ClamAV 0.102.3 is a bug patch release to address the following issues.
CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing module in ClamAV 0.102.2 that could cause a Denial-of-Service (DoS) condition. Improper bounds checking of an unsigned variable results in an out-of-bounds read which causes a crash.
Special thanks to Daehui Chang and Fady Othman for helping identify the ARJ parsing vulnerability.
CVE-2020-3341: Fix a vulnerability in the PDF parsing module in ClamAV 0.101 - 0.102.2 that could cause a Denial-of-Service (DoS) condition. Improper size checking of a buffer used to initialize AES decryption routines results in an out-of-bounds read which may cause a crash. Bug found by OSS-Fuzz.
Fix "Attempt to allocate 0 bytes" error when parsing some PDF documents.
Fix a couple of minor memory leaks.
Add upstream patch to fix "Attempt to allocate 0 bytes" errors while scanning
Do not log freshclam output to syslog by default - creates double entries
in the journal (bz#1822012)
(#1820069) add try-restart clamav-freshclam.service on logrotate
Enable prelude support (bz#1829726)
Move /etc/clamd.d/scan.conf to clamav-filesystem
Add patch to build with EL7 libcurl - re-enable on-access scanning