libclamav petite.c denial of sevice issue

Bug #249316 reported by Scott Kitterman on 2008-07-17
256
Affects Status Importance Assigned to Milestone
clamav (Ubuntu)
Medium
Unassigned
Dapper
Medium
Michael Casadevall
Feisty
Medium
Michael Casadevall
Gutsy
Medium
Michael Casadevall
Hardy
Medium
Unassigned

Bug Description

Binary package hint: clamav

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for clamav.

CVE-2008-2713[0]:
| libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to
| cause a denial of service via a crafted Petite file that triggers an
| out-of-bounds read.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

The DTSA released for this issue seems to have been incomplete. Please
see this mail[1] and the additional upstream commit[2].

Cheers
Steffen

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2713
    http://security-tracker.debian.net/tracker/CVE-2008-2713

[1] http://www.openwall.com/lists/oss-security/2008/07/15/1

[2] http://svn.clamav.net/websvn/diff.php?repname=clamav-devel&path=/branches/0.93/libclamav/petite.c&rev=3920

Changed in clamav:
importance: Undecided → Medium
status: New → Fix Released
importance: Undecided → Medium
status: New → Confirmed
importance: Undecided → Medium
status: New → Confirmed
importance: Undecided → Medium
status: New → Confirmed
importance: Undecided → Medium
status: New → Confirmed
Michael Rooney (mrooney) wrote :

Hello, what does the Fix Released status indicate, that the fixed version is in Intrepid? Thanks for clarifying!

Scott Kitterman (kitterman) wrote :

Yes. Here's the patch for Hardy.

Changed in clamav:
assignee: nobody → kitterman
status: Confirmed → In Progress
assignee: kitterman → nobody
status: In Progress → Triaged

Here's another patch for Gutsy

Here's the Feisty patch

Changed in clamav:
assignee: nobody → sonicmctails
assignee: nobody → sonicmctails
assignee: nobody → sonicmctails

and the Dapper patch

Leonel Nunez (leonelnunez) wrote :

Isn't this a duplicate for : bug 238575?

On Thu, 17 Jul 2008 11:33:10 -0000 Leonel Nunez <email address hidden>
wrote:
>Isn't this a duplicate for : bug 238575?

No. That one missed a spot.

Leonel Nunez (leonelnunez) wrote :

I thought that were the same that's why I didn't get into it

Great it got fixed

Changed in clamav:
status: Confirmed → In Progress
status: Confirmed → In Progress
status: Confirmed → In Progress
status: Triaged → In Progress
Jamie Strandboge (jdstrand) wrote :

Thanks for the debdiffs! Michael, can you respin the debdiffs so the versions follow https://wiki.ubuntu.com/SecurityUpdateProcedures? Also, the gutsy debdiff needs to have 'gutsy-security'. We also typically have the 'References' field last in the list of changes.

Scott Kitterman (kitterman) wrote :

We've been following a non-standard sequence for some time. There's no risk
of version collision.

Replacement gutsy patch at the request of the security team.

Jamie Strandboge (jdstrand) wrote :

Discussed in IRC-- in reviewing the patches for dapper-gutsy, there were whitespace changes that diverged from Scott's hardy debdiff. Please respin dapper-gutsy by applying hardy's debdiff (minus the changelog). Since all versions have the same source, it's really important to keep the patches the same between all versions. Thanks!

Changed in clamav:
status: In Progress → Fix Committed

I'm respinning the fixes (sorry for the late response, I've been running around like an idiot today ;-)).

Here's the gutsy one.

ack, sorry, I uploaded the wrong debdiff. here's the right one

Here's feisty

Here's dapper.

I apologize the invalidness of the patches; I hadn't realized it was all the same version so I simply recreated the patch for each effected version.

Uploaded the *right* patch this time.

Changed in clamav:
status: In Progress → Fix Committed
status: In Progress → Fix Committed
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package clamav - 0.92.1~dfsg2-1.1ubuntu0.2

---------------
clamav (0.92.1~dfsg2-1.1ubuntu0.2) hardy-security; urgency=high

  * SECURITY UPDATE: fix possible DoS due to invalid memory access
  * References
    CVE-2008-2713
    Debian Bug #490925
  * Updated 27_petite.c.dpatch (LP: #249316)
    - libclamav/petite.c: fix one more spot

 -- Scott Kitterman <email address hidden> Thu, 17 Jul 2008 00:41:21 -0400

Changed in clamav:
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package clamav - 0.92.1~dfsg2-1.1~gutsy3.1

---------------
clamav (0.92.1~dfsg2-1.1~gutsy3.1) gutsy-security; urgency=low

  * SECURITY UPDATE: fix possible DoS due to invalid memory access
  * Updated 27_petite.c.dpatch (LP: #249316)
    - libclamav/petite.c: fix one more spot
  * References
    CVE-2008-2713
    Debian Bug #490925

 -- Michael Casadevall <email address hidden> Thu, 17 Jul 2008 05:25:10 +0000

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package clamav - 0.92.1~dfsg2-1.1~feisty3.1

---------------
clamav (0.92.1~dfsg2-1.1~feisty3.1) feisty-security; urgency=low

  * SECURITY UPDATE: fix possible DoS due to invalid memory access
  * Updated 27_petite.c.dpatch (LP: #249316)
    - libclamav/petite.c: fix one more spot
  * References
    CVE-2008-2713
    Debian Bug #490925

 -- Michael Casadevall <email address hidden> Thu, 17 Jul 2008 06:03:13 +0000

Changed in clamav:
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
Changed in clamav:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers