rpms/clamav/F-8 clamav-0.92.1-CVE-2008-3912.diff, NONE, 1.1 clamav-0.92.1-CVE-2008-3913.diff, NONE, 1.1 clamav-0.92.1-CVE-2008-3914.diff, NONE, 1.1 clamav-0.92.1-CVE-2008-5050.diff, NONE, 1.1 clamav.spec, 1.71, 1.72
Tomas Hoger
thoger at fedoraproject.org
Thu Nov 13 18:34:17 UTC 2008
- Previous message (by thread): rpms/nautilus-open-terminal/devel nautilus-open-terminal.spec, 1.22, 1.23
- Next message (by thread): rpms/clamav/F-9 clamav-0.93.3-CVE-2008-1389.diff, NONE, 1.1 clamav-0.93.3-CVE-2008-3912.diff, NONE, 1.1 clamav-0.93.3-CVE-2008-3913.diff, NONE, 1.1 clamav-0.93.3-CVE-2008-3914.diff, NONE, 1.1 clamav-0.93.3-CVE-2008-5050.diff, NONE, 1.1 clamav.spec, 1.74, 1.75
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: thoger
Update of /cvs/pkgs/rpms/clamav/F-8
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv15472/F-8
Modified Files:
clamav.spec
Added Files:
clamav-0.92.1-CVE-2008-3912.diff
clamav-0.92.1-CVE-2008-3913.diff
clamav-0.92.1-CVE-2008-3914.diff
clamav-0.92.1-CVE-2008-5050.diff
Log Message:
Backport security fixes from 0.94 and 0.94.1
CVE-2008-1389 (F9 only), CVE-2008-3912, CVE-2008-3913, CVE-2008-3914, CVE-2008-5050
clamav-0.92.1-CVE-2008-3912.diff:
--- NEW FILE clamav-0.92.1-CVE-2008-3912.diff ---
Fix for CVE-2008-3912, applied upstream in 0.94
svn diff -c 4158 http://svn.clamav.net/svn/clamav-devel/trunk/
diff -pruN clamav-0.92.1.orig/libclamav/mbox.c clamav-0.92.1/libclamav/mbox.c
--- clamav-0.92.1.orig/libclamav/mbox.c 2007-12-13 00:25:59.000000000 +0100
+++ clamav-0.92.1/libclamav/mbox.c 2008-11-13 18:16:14.000000000 +0100
@@ -1440,6 +1440,8 @@ cli_parse_mbox(const char *dir, int desc
}
}
+ if(body->isTruncated && retcode == CL_SUCCESS)
+ retcode = CL_EMEM;
/*
* Tidy up and quit
*/
@@ -1602,6 +1604,11 @@ parseEmailFile(FILE *fin, const table_t
}
fullline = cli_strdup(line);
fulllinelength = strlen(line) + 1;
+ if(!fullline) {
+ if(ret)
+ ret->isTruncated = TRUE;
+ break;
+ }
} else if(line != NULL) {
fulllinelength += strlen(line);
ptr = cli_realloc(fullline, fulllinelength);
diff -pruN clamav-0.92.1.orig/libclamav/message.c clamav-0.92.1/libclamav/message.c
--- clamav-0.92.1.orig/libclamav/message.c 2007-12-06 13:59:04.000000000 +0100
+++ clamav-0.92.1/libclamav/message.c 2008-11-13 18:16:14.000000000 +0100
@@ -1801,14 +1801,13 @@ messageToText(message *m)
for(t_line = messageGetBody(m); t_line; t_line = t_line->t_next) {
if(first == NULL)
first = last = cli_malloc(sizeof(text));
- else {
+ else if (last) {
last->t_next = cli_malloc(sizeof(text));
last = last->t_next;
}
if(last == NULL) {
if(first) {
- last->t_next = NULL;
textDestroy(first);
}
return NULL;
@@ -1822,7 +1821,8 @@ messageToText(message *m)
case UUENCODE:
cli_errmsg("messageToText: Unexpected attempt to handle uuencoded file - report to http://bugs.clamav.net\n");
if(first) {
- last->t_next = NULL;
+ if(last)
+ last->t_next = NULL;
textDestroy(first);
}
return NULL;
@@ -1832,7 +1832,8 @@ messageToText(message *m)
if(t_line == NULL) {
/*cli_warnmsg("YENCODED attachment is missing begin statement\n");*/
if(first) {
- last->t_next = NULL;
+ if(last)
+ last->t_next = NULL;
textDestroy(first);
}
return NULL;
@@ -1868,7 +1869,7 @@ messageToText(message *m)
