FEDORA-2020-bca44487a1 created by orion 5 months ago for Fedora 32
stable

ClamAV 0.102.3 is a bug patch release to address the following issues.

  • CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing module in ClamAV 0.102.2 that could cause a Denial-of-Service (DoS) condition. Improper bounds checking of an unsigned variable results in an out-of-bounds read which causes a crash. Special thanks to Daehui Chang and Fady Othman for helping identify the ARJ parsing vulnerability.
  • CVE-2020-3341: Fix a vulnerability in the PDF parsing module in ClamAV 0.101 - 0.102.2 that could cause a Denial-of-Service (DoS) condition. Improper size checking of a buffer used to initialize AES decryption routines results in an out-of-bounds read which may cause a crash. Bug found by OSS-Fuzz.
  • Fix "Attempt to allocate 0 bytes" error when parsing some PDF documents.
  • Fix a couple of minor memory leaks.

  • Add upstream patch to fix "Attempt to allocate 0 bytes" errors while scanning certain PDFs
  • Do not log freshclam output to syslog by default - creates double entries in the journal (bz#1822012)
  • (#1820069) add try-restart clamav-freshclam.service on logrotate
  • Enable prelude support (bz#1829726)
  • Move /etc/clamd.d/scan.conf to clamav-filesystem

How to install

sudo dnf upgrade --advisory=FEDORA-2020-bca44487a1

This update has been submitted for testing by orion.

5 months ago

This update's test gating status has been changed to 'waiting'.

5 months ago

This update's test gating status has been changed to 'ignored'.

5 months ago

This update has obsoleted clamav-0.102.2-9.fc32, and has inherited its bugs and notes.

5 months ago

This update has been pushed to testing.

5 months ago
User Icon bojan commented & provided feedback 5 months ago
karma

Works.

orion edited this update.

5 months ago

This update can be pushed to stable now if the maintainer wishes

5 months ago

This update has been submitted for stable by bodhi.

5 months ago

This update has been pushed to stable.

5 months ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
1
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
5 months ago
in testing
5 months ago
in stable
5 months ago
modified
5 months ago
BZ#1820069 freshclam's logrotate settings incorrect because daemon is not restarted/nofitifed
0
0
BZ#1822012 When using the clamav-freshclam.service all log messages are logged twice
0
0
BZ#1829726 ClamAV: Enable Prelude support
0
0
BZ#1834910 clamav-0.102.3 is available
0
0
BZ#1837665 CVE-2020-3327 clamav: heap-based buffer overflow via a crafted ARJ file
0
0
BZ#1837666 CVE-2020-3327 clamav: heap-based buffer overflow via a crafted ARJ file [fedora-all]
0
0
BZ#1837669 CVE-2020-3341 clamav: stack-based buffer overflow via a crafted PDF file
0
0
BZ#1837672 CVE-2020-3341 clamav: stack-based buffer overflow via a crafted PDF file [fedora-all]
0
0

Automated Test Results

Test Cases

0 0 Test Case ClamAV