From owner-freebsd-security@FreeBSD.ORG Wed Feb 13 15:49:20 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7279016A418 for ; Wed, 13 Feb 2008 15:49:20 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) Received: from 0.mx.codelabs.ru (0.mx.codelabs.ru [144.206.177.45]) by mx1.freebsd.org (Postfix) with ESMTP id 2E3D413C4F2 for ; Wed, 13 Feb 2008 15:49:20 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) DomainKey-Signature: a=rsa-sha1; q=dns; c=simple; s=one; d=codelabs.ru; h=Received:Date:From:To:Message-ID:MIME-Version:Content-Type:Content-Disposition:Sender:X-Spam-Status:Subject; b=cZfvEQ6pNJRyeMtYX+pjMXSszBEK8gVpi/JmuQMPfNVT0Yh8nYX2bn9v/uirhP5Gvy5DRw+3hxZ4POiel3PPMuPgdp+Evx5nXqn8kSD3979xLwDFsm+yI42xcN0SDKRJ0XQTbUdQKS++6PrVNAAMr+vmoTbduNARmLbrS1paDmk=; Received: from void.codelabs.ru (void.codelabs.ru [144.206.177.25]) by 0.mx.codelabs.ru with esmtpsa (TLSv1:AES256-SHA:256) id 1JPJh9-0008TL-Df for freebsd-security@freebsd.org; Wed, 13 Feb 2008 18:38:47 +0300 Date: Wed, 13 Feb 2008 18:38:46 +0300 From: Eygene Ryabinkin To: freebsd-security@freebsd.org Message-ID: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="Fnm8lRGFTVS/3GuM" Content-Disposition: inline Sender: rea-fbsd@codelabs.ru X-Spam-Status: No, score=-1.8 required=4.0 tests=ALL_TRUSTED,AWL,BAYES_50 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: VuXML entry for CVE-2008-0318 (libclamav) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Feb 2008 15:49:20 -0000 --Fnm8lRGFTVS/3GuM Content-Type: text/plain; charset=koi8-r Content-Disposition: inline Good day. Attached is the draft of the VuXML entry for the new ClamAV vulnerability. >From what I had seen and from the comments of the iDefence and ClamAV changelog, it seems that the vulnerable Petite PE module is really disabled in daily.cfg. The file has entries 'PE:0xbfff:13:23' and 'PE:0xdeff:24:25', while libclamav/dconf.h has the following: ----- #define PE_CONF_PETITE 0x100 ----- So, Petite compressor is disabled for f-levels 24 (0.92_sf) and 25 (0.92). 23 is 0.92rc2 and Petite is enabled for it and lower versions down to 13 (0.90). F-versions were extracted from libclamav/others.c, macro variable CL_FLEVEL. So I had marked only clamav >= 0.92 and < 0.92.1 as vulnerable. -- Eygene --Fnm8lRGFTVS/3GuM--