Bug 640812 - clamav 0.96.3
clamav 0.96.3
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: General
unspecified
Other Other
: P5 - None : Normal
: ---
Assigned To: Security Team bot
Security Team bot
maint:released:11.1:36128 maint:relea...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2010-09-21 13:14 UTC by Ludwig Nussel
Modified: 2017-12-03 09:02 UTC (History)
3 users (show)

See Also:
Found By: Development
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Ludwig Nussel 2010-09-21 13:14:48 UTC
clamav 0.96.3 was released. Mainly to fix the bzip2 issue in the internal bzip2 copy. We use the system libbz2 though.
So usual clamav version update.
Comment 1 Swamp Workflow Management 2010-09-21 14:51:19 UTC
The SWAMPID for this issue is 35995.
This issue was rated as moderate.
Please submit fixed packages until 2010-10-05.
Also create a patchinfo file using this link:
https://swamp.suse.de/webswamp/wf/35995
Comment 2 Christian Dengler 2010-09-21 14:51:59 UTC
Update started as a recommended update. Be so kind and submit the fixed sources and a patchinfo.
Comment 3 Ludwig Nussel 2010-09-28 08:12:24 UTC
CVE-2010-3434 was assigned to the changelog entry
 * libclamav/pdf.c: Add missing boundscheck to pdf code (bb #2226)

security details are unknown yet as the bug report is not accessible
Comment 4 Ludwig Nussel 2010-09-28 12:33:52 UTC
looks like it could only cause a crash
http://git.clamav.net/gitweb?p=clamav-devel.git;a=commitdiff;h=dc5143b4669ae39c79c9af50d569c28c798f33da
Comment 5 Reinhard Max 2010-09-28 14:07:18 UTC
> security details are unknown yet as the bug report is not accessible

The ClamAV-Team just opened it:
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2226
Comment 10 Swamp Workflow Management 2010-10-28 13:50:44 UTC
Update released for: clamav, clamav-db, clamav-debuginfo, clamav-debugsource
Products:
openSUSE 11.1 (debug, i586, ppc, x86_64)
openSUSE 11.2 (debug, i586, x86_64)
openSUSE 11.3 (debug, i586, x86_64)
Comment 11 Martin Seidler 2010-10-29 16:54:06 UTC
Should this ("Status: New" and "Priority: P5 - None") bug not be marked as resolved?

clamav update to version 0.96.3 : clamav-3230 (noarch):
"This update is needed to fix a security vulnerability with this package.
clamav version 0.96.3 fixes problems when scanning pdf files (CVE-2010-3434) and also contains numerous other bug fixes.

For more information about bugs fixed by this update please visit this website:
• https://bugzilla.novell.com/show_bug.cgi?id=640812 .
For more information about this security update please visit this website:
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3434 ."[Spaces added]
Comment 12 Marcus Meissner 2010-11-29 16:12:03 UTC
its still open for SLE.
Comment 13 Swamp Workflow Management 2010-11-29 21:15:56 UTC
Update released for: clamav, clamav-db, clamav-debuginfo, clamav-debugsource
Products:
SLE-DEBUGINFO 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP1 (i386, x86_64)
SLE-SERVER 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLES4VMWARE 11-SP1 (i386, x86_64)
Comment 14 Swamp Workflow Management 2010-11-29 21:26:31 UTC
Update released for: clamav, clamav-db, clamav-debuginfo, clamav-debugsource
Products:
SLE-DEBUGINFO 11 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11 (i386, x86_64)
SLE-SERVER 11 (i386, ia64, ppc64, s390x, x86_64)
Comment 15 Swamp Workflow Management 2010-11-30 16:01:46 UTC
Update released for: clamav, clamav-db, clamav-debuginfo
Products:
SLE-DESKTOP 10-SP3 (i386, x86_64)
SLE-SAP-APL 10-SP3 (x86_64)
SLE-SDK 10-SP3 (i386, ia64, ppc, s390x, x86_64)
SLE-SERVER 10-SP3 (i386, ia64, ppc, s390x, x86_64)
Comment 16 Thomas Biege 2010-11-30 20:55:25 UTC
released
Comment 17 Swamp Workflow Management 2010-11-30 23:55:26 UTC
Update released for: clamav, clamav-db
Products:
Novell-Linux-POS 9 (i386)
Open-Enterprise-Server 9 (i386)
SUSE-CORE 9 (i386, ia64, ppc, s390, s390x, x86_64)
Comment 18 Bernhard Wiedemann 2017-12-03 09:02:33 UTC
This is an autogenerated message for OBS integration:
This bug (640812) was mentioned in
https://build.opensuse.org/request/show/547654 15.0 / clamav