Bug 1539030 - CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380
Summary: CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CV...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: clamav
Version: epel7
Hardware: All
OS: Linux
unspecified
urgent
Target Milestone: ---
Assignee: Robert Scheck
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-01-26 13:02 UTC by Ruben Püttmann
Modified: 2018-03-02 16:02 UTC (History)
12 users (show)

Fixed In Version: clamav-0.99.3-1.el7 clamav-0.99.3-8.el6
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-03-02 16:02:51 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Ruben Püttmann 2018-01-26 13:02:25 UTC 
Description of problem:


Seven CVE's in current clamav (EPEL7 EPEL6) please update urgent to:

ClamAV 0.99.3

Please see: 

http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html
Comment 1 customercare 2018-01-26 23:08:34 UTC 
Info:

0.99.3. Build is ready.

We installed it on serveral servers, 
no problems yet.
Comment 2 customercare 2018-01-26 23:09:20 UTC 
Architecture used:

X86_64 + i686 packages.
Comment 3 Fedora Update System 2018-01-27 01:41:36 UTC 
clamav-0.99.3-1.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-685990fa70
Comment 4 Fedora Update System 2018-01-27 01:43:13 UTC 
clamav-0.99.3-1.el6 has been submitted as an update to Fedora EPEL 6. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-369a48191f
Comment 5 customercare 2018-01-27 09:22:27 UTC 
First Bugreport from Fedora 26 X86_64 

Server was not able to start clamd after a reboot (4:34 am)

Jan 27 04:05:29 s113 clamd[29825]: SelfCheck: Database status OK.
Jan 27 04:15:30 s113 clamd[29825]: SelfCheck: Database status OK.
Jan 27 04:25:30 s113 clamd[29825]: SelfCheck: Database status OK.
Jan 27 04:31:22 s113 systemd[1]: Stopping Clamd Exim An Interface Between MTA And Content Checkers...
Jan 27 04:31:23 s113 clamd[29825]: Pid file removed.
Jan 27 04:31:23 s113 clamd[29825]: --- Stopped at Sat Jan 27 04:31:23 2018
Jan 27 04:31:23 s113 clamd[29825]: Socket file removed.
Jan 27 04:31:23 s113 systemd[1]: Stopped Clamd Exim An Interface Between MTA And Content Checkers.
Jan 27 04:34:06 s113 systemd[1]: Starting Clamd Exim An Interface Between MTA And Content Checkers...
Jan 27 04:34:08 s113 clamd[739]: Received 0 file descriptor(s) from systemd.
Jan 27 04:34:08 s113 clamd[739]: clamd daemon 0.99.3 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Jan 27 04:34:08 s113 clamd[739]: Running as user exim (UID 93, GID 93)
Jan 27 04:34:08 s113 clamd[739]: Log file size limited to 1048576 bytes.
Jan 27 04:34:08 s113 clamd[739]: Reading databases from /var/lib/clamav
Jan 27 04:34:08 s113 clamd[739]: Not loading PUA signatures.
Jan 27 04:34:08 s113 clamd[739]: Bytecode: Security mode set to "TrustSigned".
Jan 27 04:35:36 s113 systemd[1]: clamd.exim.service: Start operation timed out. Terminating.
Jan 27 04:35:36 s113 systemd[1]: Failed to start Clamd Exim An Interface Between MTA And Content Checkers.
Jan 27 04:35:36 s113 systemd[1]: clamd.exim.service: Unit entered failed state.
Jan 27 04:35:36 s113 systemd[1]: clamd.exim.service: Failed with result 'timeout'.

After i started it by hand, it complained about a duplicate database :

