Hello community,

here is the log from the commit of package clamav for openSUSE:Factory checked 
in at 2018-02-22 15:01:15
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/clamav (Old)
 and      /work/SRC/openSUSE:Factory/.clamav.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "clamav"

Thu Feb 22 15:01:15 2018 rev:92 rq:578702 version:0.99.3

Changes:
--------
--- /work/SRC/openSUSE:Factory/clamav/clamav.changes    2018-02-14 
10:52:46.283201713 +0100
+++ /work/SRC/openSUSE:Factory/.clamav.new/clamav.changes       2018-02-22 
15:01:18.744450764 +0100
@@ -1,0 +2,7 @@
+Wed Feb 14 12:21:39 UTC 2018 - m...@suse.com
+
+- bsc#1045490, CVE-2012-6706: VMSF_DELTA filter in libclamunrar
+  allows arbitrary memory write (clamav-CVE-2012-6706.patch).
+- Buildrequire curl-devel to enable clamsubmit.
+
+-------------------------------------------------------------------

New:
----
  clamav-CVE-2012-6706.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ clamav.spec ++++++
--- /var/tmp/diff_new_pack.sm1hcT/_old  2018-02-22 15:01:20.120401264 +0100
+++ /var/tmp/diff_new_pack.sm1hcT/_new  2018-02-22 15:01:20.124401120 +0100
@@ -33,6 +33,7 @@
 BuildRequires:  automake
 BuildRequires:  check-devel
 BuildRequires:  libbz2-devel
+BuildRequires:  libcurl-devel
 BuildRequires:  libopenssl-devel
 BuildRequires:  libtool
 BuildRequires:  libxml2-devel
@@ -62,6 +63,7 @@
 Patch3:         clamav-gcc47.patch
 Patch4:         clamav-disable-timestamps.patch
 Patch5:         clamav-fix_newer_zlib.patch
+Patch6:         clamav-CVE-2012-6706.patch
 BuildRequires:  systemd
 BuildRequires:  systemd-rpm-macros
 %systemd_requires
@@ -102,6 +104,7 @@
 %patch3 -p1
 %patch4 -p1
 %patch5 -p1
+%patch6
 
 %build
 CFLAGS="-fstack-protector"

++++++ clamav-CVE-2012-6706.patch ++++++
--- libclamunrar/unrarvm.c.orig
+++ libclamunrar/unrarvm.c
@@ -26,6 +26,13 @@
 #include "libclamunrar/unrarvm.h"
 #include "libclamunrar/unrarcmd.h"
 
+/*
+ * Limit maximum number of channels in RAR3 delta filter to some
+ * reasonable value to prevent too slow processing of corrupt archives
+ * with invalid channels number.
+ */
+#define MAX3_UNPACK_CHANNELS 1024
+
 #ifdef RAR_HIGH_DEBUG
 #define rar_dbgmsg printf
 #else
@@ -340,8 +347,8 @@ static void filter_itanium_setbits(unsig
 static void execute_standard_filter(rarvm_data_t *rarvm_data, 
rarvm_standard_filters_t filter_type)
 {
        unsigned char *data, cmp_byte2, cur_byte, *src_data, *dest_data;
-       int i, j, data_size, channels, src_pos, dest_pos, border, width, PosR;
-       int op_type, cur_channel, byte_count, start_pos, pa, pb, pc;
+       int i, j, op_type, cur_channel, byte_count, start_pos, pa, pb, pc;
+       unsigned int data_size, channels, src_pos, dest_pos, border, width, 
PosR;
        unsigned int file_offset, cur_pos, predicted;
        int32_t offset, addr;
        const int file_size=0x1000000;
@@ -426,7 +433,7 @@ static void execute_standard_filter(rarv
                border = data_size*2;
                
                SET_VALUE(FALSE, &rarvm_data->mem[VM_GLOBALMEMADDR+0x20], 
data_size);
-               if ((unsigned int)data_size >= VM_GLOBALMEMADDR/2) {
+               if ((unsigned int)data_size >= VM_GLOBALMEMADDR/2 || channels > 
MAX3_UNPACK_CHANNELS) {
                        break;
                }
                for (cur_channel=0 ; cur_channel < channels ; cur_channel++) {


Reply via email to