Browse code
0.98.6 README, NEWS, and Changelog.
Steven Morgan authored on 2014/12/16 16:24:49Showing 3 changed files
| ... | ... |
@@ -1,3 +1,35 @@ |
| 1 |
+ |
|
| 2 |
+Tue Dec 16 16:21:40 2014 EDT (swebb) |
|
| 3 |
+------------------------------------- |
|
| 4 |
+bb#11215 - Change a variable to be an unsigned int to compensate for |
|
| 5 |
+ compiler optimization issue with crafted petite file. Fix |
|
| 6 |
+ suggested by Sebastian Andrzej Siewior. |
|
| 7 |
+ |
|
| 8 |
+Fri Dec 12 14:33:41 2014 EDT (klin) |
|
| 9 |
+----------------------------------- |
|
| 10 |
+Added missing break statements(FireAmp #12710) to correct handling of |
|
| 11 |
+ prescan callback return code. |
|
| 12 |
+ |
|
| 13 |
+Fri Dec 5 15:26:06 2014 EDT (smorgan) |
|
| 14 |
+------------------------------------- |
|
| 15 |
+bb#11216 - add boundary checks for fuzzed upack file. This issue |
|
| 16 |
+ was reported by Sebastian Andrzej Siewior. CVE-2014-9328. |
|
| 17 |
+ |
|
| 18 |
+Thu Dec 4 18:29:17 2014 EDT (klin) |
|
| 19 |
+----------------------------------- |
|
| 20 |
+bb#11212 - fixed section boundary mismatch in MEW unpacker. This issue |
|
| 21 |
+ was identified by Felix Groebert of the Google Security Team. |
|
| 22 |
+ |
|
| 23 |
+Thu Dec 4 08:43:43 2014 EDT (swebb) |
|
| 24 |
+------------------------------------- |
|
| 25 |
+bb#11213 - Enforce bounds checking before integer overflow in upx files. |
|
| 26 |
+ This issue was reported by Kevin Szkudlapski of Quarkslab. |
|
| 27 |
+ |
|
| 28 |
+Tue Dec 2 15:15:55 2014 EDT (swebb) |
|
| 29 |
+------------------------------------- |
|
| 30 |
+bb#11210: Apply a basic fix for y0da crafted file. This issue was |
|
| 31 |
+ identified by Felix Groebert of the Google Security Team. |
|
| 32 |
+ |
|
| 1 | 33 |
Fri, 21 Nov 2014 15:55:12 EDT (swebb) |
| 2 | 34 |
------------------------------------- |
| 3 | 35 |
bb#11194: Include OpenSSL's headers after the local headers |
| ... | ... |
@@ -7,6 +7,30 @@ ClamAV 0.98.6 is a bug fix release correcting the following: |
| 7 | 7 |
- installation issues on some Mac OS X and FreeBSD platforms. |
| 8 | 8 |
- includes a patch from Sebastian Andrzej Siewior making |
| 9 | 9 |
ClamAV pid files compatible with systemd. |
| 10 |
+ - Fix a heap out of bounds condition with crafted Yoda's |
|
| 11 |
+ crypter files. This issue was discovered by Felix Groebert |
|
| 12 |
+ of the Google Security Team. |
|
| 13 |
+ - Fix a heap out of bounds condition with crafted mew packer |
|
| 14 |
+ files. This issue was discovered by Felix Groebert of the |
|
| 15 |
+ Google Security Team. |
|
| 16 |
+ - Fix a heap out of bounds condition with crafted upx packer |
|
| 17 |
+ files. This issue was discovered by Kevin Szkudlapski of |
|
| 18 |
+ Quarkslab. |
|
| 19 |
+ - Fix a heap out of bounds condition with crafted upack packer |
|
| 20 |
+ files. This issue was discovered by Sebastian Andrzej Siewior. |
|
| 21 |
+ CVE-2014-9328. |
|
| 22 |
+ - Compensate a crash due to incorrect compiler optimization when |
|
| 23 |
+ handling crafted petite packer files. This issue was discovered |
|
| 24 |
+ by Sebastian Andrzej Siewior. |
|
| 25 |
+ |
|
| 26 |
+Thanks to the following ClamAV community members for code submissions |
|
| 27 |
+and bug reporting included in ClamAV 0.98.6: |
|
| 28 |
+ |
|
| 29 |
+Sebastian Andrzej Siewior |
|
| 30 |
+Felix Groebert |
|
| 31 |
+Kevin Szkudlapski |
|
| 32 |
+Mark Pizzolato |
|
| 33 |
+Daniel J. Luke |
|
| 10 | 34 |
|
| 11 | 35 |
-- |
| 12 | 36 |
The ClamAV team (http://www.clamav.net/about.html#credits) |
| ... | ... |
@@ -7,11 +7,34 @@ here may not be available in binary packages. |
| 7 | 7 |
|
| 8 | 8 |
ClamAV 0.98.6 is a bug fix release correcting the following: |
| 9 | 9 |
|
| 10 |
- - library shared object revisions. |
|
| 11 |
- - installation issues on some Mac OS X and FreeBSD platforms. |
|
| 12 |
- - includes a patch from Sebastian Andrzej Siewior making |
|
| 13 |
- ClamAV pid files compatible with systemd. |
|
| 10 |
+ - library shared object revisions. |
|
| 11 |
+ - installation issues on some Mac OS X and FreeBSD platforms. |
|
| 12 |
+ - includes a patch from Sebastian Andrzej Siewior making |
|
| 13 |
+ ClamAV pid files compatible with systemd. |
|
| 14 |
+ - Fix a heap out of bounds condition with crafted Yoda's |
|
| 15 |
+ crypter files. This issue was discovered by Felix Groebert |
|
| 16 |
+ of the Google Security Team. |
|
| 17 |
+ - Fix a heap out of bounds condition with crafted mew packer |
|
| 18 |
+ files. This issue was discovered by Felix Groebert of the |
|
| 19 |
+ Google Security Team. |
|
| 20 |
+ - Fix a heap out of bounds condition with crafted upx packer |
|
| 21 |
+ files. This issue was discovered by Kevin Szkudlapski of |
|
| 22 |
+ Quarkslab. |
|
| 23 |
+ - Fix a heap out of bounds condition with crafted upack packer |
|
| 24 |
+ files. This issue was discovered by Sebastian Andrzej Siewior. |
|
| 25 |
+ CVE-2014-9328. |
|
| 26 |
+ - Compensate a crash due to incorrect compiler optimization when |
|
| 27 |
+ handling crafted petite packer files. This issue was discovered |
|
| 28 |
+ by Sebastian Andrzej Siewior. |
|
| 29 |
+ |
|
| 30 |
+Thanks to the following ClamAV community members for code submissions |
|
| 31 |
+and bug reporting included in ClamAV 0.98.6: |
|
| 14 | 32 |
|
| 33 |
+Sebastian Andrzej Siewior |
|
| 34 |
+Felix Groebert |
|
| 35 |
+Kevin Szkudlapski |
|
| 36 |
+Mark Pizzolato |
|
| 37 |
+Daniel J. Luke |
|
| 15 | 38 |
|
| 16 | 39 |
0.98.5 |
| 17 | 40 |
------ |