FEDORA-2024-e8f7a74693 — security update for clamav

stable

clamav-1.0.7-1.fc40

FEDORA-2024-e8f7a74693 created by orion 6 months ago for Fedora 40

Update to 1.0.7

CVE-2024-20506: Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the 'clamd' or 'freshclam' services from using a symlink to corrupt system files.
CVE-2024-20505: Fixed a possible out-of-bounds read bug in the PDF file parser that could cause a denial-of-service (DoS) condition.

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2024-e8f7a74693

This update has been submitted for testing by orion.

6 months ago

This update's test gating status has been changed to 'ignored'.

6 months ago

orion edited this update.

6 months ago

This update has been pushed to testing.

6 months ago

bojan commented & provided feedback 6 months ago

karma

Works.

This update has been submitted for stable by bodhi.

6 months ago

This update has been pushed to stable.

6 months ago

Please login to add feedback.

Metadata

Type

security

Severity

medium

Karma

Signed

Content Type

RPM

Test Gating

ignored

Autopush Settings

Unstable by Karma

-3

Stable by Karma

Stable by Time

7 days

Dates

submitted

6 months ago

in testing

6 months ago

in stable

6 months ago

modified

6 months ago

approved

6 months ago

Builds

clamav-1.0.7-1.fc40

BZ#2310067 CVE-2024-20506 clamav: ClamD process writes to log file while privileged without checking if its been replaced with a symlink [fedora-40]

BZ#2310073 CVE-2024-20505 clamav: out-of-bounds read bug in the PDF file parser [fedora-40]

clamav-1.0.7-1.fc40

Automated Test Results

ignored

Test Cases


0	0	Test Case ClamAV