Jan 27 10:14:40 s113 systemd[1]: Starting Clamd Exim An Interface Between MTA And Content Checkers...
Jan 27 10:14:41 s113 clamd[7710]: Received 0 file descriptor(s) from systemd.
Jan 27 10:14:41 s113 clamd[7710]: clamd daemon 0.99.3 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Jan 27 10:14:41 s113 clamd[7710]: Running as user exim (UID 93, GID 93)
Jan 27 10:14:41 s113 clamd[7710]: Log file size limited to 1048576 bytes.
Jan 27 10:14:41 s113 clamd[7710]: Reading databases from /var/lib/clamav
Jan 27 10:14:41 s113 clamd[7710]: Not loading PUA signatures.
Jan 27 10:14:41 s113 clamd[7710]: Bytecode: Security mode set to "TrustSigned".
Jan 27 10:14:55 s113 clamd[7710]: LibClamAV Warning: Detected duplicate databases /var/lib/clamav/main.cvd and /var/lib/clamav/main.cld, please manually remove one of them
Jan 27 10:14:56 s113 clamd[7710]: LibClamAV Warning: Detected duplicate databases /var/lib/clamav/bytecode.cvd and /var/lib/clamav/bytecode.cld, please manually remove one of them
Jan 27 10:14:56 s113 clamd[7710]: Loaded 6397212 signatures.
Jan 27 10:14:58 s113 clamd[7710]: LOCAL: Unix socket file /var/run/clamd.exim/clamd.sock
Jan 27 10:14:58 s113 clamd[7710]: LOCAL: Setting connection queue length to 200
Jan 27 10:14:58 s113 clamd[7715]: Limits: Global size limit set to 104857600 bytes.
Jan 27 10:14:58 s113 clamd[7715]: Limits: File size limit set to 26214400 bytes.
Jan 27 10:14:58 s113 clamd[7715]: Limits: Recursion level limit set to 16.
Jan 27 10:14:58 s113 clamd[7715]: Limits: Files limit set to 10000.
Jan 27 10:14:58 s113 clamd[7715]: Limits: MaxEmbeddedPE limit set to 10485760 bytes.
Jan 27 10:14:58 s113 clamd[7715]: Limits: MaxHTMLNormalize limit set to 10485760 bytes.
Jan 27 10:14:58 s113 clamd[7715]: Limits: MaxHTMLNoTags limit set to 2097152 bytes.
Jan 27 10:14:58 s113 clamd[7715]: Limits: MaxScriptNormalize limit set to 5242880 bytes.
Jan 27 10:14:58 s113 clamd[7715]: Limits: MaxZipTypeRcg limit set to 1048576 bytes.
Jan 27 10:14:58 s113 clamd[7715]: Limits: MaxPartitions limit set to 50.
Jan 27 10:14:58 s113 clamd[7715]: Limits: MaxIconsPE limit set to 100.
Jan 27 10:14:58 s113 clamd[7715]: Limits: MaxRecHWP3 limit set to 16.
Jan 27 10:14:58 s113 clamd[7715]: Limits: PCREMatchLimit limit set to 10000.
Jan 27 10:14:58 s113 clamd[7715]: Limits: PCRERecMatchLimit limit set to 5000.
Jan 27 10:14:58 s113 clamd[7715]: Limits: PCREMaxFileSize limit set to 26214400.
Jan 27 10:14:58 s113 clamd[7715]: Archive support enabled.
Jan 27 10:14:58 s113 clamd[7715]: Algorithmic detection enabled.
Jan 27 10:14:58 s113 clamd[7715]: Portable Executable support enabled.
Jan 27 10:14:58 s113 clamd[7715]: ELF support enabled.
Jan 27 10:14:58 s113 clamd[7715]: Mail files support enabled.
Jan 27 10:14:58 s113 clamd[7715]: OLE2 support enabled.
Jan 27 10:14:58 s113 clamd[7715]: PDF support enabled.
Jan 27 10:14:58 s113 clamd[7715]: SWF support enabled.
Jan 27 10:14:58 s113 clamd[7715]: HTML support enabled.
Jan 27 10:14:58 s113 clamd[7715]: XMLDOCS support enabled.
Jan 27 10:14:58 s113 clamd[7715]: HWP3 support enabled.
Jan 27 10:14:58 s113 clamd[7715]: Self checking every 600 seconds.
Jan 27 10:15:00 s113 systemd[1]: Started Clamd Exim An Interface Between MTA And Content Checkers.
Comment 6 customercare 2018-01-27 09:25:13 UTC 
-rw-r--r-- 1 clamupdate clamupdate    766976 10. Dez 04:25 bytecode.cld
-rw-r--r-- 1 clamupdate clamupdate    153228  9. Jan 01:24 bytecode.cvd
-rw-r--r-- 1 clamupdate clamupdate 131275264 27. Jan 03:01 daily.cld
-rw-r--r-- 1 clamupdate clamupdate 307499008 10. Dez 04:24 main.cld
-rw-r--r-- 1 clamupdate clamupdate 117892267  9. Jan 01:28 main.cvd
-rw------- 1 clamupdate clamupdate      2236 27. Jan 10:24 mirrors.dat

i removed the .cld files, they don't look right in my eyes.
Comment 7 Sergio Basto 2018-01-27 19:07:32 UTC 
For moments tough that was a bad update of .cvd files and I unpush epel7 0.99.2-18 build.
But "Detected duplicate databases" is usual and not a problem, .cvd and .cld files are supposed to be identical, so yes you would use one or the other. cvd is a compressed file and cld is not. daily.cvd is from clamav-data and daily.cld is downloaded with clamav-update and they are marked as ghostfiles in clamav.spec (for package clamav-update) i.e. file is empty in package , so must be downloaded .
In short if you update databases you should remove .cvd (rm *cvd) you may also do: dnf install clamav-data-empty --allowerasing


2nd thing you mention that you started the service manually, but  now start , stop and restart works well ?  maybe it is just because service changed the type ... .
Comment 8 Fedora Update System 2018-01-28 22:09:57 UTC 
clamav-0.99.3-1.el6 has been pushed to the Fedora EPEL 6 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-369a48191f
Comment 9 Fedora Update System 2018-01-28 22:10:14 UTC 
clamav-0.99.3-1.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-685990fa70
Comment 10 Fedora Update System 2018-01-29 17:30:25 UTC 
clamav-0.99.3-1.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.
Comment 11 Fedora Update System 2018-02-15 01:38:43 UTC 
clamav-0.99.3-8.el6 has been submitted as an update to Fedora EPEL 6. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-be69c94866
Comment 12 Fedora Update System 2018-02-15 14:49:12 UTC 
clamav-0.99.3-8.el6 has been pushed to the Fedora EPEL 6 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-be69c94866
Comment 13 Fedora Update System 2018-03-02 16:02:51 UTC 
clamav-0.99.3-8.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.