Upstream has released ClamAV 0.102.4 on July 16, fixing security issues: https://blog.clamav.net/2020/07/clamav-01024-security-patch-released.html Ubuntu has issued an advisory for this on July 27: https://ubuntu.com/security/notices/USN-4435-1 Mageia 7 is also affected.
Whiteboard: (none) => MGA7TOOCC: (none) => mageia, nicolas.salguero
Suggested advisory: ======================== The updated packages fix security vulnerabilities: A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning malicious files. An attacker with local shell access could exploit this vulnerability by executing a script that could trigger the race condition. A successful exploit could allow the attacker to delete arbitrary files on the system that the attacker would not normally have privileges to delete, producing system instability or causing the endpoint software to stop working. (CVE-2020-3350) A vulnerability in the EGG archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.0 - 0.102.3 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a null pointer dereference. An attacker could exploit this vulnerability by sending a crafted EGG file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. (CVE-2020-3481) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3350 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3481 https://blog.clamav.net/2020/07/clamav-01024-security-patch-released.html https://ubuntu.com/security/notices/USN-4435-1 ======================== Updated packages in core/updates_testing: ======================== clamav-0.102.4-1.mga7 clamd-0.102.4-1.mga7 clamav-milter-0.102.4-1.mga7 clamav-db-0.102.4-1.mga7 lib(64)clamav9-0.102.4-1.mga7 lib(64)clamav-devel-0.102.4-1.mga7 from SRPM: clamav-0.102.4-1.mga7.src.rpm
Whiteboard: MGA7TOO => (none)Assignee: bugsquad => qa-bugsStatus: NEW => ASSIGNEDVersion: Cauldron => 7Source RPM: clamav-0.102.3-1.mga8.src.rpm => clamav-0.102.3-1.mga7.src.rpmCVE: (none) => CVE-2020-3350, CVE-2020-3481
MGA7-64 Plasma on Lenovo B50 No installation issues. Ref bugs 26653 and 25754 for testing # freshclam ClamAV update process started at Mon Aug 3 14:03:08 2020 Current working dir is /var/lib/clamav/ Querying current.cvd.clamav.net TTL: 1800 fc_dns_query_update_info: Software version from DNS: 0.102.4 Current working dir is /var/lib/clamav/ check_for_new_database_version: Local copy of daily found: daily.cvd. query_remote_database_version: daily.cvd version from DNS: 25892 daily database available for update (local version: 25888, remote version: 25892) Current database is 4 versions behind. Downloading database patch # 25889... Retrieving https://database.clamav.net/daily-25889.cdiff downloadFile: Download source: https://database.clamav.net/daily-25889.cdiff downloadFile: Download destination: ./clamav-0385651132a26463947b762f77446a9e.tmp * Trying 104.16.219.84:443... * Connected to database.clamav.net (104.16.219.84) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * SSL connection using TLSv1.2 / ECDHE-ECDSA-CHACHA20-POLY1305 * ALPN, server accepted to use h2 * Server certificate: * subject: C=US; ST=CA; L=San Francisco; O=Cloudflare, Inc.; CN=sni.cloudflaressl.com * start date: Apr 6 00:00:00 2020 GMT * expire date: Oct 9 12:00:00 2020 GMT * subjectAltName: host "database.clamav.net" matched cert's "database.clamav.net" * issuer: C=US; ST=CA; L=San