ClamAV 0.101.5 is a security patch release that addresses the following issues.
CVE-2019-15961: A Denial-of-Service (DoS) vulnerability may occur when scanning a specially crafted email file as a result of excessively long scan times. The issue is resolved by implementing several maximums in parsing MIME messages and by optimizing use of memory allocation.
Added the zip scanning improvements found in v0.102.0 where it scans files using zip records from a sorted catalogue which provides deduplication of file records resulting in faster extraction and scan time and reducing the likelihood of alerting on non-malicious duplicate file entries as overlapping files.
Signature load time is significantly reduced by changing to a more efficient algorithm for loading signature patterns and allocating the AC trie. Patch courtesy of Alberto Wu.
Introduced a new configure option to statically link libjson-c with libclamav. Static linking with libjson is highly recommended to prevent crashes in applications that use libclamav alongside another JSON parsing library.
Null-dereference fix in email parser when using the --gen-json metadata option.
Add TimeoutStartSec=420 to clamd@.service to match upstream
This update has been submitted for testing by orion.
This update's test gating status has been changed to 'waiting'.
This update has obsoleted clamav-0.101.4-2.fc29, and has inherited its bugs and notes.
This update's test gating status has been changed to 'ignored'.
This update has been pushed to testing.
This update is marked obsolete because the F29 release is archived.