Ubuntu
clamav package

clamav in dapper vulnerable to critical heap overflow

Bug #59915 reported by Christiane on 2006-09-11

256

Affects		Status	Importance	Assigned to	Milestone
	clamav (Ubuntu)	Fix Released	Undecided	Martin Pitt

Bug Description

clamav_0.88.2-1ubuntu1, which is the most recent package available in dapper as of today, contains the critical heap overflow vunerability as described in:

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4018

The edgy release already contains the fix.

CVE References

2006-4018

Revision history for this message

Kees Cook (kees) wrote on 2006-09-18:

(bad) debdiff to fix UPX heap overflow Edit (1.6 KiB, text/plain)

Attached is a debdiff for the UPX unpacker fix for dapper's clamav.

Revision history for this message

Kees Cook (kees) wrote on 2006-09-18:

new debdiff to fix heap overflow Edit (1.6 KiB, text/plain)

This is a corrected patch that has a good changelog version and adds a note about the origin of patch.

Revision history for this message

Martin Pitt (pitti) wrote on 2006-09-18:

Looks good now, will upload.

Changed in clamav:
assignee:	nobody → pitti
status:	Unconfirmed → Fix Committed

Revision history for this message

Martin Pitt (pitti) wrote on 2006-09-18:

Released, should be on security.u.c. in about 80 minutes.

Changed in clamav:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

Add patch

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuclamav package

clamav in dapper vulnerable to critical heap overflow

Bug Description

CVE References

Other bug subscribers

Patches

Remote bug watches

Ubuntu
clamav package