FEDORA-EPEL-2020-235a51a239 created by orion 11 months ago for Fedora EPEL 7
stable

ClamAV 0.102.3 is a bug patch release to address the following issues.

  • CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing module in ClamAV 0.102.2 that could cause a Denial-of-Service (DoS) condition. Improper bounds checking of an unsigned variable results in an out-of-bounds read which causes a crash. Special thanks to Daehui Chang and Fady Othman for helping identify the ARJ parsing vulnerability.
  • CVE-2020-3341: Fix a vulnerability in the PDF parsing module in ClamAV 0.101 - 0.102.2 that could cause a Denial-of-Service (DoS) condition. Improper size checking of a buffer used to initialize AES decryption routines results in an out-of-bounds read which may cause a crash. Bug found by OSS-Fuzz.
  • Fix "Attempt to allocate 0 bytes" error when parsing some PDF documents.
  • Fix a couple of minor memory leaks.

  • Add upstream patch to fix "Attempt to allocate 0 bytes" errors while scanning certain PDFs
  • Do not log freshclam output to syslog by default - creates double entries in the journal (bz#1822012)
  • (#1820069) add try-restart clamav-freshclam.service on logrotate
  • Enable prelude support (bz#1829726)
  • Move /etc/clamd.d/scan.conf to clamav-filesystem
  • Add patch to build with EL7 libcurl - re-enable on-access scanning (bz#1820395)

This update has been submitted for testing by orion.

11 months ago

This update's test gating status has been changed to 'waiting'.

11 months ago

This update's test gating status has been changed to 'ignored'.

11 months ago

This update has obsoleted clamav-0.102.2-9.el7, and has inherited its bugs and notes.

11 months ago

This update has been pushed to testing.

11 months ago

orion edited this update.

11 months ago

This update can be pushed to stable now if the maintainer wishes

11 months ago

This update has been submitted for stable by bodhi.

11 months ago

This update has been pushed to stable.

11 months ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
14 days
Dates
submitted
11 months ago
in testing
11 months ago
in stable
11 months ago
modified
11 months ago
BZ#1820069 freshclam's logrotate settings incorrect because daemon is not restarted/nofitifed
0
0
BZ#1820395 Clamav OnAccessScanning disabled
0
0
BZ#1822012 When using the clamav-freshclam.service all log messages are logged twice
0
0
BZ#1829726 ClamAV: Enable Prelude support
0
0
BZ#1834910 clamav-0.102.3 is available
0
0
BZ#1837665 CVE-2020-3327 clamav: heap-based buffer overflow via a crafted ARJ file
0
0
BZ#1837667 CVE-2020-3327 clamav: heap-based buffer overflow via a crafted ARJ file [epel-all]
0
0
BZ#1837669 CVE-2020-3341 clamav: stack-based buffer overflow via a crafted PDF file
0
0
BZ#1837671 CVE-2020-3341 clamav: stack-based buffer overflow via a crafted PDF file [epel-all]
0
0

Automated Test Results

Test Cases

0 0 Test Case ClamAV