FEDORA-EPEL-2019-9c8cf7e4be created by robert 7 months ago for Fedora EPEL 6
stable

ClamAV 0.100.3

ClamAV 0.100.3 is a patch release to address a few security related bugs.

This patch release is being released alongside the 0.101.2 patch so that users who are unable to upgrade to 0.101 due to libclamav API changes are protected.

The bug fixes in this release are limited to security-related bugs only. Users are encouraged to upgrade to 0.101.2 for additional improvements.

  • Fixes for the following vulnerabilities:
  • CVE-2019-1787: An out-of-bounds heap read condition may occur when scanning PDF documents. The defect is a failure to correctly keep track of the number of bytes remaining in a buffer when indexing file data.
  • CVE-2019-1789: An out-of-bounds heap read condition may occur when scanning PE files (i.e. Windows EXE and DLL files) that have been packed using Aspack as a result of inadequate bound-checking.
  • CVE-2019-1788: An out-of-bounds heap write condition may occur when scanning OLE2 files such as Microsoft Office 97-2003 documents. The invalid write happens when an invalid pointer is mistakenly used to initialize a 32bit integer to zero. This is likely to crash the application.

Thank you to the Google OSS-Fuzz project for identifying and reporting the bugs patched in this release.

This update has been submitted for testing by robert. 7 months ago
robert edited this update. 7 months ago
This update has been pushed to testing. 7 months ago
sergiomb edited this update. 7 months ago
User Icon kwizart provided feedback 7 months ago
karma
This update has been submitted for batched by bodhi. 7 months ago
This update has been submitted for stable by bodhi. 7 months ago
This update has been pushed to stable. 7 months ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
1
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
1
Dates
submitted
7 months ago
in testing
7 months ago
in stable
7 months ago
modified
7 months ago
BZ#1694098 Update clamav to current version
0
0
BZ#1696106 CVE-2019-1787 clamav: out-of-bounds heap read when scanning PDF documents
0
0
BZ#1696110 CVE-2019-1789 clamav: out-of-bounds heap read when scanning PE files
0
0
BZ#1696116 CVE-2019-1788 clamav: out-of-bounds heap write when scanning OLE2 files
0
0
BZ#1696146 CVE-2019-1785 CVE-2019-1786 CVE-2019-1787 CVE-2019-1788 CVE-2019-1789 CVE-2019-1798 clamav: various flaws [epel-all]
0
0
BZ#1696391 push 0.101.2 to stable now.. to fix RCE vulnerability in < 0.101.2
0
0

Automated Test Results

Test Cases

0 0 Test Case ClamAV