On Mon, Nov 13, 2017 at 02:44:14PM +0000, Sérgio Basto wrote:
> On Mon, 2017-11-13 at 14:25 +0000, Richard W.M. Jones wrote:
> > (Thanks to Patrick for bringing this issue to my attention.)
> >
> > American Fuzzy Lop ("afl", Fedora package american-fuzzy-lop) is an
> > instrumentation-driven fuzzer for binary formats. ClamAV is a
> > (Windows?) virus scanner.
> >
> > Afl's documentation comes with some demonstration vulerabilities
> > found
> > by afl. These are shipped in the source tarball and SRPM and also
> > installed as a %doc section in the binary
> > (/usr/share/doc/american-fuzzy-lop/vuln_samples/).
> >
> > Unfortunately some of these samples trigger ClamAV
> > "Win.Exploit.CVE_2015_0076-1 FOUND".
> >
> > In this particular case it appears to be one or more of these files:
> >
> > jxrlib-crash2.jxr
> > jxrlib-crash3.jxr
> > jxrlib-crash4.jxr
> > jxrlib-crash.jxr
> > msie-jxr-mem-leak.jxr
> >
> > which contain a badly formatted JPEG XR file that triggered a mild
> > CVE
> > in Windows:
> >
> > https://technet.microsoft.com/en-us/library/security/ms15-029.aspx
> >
> > (so this is not a false positive or over-active virus scanner).
> >
> > I'm inclined to ignore this and point people to this posting if there
> > are any bugs filed. But maybe there is some Fedora policy which
> > applies here?
>
> I'm the clamav packager maintainer is anything related with this 2
> CVE(s) [1] ?
No I don't think so. It's not an exploit in ClamAV, it's an exploit
in Windows that ClamAV is identifying (correctly).
Rich.
> I was waiting for a new stable release .
>
> Thanks,
>
> [1]
> https://bugzilla.redhat.com/show_bug.cgi?id=1483911
> https://bugzilla.redhat.com/show_bug.cgi?id=1472778
>
> > Rich.
> >
> > --
> > Richard Jones, Virtualization Group, Red Hat http://people.redhat.com
> > /~rjones
> > Read my programming and virtualization blog: http://rwmj.wordpress.co
> > m
> > virt-df lists disk usage of guests without needing to install any
> > software inside the virtual machine. Supports Linux and Windows.
> > http://people.redhat.com/~rjones/virt-df/
> > _______________________________________________
> > devel mailing list -- [email protected]
> > To unsubscribe send an email to [email protected]
> --
> Sérgio M. B.
> _______________________________________________
> devel mailing list -- [email protected]
> To unsubscribe send an email to [email protected]
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-df lists disk usage of guests without needing to install any
software inside the virtual machine. Supports Linux and Windows.
http://people.redhat.com/~rjones/virt-df/
_______________________________________________
devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
