... | ... |
@@ -1,3 +1,35 @@ |
1 |
+ |
|
2 |
+Tue Dec 16 16:21:40 2014 EDT (swebb) |
|
3 |
+------------------------------------- |
|
4 |
+bb#11215 - Change a variable to be an unsigned int to compensate for |
|
5 |
+ compiler optimization issue with crafted petite file. Fix |
|
6 |
+ suggested by Sebastian Andrzej Siewior. |
|
7 |
+ |
|
8 |
+Fri Dec 12 14:33:41 2014 EDT (klin) |
|
9 |
+----------------------------------- |
|
10 |
+Added missing break statements(FireAmp #12710) to correct handling of |
|
11 |
+ prescan callback return code. |
|
12 |
+ |
|
13 |
+Fri Dec 5 15:26:06 2014 EDT (smorgan) |
|
14 |
+------------------------------------- |
|
15 |
+bb#11216 - add boundary checks for fuzzed upack file. This issue |
|
16 |
+ was reported by Sebastian Andrzej Siewior. CVE-2014-9328. |
|
17 |
+ |
|
18 |
+Thu Dec 4 18:29:17 2014 EDT (klin) |
|
19 |
+----------------------------------- |
|
20 |
+bb#11212 - fixed section boundary mismatch in MEW unpacker. This issue |
|
21 |
+ was identified by Felix Groebert of the Google Security Team. |
|
22 |
+ |
|
23 |
+Thu Dec 4 08:43:43 2014 EDT (swebb) |
|
24 |
+------------------------------------- |
|
25 |
+bb#11213 - Enforce bounds checking before integer overflow in upx files. |
|
26 |
+ This issue was reported by Kevin Szkudlapski of Quarkslab. |
|
27 |
+ |
|
28 |
+Tue Dec 2 15:15:55 2014 EDT (swebb) |
|
29 |
+------------------------------------- |
|
30 |
+bb#11210: Apply a basic fix for y0da crafted file. This issue was |
|
31 |
+ identified by Felix Groebert of the Google Security Team. |
|
32 |
+ |
|
1 | 33 |
Fri, 21 Nov 2014 15:55:12 EDT (swebb) |
2 | 34 |
------------------------------------- |
3 | 35 |
bb#11194: Include OpenSSL's headers after the local headers |
... | ... |
@@ -7,6 +7,30 @@ ClamAV 0.98.6 is a bug fix release correcting the following: |
7 | 7 |
- installation issues on some Mac OS X and FreeBSD platforms. |
8 | 8 |
- includes a patch from Sebastian Andrzej Siewior making |
9 | 9 |
ClamAV pid files compatible with systemd. |
10 |
+ - Fix a heap out of bounds condition with crafted Yoda's |
|
11 |
+ crypter files. This issue was discovered by Felix Groebert |
|
12 |
+ of the Google Security Team. |
|
13 |
+ - Fix a heap out of bounds condition with crafted mew packer |
|
14 |
+ files. This issue was discovered by Felix Groebert of the |
|
15 |
+ Google Security Team. |
|
16 |
+ - Fix a heap out of bounds condition with crafted upx packer |
|
17 |
+ files. This issue was discovered by Kevin Szkudlapski of |
|
18 |
+ Quarkslab. |
|
19 |
+ - Fix a heap out of bounds condition with crafted upack packer |
|
20 |
+ files. This issue was discovered by Sebastian Andrzej Siewior. |
|
21 |
+ CVE-2014-9328. |
|
22 |
+ - Compensate a crash due to incorrect compiler optimization when |
|
23 |
+ handling crafted petite packer files. This issue was discovered |
|
24 |
+ by Sebastian Andrzej Siewior. |
|
25 |
+ |
|
26 |
+Thanks to the following ClamAV community members for code submissions |
|
27 |
+and bug reporting included in ClamAV 0.98.6: |
|
28 |
+ |
|
29 |
+Sebastian Andrzej Siewior |
|
30 |
+Felix Groebert |
|
31 |
+Kevin Szkudlapski |
|
32 |
+Mark Pizzolato |
|
33 |
+Daniel J. Luke |
|
10 | 34 |
|
11 | 35 |
-- |
12 | 36 |
The ClamAV team (http://www.clamav.net/about.html#credits) |
... | ... |
@@ -7,11 +7,34 @@ here may not be available in binary packages. |
7 | 7 |
|
8 | 8 |
ClamAV 0.98.6 is a bug fix release correcting the following: |
9 | 9 |
|
10 |
- - library shared object revisions. |
|
11 |
- - installation issues on some Mac OS X and FreeBSD platforms. |
|
12 |
- - includes a patch from Sebastian Andrzej Siewior making |
|
13 |
- ClamAV pid files compatible with systemd. |
|
10 |
+ - library shared object revisions. |
|
11 |
+ - installation issues on some Mac OS X and FreeBSD platforms. |
|
12 |
+ - includes a patch from Sebastian Andrzej Siewior making |
|
13 |
+ ClamAV pid files compatible with systemd. |
|
14 |
+ - Fix a heap out of bounds condition with crafted Yoda's |
|
15 |
+ crypter files. This issue was discovered by Felix Groebert |
|
16 |
+ of the Google Security Team. |
|
17 |
+ - Fix a heap out of bounds condition with crafted mew packer |
|
18 |
+ files. This issue was discovered by Felix Groebert of the |
|
19 |
+ Google Security Team. |
|
20 |
+ - Fix a heap out of bounds condition with crafted upx packer |
|
21 |
+ files. This issue was discovered by Kevin Szkudlapski of |
|
22 |
+ Quarkslab. |
|
23 |
+ - Fix a heap out of bounds condition with crafted upack packer |
|
24 |
+ files. This issue was discovered by Sebastian Andrzej Siewior. |
|
25 |
+ CVE-2014-9328. |
|
26 |
+ - Compensate a crash due to incorrect compiler optimization when |
|
27 |
+ handling crafted petite packer files. This issue was discovered |
|
28 |
+ by Sebastian Andrzej Siewior. |
|
29 |
+ |
|
30 |
+Thanks to the following ClamAV community members for code submissions |
|
31 |
+and bug reporting included in ClamAV 0.98.6: |
|
14 | 32 |
|
33 |
+Sebastian Andrzej Siewior |
|
34 |
+Felix Groebert |
|
35 |
+Kevin Szkudlapski |
|
36 |
+Mark Pizzolato |
|
37 |
+Daniel J. Luke |
|
15 | 38 |
|
16 | 39 |
0.98.5 |
17 | 40 |
------ |