stable

clamav-0.100.2-2.fc29

FEDORA-2018-847fe2ed61 created by sergiomb 6 years ago for Fedora 29

ClamAV 0.100.2 has been released! This is a patch release to address several vulnerabilities.

Fixes for the following ClamAV vulnerabilities:
    CVE-2018-15378:
        Vulnerability in ClamAV's MEW unpacking feature that could allow an unauthenticated, remote attacker to cause a denial-of-service (DoS) condition on an affected device.
        Reported by Secunia Research at Flexera.
    Fix for a two-byte buffer over-read bug in ClamAV's PDF parsing code.
        Reported by Alex Gaynor.
    Fixes for the following vulnerabilities in bundled third-party libraries:
    CVE-2018-14680:
        An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.
    CVE-2018-14681:
        An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one- or two-byte overwrite.
    CVE-2018-14682:
        An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression. Additionally, 0.100.2 reverted 0.100.1's patch for CVE-2018-14679, and applied libmspack's version of the fix in its place

Other changes:
    Some users have reported freshclam signature update failures as a result of a delay between the time the new signature database content is announced and the time that the content-delivery-network has the content available for download. To mitigate these errors, this patch release includes some modifications to freshclam to make it more lenient, and to reduce the time that freshclam will ignore a mirror when it detects an issue.
    On-Access "Extra Scanning," an opt-in minor feature of OnAccess scanning on Linux systems, has been disabled due to a known issue with resource cleanup OnAccessExtraScanning will be re-enabled in a future release when the issue is resolved. In the mean-time, users who enabled the feature in clamd.conf will see a warning informing them that the feature is not active. For details, click here.

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2018-847fe2ed61

This update has been submitted for testing by sergiomb.

6 years ago

This update has been pushed to testing.

6 years ago

tibbs edited this update.

6 years ago

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

6 years ago

This update has been submitted for batched by sergiomb.

6 years ago

This update has been submitted for stable by bodhi.

6 years ago

This update has been pushed to stable.

6 years ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
disabled
Dates
submitted
6 years ago
in testing
6 years ago
in stable
6 years ago
modified
6 years ago
Builds
1
clamav-0.100.2-2.fc29
BZ#1610735 Clamd logrotate example HUP's wrong process name
0
0
BZ#1635922 clamav-0.100.2 is available
0
0
BZ#1636603 CVE-2018-15378 clamav: denial-of-service in MEW unpacking feature
0
0
clamav-0.100.2-2.fc29

Automated Test Results

Test Cases
0 0 Test Case ClamAV

Copyright © 2007-2025 Red Hat, Inc. and others.

Running bodhi-server 8.3.0 on bodhi-web-177-d7c94.

bodhi is Free Software. Please file issues if you have any problems. Read the documentation.

Composes Legal Privacy policy