Upstream has released version 0.101.5 on November 20: https://blog.clamav.net/2019/11/clamav-01021-and-01015-patches-have.html
Source RPM: (none) => clamav-0.101.4-1.2.mga7Assignee: bugsquad => nicolas.salgueroCVE: (none) => CVE-2019-15961
Whiteboard: (none) => MGA7TOO
Suggested advisory: ======================== The updated packages fix a problem in the configuration of clamav-daemon.socket that leads to freshclam and amavis complaining about not being able to access clamd socket and also fix a security vulnerability: A Denial-of-Service (DoS) vulnerability may occur when scanning a specially crafted email file as a result of excessively long scan times. (CVE-2019-15961) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15961 https://blog.clamav.net/2019/11/clamav-01021-and-01015-patches-have.html https://bugs.mageia.org/show_bug.cgi?id=25096 ======================== Updated packages in core/updates_testing: ======================== clamav-0.101.5-1.mga7 clamd-0.101.5-1.mga7 clamav-milter-0.101.5-1.mga7 clamav-db-0.101.5-1.mga7 lib(64)clamav9-0.101.5-1.mga7 lib(64)clamav-devel-0.101.5-1.mga7 from SRPMS: clamav-0.101.5-1.mga7.src.rpm
Status: NEW => ASSIGNEDVersion: Cauldron => 7Assignee: nicolas.salguero => qa-bugsWhiteboard: MGA7TOO => (none)
The following 7 packages are going to be installed: - clamav-0.101.5-1.mga7.x86_64 - clamav-db-0.101.5-1.mga7.noarch - clamav-milter-0.101.5-1.mga7.x86_64 - clamd-0.101.5-1.mga7.x86_64 - lib64clamav9-0.101.5-1.mga7.x86_64 - lib64milter1.0-8.15.2-7.mga7.x86_64 - lib64mspack0-0.10.1-0.alpha.1.mga7.x86_64 ----- ran #freshclam it performed updates # clamscan -vr ----------- SCAN SUMMARY ----------- Known viruses: 6565044 Engine version: 0.101.5 Scanned directories: 6 Scanned files: 42 Infected files: 0 Data scanned: 77.80 MB Data read: 2293.21 MB (ratio 0.03:1) Time: 42.517 sec (0 m 42 s) [root@linux sf_vmshared]#
CC: (none) => brtians1Whiteboard: (none) => MGA7-64-OK
There are still some packaging issues (in the spec file, the systemd units have a bad name, for instance)
Assignee: qa-bugs => nicolas.salgueroWhiteboard: MGA7-64-OK => (none)
Suggested advisory: ======================== The updated packages fix two packaging problems and a security vulnerability: The first packaging issue, in the configuration of clamav-daemon.socket, leads to freshclam and amavis complaining about not being able to access clamd socket. The second packaging issue, in the names of systemd services, leads to warnigs at the installation/update of clamav and clamd. A Denial-of-Service (DoS) vulnerability may occur when scanning a specially crafted email file as a result of excessively long scan times. (CVE-2019-15961) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15961 https://blog.clamav.net/2019/11/clamav-01021-and-01015-patches-have.html https://bugs.mageia.org/show_bug.cgi?id=25096 ======================== Updated packages in core/updates_testing: ======================== clamav-0.101.5-1.1.mga7 clamd-0.101.5-1.1.mga7 clamav-milter-0.101.5-1.1.mga7 clamav-db-0.101.5-1.1.mga7 lib(64)clamav9-0.101.5-1.1.mga7 lib(64)clamav-devel-0.101.5-1.1.mga7 from SRPMS: clamav-0.101.5-1.1.mga7.src.rpm
Assignee: nicolas.salguero => qa-bugs
Installed current clamav, clamav-milter, and dependencies, then used the qarepo tool to get the updates: The following 5 packages are going to be installed: - clamav-0.101.5-1.1.mga7.x86_64 - clamav-db-0.101.5-1.1.mga7.noarch - clamav-milter-0.101.5-1.1.mga7.x86_64 - clamd-0.101.5-1.1.mga7.x86_64 - lib64clamav9-0.101.5-1.1.mga7.x86_64 All packages installed cleanly. Repeating Brian's test with the newer packages: #freshclam Clamav updated the database, telling me that this version is outdated, and recommending version 0.102.1. # clamscan -vr ----------- SCAN SUMMARY ----------- Known viruses: 6584683 Engine version: 0.101.5 Scanned directories: 40 Scanned files: 54 Infected files: 0 Data scanned: 13.29 MB Data read: 4.71 MB (ratio 2.82:1) Time: 10.374 sec (0 m 10 s) Seems to work. Restoring the OK and validating. Advisory in Comment 4.
Keywords: (none) => validated_updateWhiteboard: (none) => MGA7-64-OKCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => tmb
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0361.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED