DoS due to PDF parsing issues

Bug #643682 reported by Scott Kitterman on 2010-09-20
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
clamav (Ubuntu)
Medium
Unassigned
Dapper
Undecided
Unassigned
Hardy
Undecided
Unassigned
Jaunty
Undecided
Unassigned
Karmic
Undecided
Unassigned
Lucid
Undecided
Unassigned
Maverick
Medium
Unassigned

Bug Description

Binary package hint: clamav

A new clamav release is out with a fix for a security issue in their PDF parser.

http://git.clamav.net/gitweb?p=clamav-devel.git;a=commitdiff;h=dc5143b4669ae39c79c9af50d569c28c798f33da;hp=4dccd075f99592a3aee59fff69c3851da4dd6efe appears to be the PDF change.
j
Impact of the PDF change is DoS. Reading an appropriate PDF would cause a crash.

Related branches

CVE References

visibility: private → public
Changed in clamav (Ubuntu):
importance: Undecided → Medium
status: New → Triaged
milestone: none → ubuntu-10.10
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package clamav - 0.96.3+dfsg-1ubuntu1

---------------
clamav (0.96.3+dfsg-1ubuntu1) maverick; urgency=low

    * Merge new upstream release from Debian Unstable. FFe (LP: #644707).
      Also fixes (LP: #643682). Remaining Ubuntu changes:
      - Drop initial signature definitions from clamav-base
      - Drop build-dep on electric-fence (in Universe)
      - Add apparmor profiles for clamd and freshclam along with maintainer
        script changes
    * Fix NotifyClamd configurate in debian/clamav-freshclam.postinst
      - Cherry pick from Debian pkg-clamav Git, Thanks to Stephen Gran

clamav (0.96.3+dfsg-1) unstable; urgency=high

  [ Stephen Gran ]
  * Fixed NotifyClamd config options handling.

  [ Alberto WU ]
  * New upstream release
    - urgency=high as this addresses CVE-2010-0405
    - Reset MaxFileSize to default value if set to 0 (closes: #585479)
    - New config option ExtendedDetectionInfo (clamd.conf)

  [ Michael Tautschnig ]
  * Set data segment limit in tests to 524288 to make kfreebsd-i386 systems
    happy (closes: #591245).
  * Bumped Standards-Version to 3.9.1, no changes needed.
  * Preserve order of database mirrors (closes: #592322).
  * Added Vcs-Git and Vcs-Browser control fields.
  * Debconf translation updates
    - Italian (closes: #597307)
  * We'll stay with 1.0 Debian source format for now, added proper
    debian/source/format
 -- Scott Kitterman <email address hidden> Mon, 20 Sep 2010 15:41:38 -0400

Changed in clamav (Ubuntu Maverick):
status: Triaged → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (8.2 KiB)

This bug was fixed in the package clamav - 0.96.3+dfsg-2ubuntu1.0.10.04.1

---------------
clamav (0.96.3+dfsg-2ubuntu1.0.10.04.1) lucid-proposed; urgency=low

   * Microversion update to 0.96.3 for Lucid (LP: #653738)

clamav (0.96.3+dfsg-2ubuntu1.1) maverick-proposed; urgency=low

  * PDF clamdscan crash fix (LP: #658341) - Cherry pick from Clamav git commit
    e142504b07d7f81435f6ac99ec1eedf6c08f2188, will be part of 0.96.4

clamav (0.96.3+dfsg-2ubuntu1) maverick; urgency=low

  * Merge from Debian Unstable. Remaining Ubuntu changes:
    - Drop initial signature definitions from clamav-base
    - Drop build-dep on electric-fence (in Universe)
    - Add apparmor profiles for clamd and freshclam along with maintainer
      script changes

clamav (0.96.3+dfsg-2) unstable; urgency=low

  [ Stephen Gran ]
  * Add NotifyClamd only if set to nonempty value.

  [ Michael Tautschnig ]
  * Cherry-pick from upstream: Only enable RLIMIT_DATA warning on *BSD
    (already included in Ubuntu's 1ubuntu3) (closes: #598083).
  * Do rmdir /etc/clamav, /var/log/clamav, /var/lib/clamav in all postrms as
    we cannot count on clamav-base's postrm to be the last one being called
    (thanks piuparts).
  * Remove trailing / in freshclam's DatabaseDirectory default value
    (closes: #598084).

clamav (0.96.3+dfsg-1ubuntu4) maverick; urgency=low

  * debian/usr.sbin.clamd: updated to give read access to
    @{PROC}/[0-9]*/status and @{PROC}/filesystems. The latter is covered by
    the base abstraction, but we add it here to ease backporting.
    - LP: #645956

clamav (0.96.3+dfsg-1ubuntu3) maverick; urgency=low

  * Change from upstream to fix clamd/clamd.c to only check RLIMIT_DATA on
    FreeBSD since the check is not relevant to Linux (See clamav bug #1941 for
    details)

clamav (0.96.3+dfsg-1ubuntu2) maverick; urgency=low

  * debian/usr.bin.freshclam: updated to give read access to
    @{PROC}/[0-9]*/status and @{PROC}/filesystems. The latter is covered by
    the base abstraction, but we add it here to ease backporting.
    - LP: #645061

clamav (0.96.3+dfsg-1ubuntu1) maverick; urgency=low

    * Merge new upstream release from Debian Unstable. FFe (LP: #644707).
      Also fixes (LP: #643682). Remaining Ubuntu changes:
      - Drop initial signature definitions from clamav-base
      - Drop build-dep on electric-fence (in Universe)
      - Add apparmor profiles for clamd and freshclam along with maintainer
        script changes
    * Fix NotifyClamd configurate in debian/clamav-freshclam.postinst
      - Cherry pick from Debian pkg-clamav Git, Thanks to Stephen Gran

clamav (0.96.3+dfsg-1) unstable; urgency=high

  [ Stephen Gran ]
  * Fixed NotifyClamd config options handling.

  [ Alberto WU ]
  * New upstream release
    - urgency=high as this addresses CVE-2010-0405
    - Reset MaxFileSize to default value if set to 0 (closes: #585479)
    - New config option ExtendedDetectionInfo (clamd.conf)

  [ Michael Tautschnig ]
  * Set data segment limit in tests to 524288 to make kfreebsd-i386 systems
    happy (closes: #591245).
  * Bumped Standards-Version to 3.9.1, no changes needed.
  * Preserve order of database mirrors (closes: #592322).
  * Added...

Read more...

Changed in clamav (Ubuntu Lucid):
status: New → Fix Released
Clint Byrum (clint-fewbar) wrote :

Since Jaunty is EOL, closing Jaunty task as Won't Fix.

Changed in clamav (Ubuntu Jaunty):
status: New → Won't Fix
Jamie Strandboge (jdstrand) wrote :
Changed in clamav (Ubuntu Jaunty):
status: Won't Fix → Fix Released
Changed in clamav (Ubuntu Dapper):
status: New → Fix Released
Changed in clamav (Ubuntu Hardy):
status: New → Fix Released
Changed in clamav (Ubuntu Karmic):
status: New → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers