First Last Prev Next    This bug is not in your last search results.
Bug 1082858 - (CVE-2018-1000085) VUL-0: CVE-2018-1000085: clamav: Out-of-bounds heap read in XAR parser
(CVE-2018-1000085)
VUL-0: CVE-2018-1000085: clamav: Out-of-bounds heap read in XAR parser
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/200825/
CVSSv3:SUSE:CVE-2018-1000085:7.5:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-02-26 15:01 UTC by Johannes Segitz
Modified: 2020-07-26 22:04 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Reproducer (332 bytes, application/octet-stream)
2018-02-26 15:01 UTC, Johannes Segitz 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2018-02-26 15:01:52 UTC 
Created attachment 761745 [details]
Reproducer

An out-of-bounds heap read vulnerability was found in XAR parser that leads to clamscan crash when invoked on malicious XAR file.

Upstream patch:
https://github.com/Cisco-Talos/clamav-devel/commit/d96a6b8bcc7439fa7e3876207aa0a8e79c8451b6

Poc doesn't trigger for me (although it should even without ASAN according to the reporter), but the code is in all codestreams.

Reference:
http://www.openwall.com/lists/oss-security/2017/09/29/4
https://bugzilla.redhat.com/show_bug.cgi?id=1549069
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000085
Comment 2 Swamp Workflow Management 2018-03-07 16:10:06 UTC 
This is an autogenerated message for OBS integration:
This bug (1082858) was mentioned in
https://build.opensuse.org/request/show/583965 Factory / clamav
Comment 4 Swamp Workflow Management 2018-03-14 14:09:17 UTC 
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2018-03-28.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/63991
Comment 5 Swamp Workflow Management 2018-03-26 13:13:35 UTC 
SUSE-SU-2018:0809-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 1045315,1049423,1052449,1082858,1083915
CVE References: CVE-2012-6706,CVE-2017-11423,CVE-2017-6419,CVE-2018-0202,CVE-2018-1000085
Sources used:
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    clamav-0.99.4-33.9.1
SUSE Linux Enterprise Server 12-SP3 (src):    clamav-0.99.4-33.9.1
SUSE Linux Enterprise Server 12-SP2 (src):    clamav-0.99.4-33.9.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    clamav-0.99.4-33.9.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    clamav-0.99.4-33.9.1
Comment 6 Swamp Workflow Management 2018-03-27 10:10:13 UTC 
openSUSE-SU-2018:0825-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 1045315,1049423,1052449,1082858,1083915
CVE References: CVE-2012-6706,CVE-2017-11423,CVE-2017-6419,CVE-2018-0202,CVE-2018-1000085
Sources used:
openSUSE Leap 42.3 (src):    clamav-0.99.4-23.1
Comment 7 Swamp Workflow Management 2018-04-03 19:10:47 UTC 
SUSE-SU-2018:0863-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 1045315,1049423,1052449,1082858,1083915
CVE References: CVE-2012-6706,CVE-2017-11423,CVE-2017-6419,CVE-2018-0202,CVE-2018-1000085
Sources used:
SUSE Linux Enterprise Server 11-SP4 (src):    clamav-0.99.4-0.20.7.2
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    clamav-0.99.4-0.20.7.2
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    clamav-0.99.4-0.20.7.2
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    clamav-0.99.4-0.20.7.2
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    clamav-0.99.4-0.20.7.2
Comment 8 Swamp Workflow Management 2018-08-14 16:10:44 UTC 
SUSE-SU-2018:2323-1: An update that solves four vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1082858,1101410,1101412,1101654,1103040
CVE References: CVE-2018-0360,CVE-2018-0361,CVE-2018-1000085,CVE-2018-14679
Sources used:
SUSE OpenStack Cloud 7 (src):    clamav-0.100.1-33.15.2
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    clamav-0.100.1-33.15.2
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    clamav-0.100.1-33.15.2
SUSE Linux Enterprise Server 12-SP3 (src):    clamav-0.100.1-33.15.2
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    clamav-0.100.1-33.15.2
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    clamav-0.100.1-33.15.2
SUSE Linux Enterprise Server 12-LTSS (src):    clamav-0.100.1-33.15.2
SUSE Linux Enterprise Desktop 12-SP3 (src):    clamav-0.100.1-33.15.2
SUSE Enterprise Storage 4 (src):    clamav-0.100.1-33.15.2
Comment 9 Swamp Workflow Management 2018-08-17 10:32:04 UTC 
openSUSE-SU-2018:2406-1: An update that solves four vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1082858,1101410,1101412,1101654,1103040
CVE References: CVE-2018-0360,CVE-2018-0361,CVE-2018-1000085,CVE-2018-14679
Sources used:
openSUSE Leap 42.3 (src):    clamav-0.100.1-29.1
Comment 10 Marcus Meissner 2018-09-07 11:53:34 UTC 
released
Comment 11 Swamp Workflow Management 2018-10-18 17:36:10 UTC 
SUSE-SU-2018:2323-2: An update that solves four vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1082858,1101410,1101412,1101654,1103040
CVE References: CVE-2018-0360,CVE-2018-0361,CVE-2018-1000085,CVE-2018-14679
Sources used:
SUSE Linux Enterprise Server 12-SP2-BCL (src):    clamav-0.100.1-33.15.2
First Last Prev Next    This bug is not in your last search results.