if(first == NULL)
first = last = cli_malloc(sizeof(text));
- else {
+ else if (last) {
last->t_next = cli_malloc(sizeof(text));
last = last->t_next;
}
@@ -1906,7 +1907,7 @@ messageToText(message *m)
if(decode(m, NULL, data, base64, FALSE) && data[0]) {
if(first == NULL)
first = last = cli_malloc(sizeof(text));
- else {
+ else if (last) {
last->t_next = cli_malloc(sizeof(text));
last = last->t_next;
}
diff -pruN clamav-0.92.1.orig/libclamav/message.h clamav-0.92.1/libclamav/message.h
--- clamav-0.92.1.orig/libclamav/message.h 2007-12-06 13:59:04.000000000 +0100
+++ clamav-0.92.1/libclamav/message.h 2008-11-13 18:16:14.000000000 +0100
@@ -35,6 +35,7 @@ typedef struct message {
char base64_1, base64_2, base64_3;
int base64chars;
unsigned int isInfected : 1;
+ unsigned int isTruncated : 1;
/*
* Markers for the start of various non MIME messages that could
clamav-0.92.1-CVE-2008-3913.diff:
--- NEW FILE clamav-0.92.1-CVE-2008-3913.diff ---
Fix for CVE-2008-3913, applied upstream in 0.94
svn diff -c 4126 http://svn.clamav.net/svn/clamav-devel/trunk/
diff -pruN clamav-0.92.1.orig/freshclam/manager.c clamav-0.92.1/freshclam/manager.c
--- clamav-0.92.1.orig/freshclam/manager.c 2008-01-28 22:19:29.000000000 +0100
+++ clamav-0.92.1/freshclam/manager.c 2008-11-13 18:57:14.000000000 +0100
@@ -323,6 +323,7 @@ static char *proxyauth(const char *user,
buf[len] = '\0';
auth = malloc(strlen(buf) + 30);
if(!auth) {
+ free(buf);
logg("!proxyauth: Can't allocate memory for 'authorization'\n");
return NULL;
}
@@ -355,8 +356,10 @@ static struct cl_cvd *remote_cvdhead(con
if(user) {
authorization = proxyauth(user, pass);
- if(!authorization)
+ if(!authorization) {
+ free(remotename);
return NULL;
+ }
}
}
@@ -520,8 +523,10 @@ static int getfile(const char *srcfile,
if(user) {
authorization = proxyauth(user, pass);
- if(!authorization)
+ if(!authorization) {
+ free(remotename);
return 75; /* FIXME */
+ }
}
}
@@ -544,6 +549,12 @@ static int getfile(const char *srcfile,
"Connection: close\r\n"
"\r\n", (remotename != NULL) ? remotename : "", srcfile, hostname, (authorization != NULL) ? authorization : "", agent);
+ if(remotename)
+ free(remotename);
+
+ if(authorization)
+ free(authorization);
+
memset(ipaddr, 0, sizeof(ipaddr));
if(ip[0]) /* use ip to connect */
@@ -565,12 +576,6 @@ static int getfile(const char *srcfile,
return 52;
}
- if(remotename)
- free(remotename);
-
- if(authorization)
- free(authorization);
-
/* read http headers */
ch = buffer;
i = 0;
clamav-0.92.1-CVE-2008-3914.diff:
--- NEW FILE clamav-0.92.1-CVE-2008-3914.diff ---
Fix for CVE-2008-3914, applied upstream in 0.94
svn diff -c 4124 http://svn.clamav.net/svn/clamav-devel/trunk/
(revision 4123 does not affect clamav-0.92.1)
diff -pruN clamav-0.92.1.orig/libclamav/others.c clamav-0.92.1/libclamav/others.c
--- clamav-0.92.1.orig/libclamav/others.c 2008-02-06 16:49:25.000000000 +0100
+++ clamav-0.92.1/libclamav/others.c 2008-11-13 19:05:01.000000000 +0100
@@ -753,8 +753,11 @@ int cli_filecopy(const char *src, const
return -1;
}
- if(!(buffer = cli_malloc(FILEBUFF)))
+ if(!(buffer = cli_malloc(FILEBUFF))) {
+ close(s);
+ close(d);
return -1;
+ }
while((bytes = cli_readn(s, buffer, FILEBUFF)) > 0)
