[Pkg-clamav-devel] Bug#770985: Bug#770985: Bug#770985: clamav: heap buffer overflow when scanning a specially crafted y0da Crypter obfuscated PE file
Evgeni Golov
evgeni.golov at credativ.de
Thu Nov 27 09:32:29 UTC 2014
On Thu, Nov 27, 2014 at 09:38:08AM +0100, Evgeni Golov wrote:
> On Tue, Nov 25, 2014 at 04:30:43PM -0500, Scott Kitterman wrote:
> > On Tuesday, November 25, 2014 10:18:21 PM Sebastian Andrzej Siewior wrote:
> > > On Tue, Nov 25, 2014 at 07:07:30PM +0100, Ralf Hildebrandt wrote:
> > > > Version: 0.98.1+dfsg-1+deb6u3
> > > >
> > > > A heap buffer overflow was reported in [1] in ClamAV when scanning a
> > > > specially crafted y0da Crypter obfuscated PE file.
> > > > Note that this is remotely exploitable when ClamAV is used as a mail
> > > > gateway scanner.
> > >
> > > we are aware of the situtation, a stable upload is already waiting. Please
> > > note that there won't be an update for Squeeze unless the LTS team does so.
> >
> > I did add clamav to the list of packages needing an update for the LTS (and
> > libclamunrar too), so the LTS team is aware of it.
>
> Thanks, working on the clamav one now for LTS.
>
> Upstreams patch applies just fine on the version in Squeeze, so I guess
> it would be better to apply it, instead of pulling in the new upstream?
Sadly, the patch does not solve the issue itself. clamscan -a still
segfaults for me after the patch.
I'll try to figure out what else is needed.
More information about the Pkg-clamav-devel
mailing list