stable

clamav-0.102.3-1.fc31

FEDORA-2020-b0acd7b66e created by orion 5 years ago for Fedora 31

ClamAV 0.102.3 is a bug patch release to address the following issues.

  • CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing module in ClamAV 0.102.2 that could cause a Denial-of-Service (DoS) condition. Improper bounds checking of an unsigned variable results in an out-of-bounds read which causes a crash. Special thanks to Daehui Chang and Fady Othman for helping identify the ARJ parsing vulnerability.
  • CVE-2020-3341: Fix a vulnerability in the PDF parsing module in ClamAV 0.101 - 0.102.2 that could cause a Denial-of-Service (DoS) condition. Improper size checking of a buffer used to initialize AES decryption routines results in an out-of-bounds read which may cause a crash. Bug found by OSS-Fuzz.
  • Fix "Attempt to allocate 0 bytes" error when parsing some PDF documents.
  • Fix a couple of minor memory leaks.
  • Add upstream patch to fix "Attempt to allocate 0 bytes" errors while scanning certain PDFs
  • Do not log freshclam output to syslog by default - creates double entries in the journal (bz#1822012)
  • (#1820069) add try-restart clamav-freshclam.service on logrotate
  • Enable prelude support (bz#1829726)
  • Move /etc/clamd.d/scan.conf to clamav-filesystem

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2020-b0acd7b66e

This update has been submitted for testing by orion.

5 years ago

This update's test gating status has been changed to 'waiting'.

5 years ago

This update's test gating status has been changed to 'ignored'.

5 years ago

This update has obsoleted clamav-0.102.2-9.fc31, and has inherited its bugs and notes.

5 years ago

This update has been pushed to testing.

5 years ago
User Icon kimbisgaard commented & provided feedback 5 years ago
karma

Thanks!

BZ#1834910 clamav-0.102.3 is available

orion edited this update.

5 years ago

This update can be pushed to stable now if the maintainer wishes

5 years ago

This update has been submitted for stable by bodhi.

5 years ago

This update has been pushed to stable.

5 years ago

Please log in to add feedback.

Metadata
Type
security
Severity
medium
Karma
1
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
5 years ago
in testing
5 years ago
in stable
5 years ago
modified
5 years ago
Builds
1
clamav-0.102.3-1.fc31
BZ#1820069 freshclam's logrotate settings incorrect because daemon is not restarted/nofitifed
0
0
BZ#1822012 When using the clamav-freshclam.service all log messages are logged twice
0
0
BZ#1829726 ClamAV: Enable Prelude support
0
0
BZ#1834910 clamav-0.102.3 is available
0
1
BZ#1837665 CVE-2020-3327 clamav: heap-based buffer overflow via a crafted ARJ file
0
0
BZ#1837666 CVE-2020-3327 clamav: heap-based buffer overflow via a crafted ARJ file [fedora-all]
0
0
BZ#1837669 CVE-2020-3341 clamav: stack-based buffer overflow via a crafted PDF file
0
0
BZ#1837672 CVE-2020-3341 clamav: stack-based buffer overflow via a crafted PDF file [fedora-all]
0
0
clamav-0.102.3-1.fc31

Automated Test Results

Test Cases
0 0 Test Case ClamAV

Copyright © 2007-2025 Red Hat, Inc. and others.

Running bodhi-server 25.5.1 on bodhi-web-181-phpnd.

bodhi is Free Software. Please file issues if you have any problems. Read the documentation.

Composes Legal Privacy policy