ports/106620: Update clamav to .88.7 (dos attack)
Michael Scheidell
scheidell at secnap.net
Mon Dec 11 22:35:46 UTC 2006
>Number: 106620
>Category: ports
>Synopsis: Update clamav to .88.7 (dos attack)
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Mon Dec 11 22:30:12 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: Michael Scheidell
>Release: FreeBSD 5.5-RELEASE-p8 i386
>Organization:
SECNAP Network Security
>Environment:
System: FreeBSD scanner.secnap.net 5.5-RELEASE-p8 FreeBSD 5.5-RELEASE-p8 #3: Sun Nov 12 20:10:52 EST 2006 scheidell at scanner.secnap.net:/usr/obj/usr/src/sys/HACKERTRAP_305 i386
>Description:
.88.6 clamav may have an untar recoursion DOS attack problem.
>How-To-Repeat:
specially crafter tar archive can cause a DOS using clamav .88.6.
>Fix:
update to .88.7, patch included.
diff -bBru distinfo.orig distinfo
--- distinfo.orig Mon Nov 6 06:03:43 2006
+++ distinfo Mon Dec 11 17:17:24 2006
@@ -1,3 +1,3 @@
-MD5 (clamav-0.88.6.tar.gz) = db7f8b947bc21023f36e04bfdd555dd0
-SHA256 (clamav-0.88.6.tar.gz) = cc7f90983aa61b3d893c3311e3f832c5faa204467143cff597ad80bf8ad24daa
-SIZE (clamav-0.88.6.tar.gz) = 8929534
+MD5 (clamav-0.88.7.tar.gz) = 34a9d58cf5bcb04dbe3eb32b5367a3f8
+SHA256 (clamav-0.88.7.tar.gz) = 702cb5928bff3d0e647a4a6b505d434e3a0f10f2af74bddac5239a200b92d1e2
+SIZE (clamav-0.88.7.tar.gz) = 9510548
diff -bBru Makefile.orig Makefile
--- Makefile.orig Mon Nov 6 06:03:43 2006
+++ Makefile Mon Dec 11 17:13:07 2006
@@ -6,7 +6,7 @@
#
PORTNAME= clamav
-PORTVERSION= 0.88.6
+PORTVERSION= 0.88.7
CATEGORIES= security
MASTER_SITES= SF
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list