ClamAV 0.103.8 is a critical patch release with the following fixes:
CVE-2023-20032https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20032: Fixed a possible remote code execution vulnerability in the HFS+ file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue.
CVE-2023-20052https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20052: Fixed a possible remote information leak vulnerability in the DMG file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue.
Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
sudo dnf upgrade --refresh --advisory=FEDORA-2023-d686b8d48f
Please login to add feedback.
0 | 0 | Test Case ClamAV |
This update has been submitted for testing by orion.
This update's test gating status has been changed to 'ignored'.
Thanks!
orion edited this update.
This update has been pushed to testing.
This update can be pushed to stable now if the maintainer wishes
Works great! LGTM! =)
This update has been submitted for stable by bodhi.
This update has been pushed to stable.