Re: [clamav-users] CVE fix status

2017-11-21 Thread Steven Morgan 
Zetan,

I've added you to the cc list. Please try it now.

Steve

On Tue, Nov 21, 2017 at 11:58 AM, Zetan Drableg 
wrote:

> Thank you. After signing up with bugzilla I still get the message " You are
> not authorized to access bug #11961. "
>
>
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] CVE fix status

2017-11-21 Thread Zetan Drableg 
Thank you. After signing up with bugzilla I still get the message " You are
not authorized to access bug #11961. "

On Mon, Nov 20, 2017 at 2:23 PM, Steven Morgan 
wrote:

> I think some may be fixed already. I've opened ticket 11961 in the ClamAV
> bugzilla for followup and tracking.
>
> Steve
>
>
> On Mon, Nov 20, 2017 at 2:54 PM, Zetan Drableg 
> wrote:
>
> > Hi,
> > Anyone know when these CVEs will be fixed? Does clamav provide a 0.99.2
> > security fix branch or I need to consume 0.99.3 devel? Does EPEL backport
> > fixes?
> >
> > CVE-2017-6418
> > CVE-2017-6419
> > CVE-2017-6420
> >
> > It was discovered that ClamAV incorrectly handled parsing certain e-mail
> > messages. A remote attacker could possibly use this issue to cause ClamAV
> > to crash, resulting in a denial of service. (CVE-2017-6418
> > )
> >
> > It was discovered that ClamAV incorrectly handled certain malformed CHM
> > files. A remote attacker could use this issue to cause ClamAV to crash,
> > resulting in a denial of service, or possibly execute arbitrary code.
> This
> > issue only affected Ubuntu 14.04 LTS. In the default installation,
> > attackers would be isolated by the ClamAV AppArmor profile.
> (CVE-2017-6419
> > )
> > It was discovered that ClamAV incorrectly handled parsing certain PE
> files
> > with WWPack compression. A remote attacker could possibly use this issue
> to
> > cause ClamAV to crash, resulting in a denial of service. (CVE-2017-6420
> > )
> >
> > Thank you
> > ___
> > clamav-users mailing list
> > clamav-users@lists.clamav.net
> > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> >
> >
> > Help us build a comprehensive ClamAV guide:
> > https://github.com/vrtadmin/clamav-faq
> >
> > http://www.clamav.net/contact.html#ml
> >
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] CVE fix status

2017-11-20 Thread Steven Morgan 
I think some may be fixed already. I've opened ticket 11961 in the ClamAV
bugzilla for followup and tracking.

Steve


On Mon, Nov 20, 2017 at 2:54 PM, Zetan Drableg 
wrote:

> Hi,
> Anyone know when these CVEs will be fixed? Does clamav provide a 0.99.2
> security fix branch or I need to consume 0.99.3 devel? Does EPEL backport
> fixes?
>
> CVE-2017-6418
> CVE-2017-6419
> CVE-2017-6420
>
> It was discovered that ClamAV incorrectly handled parsing certain e-mail
> messages. A remote attacker could possibly use this issue to cause ClamAV
> to crash, resulting in a denial of service. (CVE-2017-6418
> )
>
> It was discovered that ClamAV incorrectly handled certain malformed CHM
> files. A remote attacker could use this issue to cause ClamAV to crash,
> resulting in a denial of service, or possibly execute arbitrary code. This
> issue only affected Ubuntu 14.04 LTS. In the default installation,
> attackers would be isolated by the ClamAV AppArmor profile. (CVE-2017-6419
> )
> It was discovered that ClamAV incorrectly handled parsing certain PE files
> with WWPack compression. A remote attacker could possibly use this issue to
> cause ClamAV to crash, resulting in a denial of service. (CVE-2017-6420
> )
>
> Thank you
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] CVE fix status

2017-11-20 Thread Zetan Drableg 
Hi,
Anyone know when these CVEs will be fixed? Does clamav provide a 0.99.2
security fix branch or I need to consume 0.99.3 devel? Does EPEL backport
fixes?

CVE-2017-6418
CVE-2017-6419
CVE-2017-6420

It was discovered that ClamAV incorrectly handled parsing certain e-mail
messages. A remote attacker could possibly use this issue to cause ClamAV
to crash, resulting in a denial of service. (CVE-2017-6418
)

It was discovered that ClamAV incorrectly handled certain malformed CHM
files. A remote attacker could use this issue to cause ClamAV to crash,
resulting in a denial of service, or possibly execute arbitrary code. This
issue only affected Ubuntu 14.04 LTS. In the default installation,
attackers would be isolated by the ClamAV AppArmor profile. (CVE-2017-6419
)
It was discovered that ClamAV incorrectly handled parsing certain PE files
with WWPack compression. A remote attacker could possibly use this issue to
cause ClamAV to crash, resulting in a denial of service. (CVE-2017-6420
)

Thank you
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml