stable

clamav-0.102.3-1.fc30

FEDORA-2020-d98d2cbae1 created by orion 4 years ago for Fedora 30

ClamAV 0.102.3 is a bug patch release to address the following issues.

  • CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing module in ClamAV 0.102.2 that could cause a Denial-of-Service (DoS) condition. Improper bounds checking of an unsigned variable results in an out-of-bounds read which causes a crash. Special thanks to Daehui Chang and Fady Othman for helping identify the ARJ parsing vulnerability.
  • CVE-2020-3341: Fix a vulnerability in the PDF parsing module in ClamAV 0.101 - 0.102.2 that could cause a Denial-of-Service (DoS) condition. Improper size checking of a buffer used to initialize AES decryption routines results in an out-of-bounds read which may cause a crash. Bug found by OSS-Fuzz.
  • Fix "Attempt to allocate 0 bytes" error when parsing some PDF documents.
  • Fix a couple of minor memory leaks.

  • Add upstream patch to fix "Attempt to allocate 0 bytes" errors while scanning certain PDFs
  • Do not log freshclam output to syslog by default - creates double entries in the journal (bz#1822012)
  • (#1820069) add try-restart clamav-freshclam.service on logrotate
  • Enable prelude support (bz#1829726)
  • Move /etc/clamd.d/scan.conf to clamav-filesystem

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2020-d98d2cbae1

This update has been submitted for testing by orion.

4 years ago

This update's test gating status has been changed to 'waiting'.

4 years ago

This update's test gating status has been changed to 'ignored'.

4 years ago

This update has obsoleted clamav-0.102.2-9.fc30, and has inherited its bugs and notes.

4 years ago
User Icon rdtcustomercare commented & provided feedback 4 years ago
karma

ClamAV FC30 tested. Works as expected.

BZ#1834910 clamav-0.102.3 is available

This update has been pushed to testing.

4 years ago

orion edited this update.

4 years ago

This update can be pushed to stable now if the maintainer wishes

4 years ago

This update has been submitted for stable by bodhi.

4 years ago

This update has been pushed to stable.

4 years ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
1
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
4 years ago
in testing
4 years ago
in stable
4 years ago
modified
4 years ago
BZ#1820069 freshclam's logrotate settings incorrect because daemon is not restarted/nofitifed
0
0
BZ#1822012 When using the clamav-freshclam.service all log messages are logged twice
0
0
BZ#1829726 ClamAV: Enable Prelude support
0
0
BZ#1834910 clamav-0.102.3 is available
0
1
BZ#1837665 CVE-2020-3327 clamav: heap-based buffer overflow via a crafted ARJ file
0
0
BZ#1837666 CVE-2020-3327 clamav: heap-based buffer overflow via a crafted ARJ file [fedora-all]
0
0
BZ#1837669 CVE-2020-3341 clamav: stack-based buffer overflow via a crafted PDF file
0
0
BZ#1837672 CVE-2020-3341 clamav: stack-based buffer overflow via a crafted PDF file [fedora-all]
0
0

Automated Test Results

Test Cases

0 0 Test Case ClamAV