27.000000000 +0200
+++ clamav-0.93.3/libclamav/sis.c 2008-11-13 19:02:13.000000000 +0100
@@ -506,6 +506,7 @@ static int real_scansis(FILE *f, cli_ctx
return CL_EIO;
}
if (cli_writen(fd, decomp, olen)!=(int)olen) {
+ close(fd);
free(decomp);
free(ptrs);
free(alangs);
diff -pruN clamav-0.93.3.orig/shared/tar.c clamav-0.93.3/shared/tar.c
--- clamav-0.93.3.orig/shared/tar.c 2008-05-27 13:45:19.000000000 +0200
+++ clamav-0.93.3/shared/tar.c 2008-11-13 19:02:13.000000000 +0100
@@ -60,10 +60,8 @@ int tar_addfile(int fd, gzFile *gzs, con
unsigned int i, chksum = 0;
- if((s = open(file, O_RDONLY|O_BINARY)) == -1) {
- close(s);
+ if((s = open(file, O_RDONLY|O_BINARY)) == -1)
return -1;
- }
if(fstat(s, &sb) == -1) {
close(s);
clamav-0.93.3-CVE-2008-5050.diff:
--- NEW FILE clamav-0.93.3-CVE-2008-5050.diff ---
Fix for CVE-2008-5050, applied upstream in 0.94.1
svn diff -c 4311 http://svn.clamav.net/svn/clamav-devel/
diff -pruN clamav-0.93.3.orig/libclamav/vba_extract.c clamav-0.93.3/libclamav/vba_extract.c
--- clamav-0.93.3.orig/libclamav/vba_extract.c 2008-05-27 13:44:35.000000000 +0200
+++ clamav-0.93.3/libclamav/vba_extract.c 2008-11-13 19:14:18.000000000 +0100
@@ -107,7 +107,7 @@ get_unicode_name(const char *name, int s
if((name == NULL) || (*name == '\0') || (size <= 0))
return NULL;
- newname = (char *)cli_malloc(size * 7);
+ newname = (char *)cli_malloc(size * 7 + 1);
if(newname == NULL)
return NULL;
Index: clamav.spec
===================================================================
RCS file: /cvs/pkgs/rpms/clamav/F-9/clamav.spec,v
retrieving revision 1.74
retrieving revision 1.75
diff -u -r1.74 -r1.75
--- clamav.spec 13 Jul 2008 19:27:56 -0000 1.74
+++ clamav.spec 13 Nov 2008 18:33:47 -0000 1.75
@@ -19,7 +19,7 @@
Summary: End-user tools for the Clam Antivirus scanner
Name: clamav
Version: 0.93.3
-Release: %release_func 1%{?snapshot:.%snapshot}
+Release: %release_func 2%{?snapshot:.%snapshot}
License: %{?with_unrar:proprietary}%{!?with_unrar:GPLv2}
Group: Applications/File
@@ -46,6 +46,14 @@
Patch24: clamav-0.92-private.patch
Patch25: clamav-0.92-open.patch
Patch26: clamav-0.93.3-pid.patch
+# security patches
+# 0.94
+Patch30: clamav-0.93.3-CVE-2008-1389.diff
+Patch31: clamav-0.93.3-CVE-2008-3912.diff
+Patch32: clamav-0.93.3-CVE-2008-3913.diff
+Patch33: clamav-0.93.3-CVE-2008-3914.diff
+# 0.94.1
+Patch34: clamav-0.93.3-CVE-2008-5050.diff
BuildRoot: %_tmppath/%name-%version-%release-root
Requires: clamav-lib = %version-%release
Requires: data(clamav)
@@ -259,6 +267,13 @@
%patch25 -p1 -b .open
%patch26 -p1 -b .pid
+# security patches
+%patch30 -p1 -b .CVE-2008-1389
+%patch31 -p1 -b .CVE-2008-3912
+%patch32 -p1 -b .CVE-2008-3913
+%patch33 -p1 -b .CVE-2008-3914
+%patch34 -p1 -b .CVE-2008-5050
+
install -p -m0644 %SOURCE300 clamav-milter/
mkdir -p libclamunrar{,_iface}
@@ -548,9 +563,18 @@
%changelog
+* Thu Nov 13 2008 Tomas Hoger <thoger at redhat.com> - 0.93.3-2
+- Security update - backport security fixes from 0.94:
+ CVE-2008-1389 (#461461): Invalid memory access in the CHM unpacker
+ CVE-2008-3912 (#461461): Multiple out-of-memory NULL pointer dereferences
+ CVE-2008-3913 (#461461): Fix memory leak in the error code path in freshclam
+ CVE-2008-3914 (#461461): Multiple file descriptor leaks on the error code path
+- Security update - backport security fixes from 0.94.1:
+ CVE-2008-5050 (#470783): get_unicode_name() off-by-one buffer overflow
+
* Sun Jul 13 2008 Enrico Scholz <enrico.scholz at informatik.tu-chemnitz.de> - 0.93.3-1
-- updated to 0.93.3; another fix for CVE-2008-2713 (out-of-bounds read
- on petite files)
+- updated to 0.93.3; improved fix for CVE-2008-2713 (out-of-bounds read
+ on petite files) - CVE-2008-3215
- put pid instead of pgrp into pidfile of clamav-milter (bz #452359)
* Tue Jun 17 2008 Enrico Scholz <enrico.scholz at informatik.tu-chemnitz.de> - 0.93.1-1
- Previous message (by thread): rpms/clamav/F-8 clamav-0.92.1-CVE-2008-3912.diff, NONE, 1.1 clamav-0.92.1-CVE-2008-3913.diff, NONE, 1.1 clamav-0.92.1-CVE-2008-3914.diff, NONE, 1.1 clamav-0.92.1-CVE-2008-5050.diff, NONE, 1.1 clamav.spec, 1.71, 1.72
- Next message (by thread): rpms/swfdec-gnome/devel swfdec-gnome.spec,1.14,1.15
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list