ClamAV 0.103.8 is a critical patch release with the following fixes:
CVE-2023-20032https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20032: Fixed a possible remote code execution vulnerability in the HFS+ file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue.
CVE-2023-20052https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20052: Fixed a possible remote information leak vulnerability in the DMG file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue.
Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
sudo dnf upgrade --refresh --advisory=FEDORA-2023-3ba365d538
Please login to add feedback.
0 | 3 | Test Case ClamAV |
This update has been submitted for testing by orion.
This update's test gating status has been changed to 'ignored'.
This update has obsoleted clamav-0.103.8-1.fc36, and has inherited its bugs and notes.
Tested. No errors now from the bundled daily.cvd
works for me
for me too
This update has been submitted for stable by bodhi.
This update has been pushed to stable.