Bug 240395 - (CVE-2007-2650) CVE-2007-2650: clamav OLE2 parser DoS
CVE-2007-2650: clamav OLE2 parser DoS
Product: Fedora
Classification: Fedora
Component: clamav (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Enrico Scholz
Fedora Extras Quality Assurance
: Reopened, Security
Depends On:
  Show dependency treegraph
Reported: 2007-05-17 03:37 EDT by Ville Skyttä
Modified: 2007-11-30 17:12 EST (History)
3 users (show)

See Also:
Fixed In Version: 0.90.3-1.fc7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-07-19 12:45:36 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Ville Skyttä 2007-05-17 03:37:52 EDT

"The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to cause a
denial of service (resource consumption) via an OLE2 file with (1) a large
property size or (2) a loop in the FAT file block chain that triggers an
infinite loop, as demonstrated via a crafted DOC file."

Affected versions unknown.
Comment 1 Bojan Smojver 2007-06-19 21:58:47 EDT
This has been open for over a month now. Could someone please either:

- explain why this doesn't affect FC6/F7 and close
- upgrade to secure version(s) and close
Comment 2 Kevin Fenzi 2007-06-20 22:47:29 EDT
First of all it looks like all versions before 0.90.3 are affected. 

The upstream bug:

Here's the commit that fixed it: 

I don't know if this applies ok to the old 0.88.x versions. 
All the other vendors I see have just shipped the 0.90.3 version. 
Comment 3 Enrico Scholz 2007-06-21 02:54:14 EDT
sorry; package with patches is ready and in CVS for several weeks. But my local
FC6 build- and testsystem is broken and I could not test the changes.
Comment 4 Kevin Kofler 2007-06-21 17:54:32 EDT
Then just push the changes without testing them, it's better than letting the 
security fixes stay unfixed.
Comment 5 Kevin Fenzi 2007-06-22 12:22:06 EDT
I happen to use a fc6 box here for email processing. Would you like me to test? 
Just rebuild the one from FC-6 cvs and confirm it works? Or do you have example
files that I can run on it?
Comment 6 Bojan Smojver 2007-07-11 20:16:32 EDT
What's the status of this? Do you need any help building stuff?

If your FC6 installation is broken, could you at least do it for F7? I see
0.90.3 is in Rawhide, so it should not be difficult to push the build.

If there is no way you can build this, could you at least ask one of the senior
folks like Ville to expand the maintainers list for this package, so that others
can do it?
Comment 7 Enrico Scholz 2007-07-12 02:29:01 EDT
FC7 was built some weeks ago. Dunno, in which queue it is stuck...
Comment 8 Bojan Smojver 2007-07-12 03:37:49 EDT
Did you go to https://admin.fedoraproject.org/updates/ to push it through?
Comment 9 Ville Skyttä 2007-07-12 15:11:13 EDT
Reopening and adjusting release as there's no update for F7 yet.  Searching for
clamav in bodhi (URL in comment 8) produces no hits.

If you're not up to date with how to push updates for F7+, see
Comment 10 Enrico Scholz 2007-07-12 15:40:14 EDT
at comment #9: exactly... I do not have a clue how to use bodi; the "My updates"
and to other lists are all empty and do not show
Comment 11 Bojan Smojver 2007-07-12 18:24:07 EDT
When I go to New Updates and type in clamav, I get a list of packages, including
clamav-0.90.3-1.fc7. Have you tried that?
Comment 12 Bojan Smojver 2007-07-16 17:35:11 EDT
Comment 13 Bojan Smojver 2007-07-18 17:26:28 EDT
Just requested that this new package be pushed to stable updates of F7.
Comment 14 Fedora Update System 2007-07-19 12:45:31 EDT
clamav-0.90.3-1.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 15 Ville Skyttä 2007-07-19 14:03:26 EDT
Thanks, Bojan.  Could someone familiar with clamav also check whether this
update fixes the bunch of issues in bug 245219 as well?

Note You need to log in before you can comment on or make changes to this bug.