ClamAV 0.103.8 is a critical patch release with the following fixes:
CVE-2023-20032https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20032: Fixed a possible remote code execution vulnerability in the HFS+ file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue.
CVE-2023-20052https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20052: Fixed a possible remote information leak vulnerability in the DMG file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue.
Please login to add feedback.
0 | 1 | Test Case ClamAV |
This update has been submitted for testing by orion.
This update's test gating status has been changed to 'ignored'.
orion edited this update.
I've installed this update on a number of members in my email cluster and everything did not explode immediately. Mail is getting scanned and as far as I can tell the relevant patches are in place.
This update has been pushed to testing.
This update can be pushed to stable now if the maintainer wishes
It passes my testing. These updates should probably get pushed out ASAP
This update has been submitted for stable by bodhi.
This update has been pushed to stable.