cli_writen(d, buffer, bytes);
clamav-0.92.1-CVE-2008-5050.diff:
--- NEW FILE clamav-0.92.1-CVE-2008-5050.diff ---
Fix for CVE-2008-5050, applied upstream in 0.94.1
svn diff -c 4311 http://svn.clamav.net/svn/clamav-devel/
diff -pruN clamav-0.92.1.orig/libclamav/vba_extract.c clamav-0.92.1/libclamav/vba_extract.c
--- clamav-0.92.1.orig/libclamav/vba_extract.c 2008-01-28 22:30:35.000000000 +0100
+++ clamav-0.92.1/libclamav/vba_extract.c 2008-11-13 19:17:44.000000000 +0100
@@ -136,7 +136,7 @@ get_unicode_name(const char *name, int s
if((name == NULL) || (*name == '\0') || (size <= 0))
return NULL;
- newname = (char *)cli_malloc(size * 7);
+ newname = (char *)cli_malloc(size * 7 + 1);
if(newname == NULL)
return NULL;
Index: clamav.spec
===================================================================
RCS file: /cvs/pkgs/rpms/clamav/F-8/clamav.spec,v
retrieving revision 1.71
retrieving revision 1.72
diff -u -r1.71 -r1.72
--- clamav.spec 13 Jul 2008 19:06:56 -0000 1.71
+++ clamav.spec 13 Nov 2008 18:33:47 -0000 1.72
@@ -17,7 +17,7 @@
Summary: End-user tools for the Clam Antivirus scanner
Name: clamav
Version: 0.92.1
-Release: %release_func 3
+Release: %release_func 4
License: %{?with_unrar:proprietary}%{!?with_unrar:GPLv2}
Group: Applications/File
@@ -54,6 +54,12 @@
Patch28: clamav-0.92.1-CVE-2008-1387.diff
Patch29: clamav-0.92.1-CVE-2008-1833.diff
Patch30: clamav-0.92.1-CVE-2008-2713.diff
+# 0.94
+Patch31: clamav-0.92.1-CVE-2008-3912.diff
+Patch32: clamav-0.92.1-CVE-2008-3913.diff
+Patch33: clamav-0.92.1-CVE-2008-3914.diff
+# 0.94.1
+Patch34: clamav-0.92.1-CVE-2008-5050.diff
Patch80: clamav-0.92.1-outdated.patch
BuildRoot: %_tmppath/%name-%version-%release-root
Requires: clamav-lib = %version-%release
@@ -249,6 +255,10 @@
%patch28 -p1 -b .CVE-2008-1387
%patch29 -p1 -b .CVE-2008-1833
%patch30 -p0 -b .CVE-2008-2713
+%patch31 -p1 -b .CVE-2008-3912
+%patch32 -p1 -b .CVE-2008-3913
+%patch33 -p1 -b .CVE-2008-3914
+%patch34 -p1 -b .CVE-2008-5050
%patch80 -p1 -b .outdated
install -p -m0644 %SOURCE300 clamav-milter/
@@ -540,6 +550,14 @@
%changelog
+* Thu Nov 13 2008 Tomas Hoger <thoger at redhat.com> - 0.92.1-4
+- Security update - backport security fixes from 0.94:
+ CVE-2008-3912 (#461461): Multiple out-of-memory NULL pointer dereferences
+ CVE-2008-3913 (#461461): Fix memory leak in the error code path in freshclam
+ CVE-2008-3914 (#461461): File descriptor leak on the error code path
+- Security update - backport security fixes from 0.94.1:
+ CVE-2008-5050 (#470783): get_unicode_name() off-by-one buffer overflow
+
* Sun Jul 13 2008 Enrico Scholz <enrico.scholz at informatik.tu-chemnitz.de> - 0.92.1-3
- disabled check which prevents older freshclam versions to run in <4h
intervals (bz #453601)
- Previous message (by thread): rpms/nautilus-open-terminal/devel nautilus-open-terminal.spec, 1.22, 1.23
- Next message (by thread): rpms/clamav/F-9 clamav-0.93.3-CVE-2008-1389.diff, NONE, 1.1 clamav-0.93.3-CVE-2008-3912.diff, NONE, 1.1 clamav-0.93.3-CVE-2008-3913.diff, NONE, 1.1 clamav-0.93.3-CVE-2008-3914.diff, NONE, 1.1 clamav-0.93.3-CVE-2008-5050.diff, NONE, 1.1 clamav.spec, 1.74, 1.75
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list