FEDORA-EPEL-2020-765ceaa306 created by orion 3 months ago for Fedora EPEL 8
stable

ClamAV 0.102.3 is a bug patch release to address the following issues.

  • CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing module in ClamAV 0.102.2 that could cause a Denial-of-Service (DoS) condition. Improper bounds checking of an unsigned variable results in an out-of-bounds read which causes a crash. Special thanks to Daehui Chang and Fady Othman for helping identify the ARJ parsing vulnerability.
  • CVE-2020-3341: Fix a vulnerability in the PDF parsing module in ClamAV 0.101 - 0.102.2 that could cause a Denial-of-Service (DoS) condition. Improper size checking of a buffer used to initialize AES decryption routines results in an out-of-bounds read which may cause a crash. Bug found by OSS-Fuzz.
  • Fix "Attempt to allocate 0 bytes" error when parsing some PDF documents.
  • Fix a couple of minor memory leaks.

  • Add upstream patch to fix "Attempt to allocate 0 bytes" errors while scanning certain PDFs
  • Do not log freshclam output to syslog by default - creates double entries in the journal (bz#1822012)
  • (#1820069) add try-restart clamav-freshclam.service on logrotate
  • Enable prelude support (bz#1829726)
  • Move /etc/clamd.d/scan.conf to clamav-filesystem
  • Add patch to build with EL7 libcurl - re-enable on-access scanning (bz#1820395)

This update has been submitted for testing by orion.

3 months ago

This update's test gating status has been changed to 'waiting'.

3 months ago

This update's test gating status has been changed to 'ignored'.

3 months ago

This update has obsoleted clamav-0.102.2-9.el8, and has inherited its bugs and notes.

3 months ago

This update has been pushed to testing.

3 months ago

orion edited this update.

3 months ago

This update can be pushed to stable now if the maintainer wishes

3 months ago

This update has been submitted for stable by bodhi.

3 months ago

This update has been pushed to stable.

3 months ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
14 days
Dates
submitted
3 months ago
in testing
3 months ago
in stable
3 months ago
modified
3 months ago
BZ#1820069 freshclam's logrotate settings incorrect because daemon is not restarted/nofitifed
0
0
BZ#1820395 Clamav OnAccessScanning disabled
0
0
BZ#1822012 When using the clamav-freshclam.service all log messages are logged twice
0
0
BZ#1829726 ClamAV: Enable Prelude support
0
0
BZ#1834910 clamav-0.102.3 is available
0
0
BZ#1837665 CVE-2020-3327 clamav: heap-based buffer overflow via a crafted ARJ file
0
0
BZ#1837667 CVE-2020-3327 clamav: heap-based buffer overflow via a crafted ARJ file [epel-all]
0
0
BZ#1837669 CVE-2020-3341 clamav: stack-based buffer overflow via a crafted PDF file
0
0
BZ#1837671 CVE-2020-3341 clamav: stack-based buffer overflow via a crafted PDF file [epel-all]
0
0

Automated Test Results

Test Cases

0 0 Test Case ClamAV