stable

clamav-1.0.5-1.fc38

FEDORA-2024-c42cf0e576 created by orion 3 months ago for Fedora 38

Update to 1.0.5

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2024-c42cf0e576

This update has been submitted for testing by orion.

3 months ago

This update's test gating status has been changed to 'ignored'.

3 months ago

This update has been pushed to testing.

3 months ago
User Icon kimbisgaard commented & provided feedback 3 months ago
karma

Thanks!

User Icon mschwarz commented & provided feedback 3 months ago
karma

The Testcase scenario can not work anymore, so it failed the test technically:

]# cat eicar.com

<title>301 Moved Permanently</title>

Moved Permanently

The document has moved here.

They switched to HTTPS ONLY , BUT FAILED miserable : # curl -i https://www.eicar.org/download/eicar.com HTTP/1.1 301 Moved Permanently Date: Mon, 12 Feb 2024 09:03:33 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Redirect-By: WordPress Set-Cookie: __wpdm_client=6e15870152555d8151f85bd818d4c7a8; path=/; secure; HttpOnly Set-Cookie: PHPSESSID=8e8ufmfd6b5b2pfl0cp4orjlak; path=/ Location: https://www.eicar.org/download/eicar.com/ Strict-Transport-Security: max-age=31536000; includeSubDomains; preload cache-control: public Content-Length: 0 Content-Type: text/html; charset=UTF-8 And if we follow the Location Header, we do not get the eicar file, we get a wordpress website, an another one, until.. we end up here: curl -O "https://secure.eicar.org/eicar.com" that works. clamscan needs around 20 Seconds to load the database.. on a not so old server cpu.. EICAR TEST PASSED.
Test Case ClamAV

This update can be pushed to stable now if the maintainer wishes

3 months ago
User Icon rdtcustomercare commented & provided feedback 3 months ago
karma

EMERGENCY PUSH TO STABLE!

1 CVE CVE-2024-20328 => RCE 1 CVE CVE-2024-20290 => DOS

This update has been submitted for stable by bodhi.

3 months ago

This update has been pushed to stable.

3 months ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
3
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
3 months ago
in testing
3 months ago
in stable
3 months ago
approved
3 months ago
BZ#2263266 TRIAGE CVE-2024-20328 clamav: command injection vulnerability in the "VirusEvent" feature of ClamD service [fedora-all]
0
0
BZ#2263268 TRIAGE CVE-2024-20290 clamav: heap overflow read bug in the OLE2 file parser may lead to DoS [fedora-all]
0
0

Automated Test Results

Test Cases

-1 0 Test Case ClamAV