Bug 455373 (CVE-2008-3215)
Summary: | CVE-2008-3215 clamav: DoS / crash via crafted petite file (incomplete fix of CVE-2008-2713) | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | redhat-bugzilla, rh-bugzilla, steve |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | 0.93.3-1.fc9 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2008-07-17 14:15:39 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Tomas Hoger
2008-07-15 07:06:55 UTC
Upstream patch, now applied in SVN: http://svn.clamav.net/websvn/diff.php?repname=clamav-devel&path=/branches/0.93/libclamav/petite.c&rev=3920 AFAIK this is fixed since 0.93.3, isn't it? 39562 (clamav): Build on target fedora-4-epel succeeded. 39561 (clamav): Build on target fedora-5-epel succeeded. Yes, no problem for EPEL. Created this bug so that it can be referred from Bodhi update request for F-8/F-9. clamav-0.93.3-1.fc9 has been pushed to the Fedora 9 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update clamav'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F9/FEDORA-2008-6338 clamav-0.93.3-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report. clamav-0.92.1-3.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report. CVE-2008-3215: libclamav/petite.c in ClamAV before 0.93.3 allows remote attackers to cause a denial of service via a malformed Petite file that triggers an out-of-bounds memory access. NOTE: this issue exists because of an incomplete fix for CVE-2008-2713. |