diff --git a/clamav-CVE-2012-6706.patch b/clamav-CVE-2012-6706.patch new file mode 100644 index 0000000..2d2deff --- /dev/null +++ b/clamav-CVE-2012-6706.patch @@ -0,0 +1,36 @@ +--- libclamunrar/unrarvm.c.orig ++++ libclamunrar/unrarvm.c +@@ -26,6 +26,13 @@ + #include "libclamunrar/unrarvm.h" + #include "libclamunrar/unrarcmd.h" + ++/* ++ * Limit maximum number of channels in RAR3 delta filter to some ++ * reasonable value to prevent too slow processing of corrupt archives ++ * with invalid channels number. ++ */ ++#define MAX3_UNPACK_CHANNELS 1024 ++ + #ifdef RAR_HIGH_DEBUG + #define rar_dbgmsg printf + #else +@@ -340,8 +347,8 @@ static void filter_itanium_setbits(unsig + static void execute_standard_filter(rarvm_data_t *rarvm_data, rarvm_standard_filters_t filter_type) + { + unsigned char *data, cmp_byte2, cur_byte, *src_data, *dest_data; +- int i, j, data_size, channels, src_pos, dest_pos, border, width, PosR; +- int op_type, cur_channel, byte_count, start_pos, pa, pb, pc; ++ int i, j, op_type, cur_channel, byte_count, start_pos, pa, pb, pc; ++ unsigned int data_size, channels, src_pos, dest_pos, border, width, PosR; + unsigned int file_offset, cur_pos, predicted; + int32_t offset, addr; + const int file_size=0x1000000; +@@ -426,7 +433,7 @@ static void execute_standard_filter(rarv + border = data_size*2; + + SET_VALUE(FALSE, &rarvm_data->mem[VM_GLOBALMEMADDR+0x20], data_size); +- if ((unsigned int)data_size >= VM_GLOBALMEMADDR/2) { ++ if ((unsigned int)data_size >= VM_GLOBALMEMADDR/2 || channels > MAX3_UNPACK_CHANNELS) { + break; + } + for (cur_channel=0 ; cur_channel < channels ; cur_channel++) { diff --git a/clamav.changes b/clamav.changes index 535d09d..0b55fd4 100644 --- a/clamav.changes +++ b/clamav.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Wed Feb 14 12:21:39 UTC 2018 - max@suse.com + +- bsc#1045490, CVE-2012-6706: VMSF_DELTA filter in libclamunrar + allows arbitrary memory write (clamav-CVE-2012-6706.patch). +- Buildrequire curl-devel to enable clamsubmit. + ------------------------------------------------------------------- Tue Feb 13 08:50:55 UTC 2018 - varkoly@suse.com diff --git a/clamav.spec b/clamav.spec index 30ff650..457bab5 100644 --- a/clamav.spec +++ b/clamav.spec @@ -33,6 +33,7 @@ BuildRequires: autoconf BuildRequires: automake BuildRequires: check-devel BuildRequires: libbz2-devel +BuildRequires: libcurl-devel BuildRequires: libopenssl-devel BuildRequires: libtool BuildRequires: libxml2-devel @@ -62,6 +63,7 @@ Patch1: clamav-conf.patch Patch3: clamav-gcc47.patch Patch4: clamav-disable-timestamps.patch Patch5: clamav-fix_newer_zlib.patch +Patch6: clamav-CVE-2012-6706.patch BuildRequires: systemd BuildRequires: systemd-rpm-macros %systemd_requires @@ -102,6 +104,7 @@ that want to make use of libclamav. %patch3 -p1 %patch4 -p1 %patch5 -p1 +%patch6 %build CFLAGS="-fstack-protector"