Francisco; O=CloudFlare, Inc.; CN=CloudFlare Inc ECC CA-2 * SSL certificate verify ok. * Using HTTP2, server supports multi-use * Connection state changed (HTTP/2 confirmed) * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 * Using Stream ID: 1 (easy handle 0xec8a60) > GET /daily-25889.cdiff HTTP/2 Host: database.clamav.net user-agent: ClamAV/0.102.4 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) accept: */* connection: close and a lot more ...... $ clamscan -vr Scanning /home/tester7/Documents/.cache/www.mageia.orgen,8a9a589ca2daf26b2d84287c89de41fa /home/tester7/Documents/.cache/www.mageia.orgen,8a9a589ca2daf26b2d84287c89de41fa: OK Scanning /home/tester7/Documents/postjdbc.txt /home/tester7/Documents/postjdbc.txt: OK Scanning /home/tester7/Documents/get3.py /home/tester7/Documents/get3.py: OK Scanning /home/tester7/Documents/helloworld$1.class /home/tester7/Documents/helloworld$1.class: OK Scanning /home/tester7/Documents/helloworld.java /home/tester7/Documents/helloworld.java: OK Scanning /home/tester7/Documents/getown.py /home/tester7/Documents/getown.py: OK Scanning /home/tester7/Documents/postg.odb /home/tester7/Documents/postg.odb: OK Scanning /home/tester7/Documents/.directory and more ..... $ clamscan -vr /media/win_c --windows partition Scanning /media/win_c/$Recycle.Bin/S-1-5-18/desktop.ini /media/win_c/$Recycle.Bin/S-1-5-18/desktop.ini: OK Scanning /media/win_c/$Recycle.Bin/S-1-5-21-1781323582-2267604969-619860376-500/desktop.ini /media/win_c/$Recycle.Bin/S-1-5-21-1781323582-2267604969-619860376-500/desktop.ini: OK Scanning /media/win_c/$Recycle.Bin/S-1-5-21-3422449514-3301129872-3917169998-1001/desktop.ini /media/win_c/$Recycle.Bin/S-1-5-21-3422449514-3301129872-3917169998-1001/desktop.ini: OK Scanning /media/win_c/$Recycle.Bin/S-1-5-21-3422449514-3301129872-3917169998-1002/$IIM19AF.lnk /media/win_c/$Recycle.Bin/S-1-5-21-3422449514-3301129872-3917169998-1002/$IIM19AF.lnk: OK Scanning /media/win_c/$Recycle.Bin/S-1-5-21-3422449514-3301129872-3917169998-1002/$IRT1XON.lnk /media/win_c/$Recycle.Bin/S-1-5-21-3422449514-3301129872-3917169998-1002/$IRT1XON.lnk: OK Scanning /media/win_c/$Recycle.Bin/S-1-5-21-3422449514-3301129872-3917169998-1002/$IT8G5MV.lnk /media/win_c/$Recycle.Bin/S-1-5-21-3422449514-3301129872-3917169998-1002/$IT8G5MV.lnk: OK Scanning /media/win_c/$Recycle.Bin/S-1-5-21-3422449514-3301129872-3917169998-1002/$RIM19AF.lnk /media/win_c/$Recycle.Bin/S-1-5-21-3422449514-3301129872-3917169998-1002/$RIM19AF.lnk: OK Scanning /media/win_c/$Recycle.Bin/S-1-5-21-3422449514-3301129872-3917169998-1002/$RRT1XON.lnk /media/win_c/$Recycle.Bin/S-1-5-21-3422449514-3301129872-3917169998-1002/$RRT1XON.lnk: OK Scanning /media/win_c/$Recycle.Bin/S-1-5-21-3422449514-3301129872-3917169998-1002/$RT8G5MV.lnk /media/win_c/$Recycle.Bin/S-1-5-21-3422449514-3301129872-3917169998-1002/$RT8G5MV.lnk: OK Scanning /media/win_c/$Recycle.Bin/S-1-5-21-3422449514-3301129872-3917169998-1002/desktop.ini /media/win_c/$Recycle.Bin/S-1-5-21-3422449514-3301129872-3917169998-1002/desktop.ini: OK Scanning /media/win_c/$Recycle.Bin/S-1-5-21-3422449514-3301129872-3917169998-1003/desktop.ini /media/win_c/$Recycle.Bin/S-1-5-21-3422449514-3301129872-3917169998-1003/desktop.ini: OK Scanning /media/win_c/$Recycle.Bin/S-1-5-21-3422449514-3301129872-3917169998-500/desktop.ini /media/win_c/$Recycle.Bin/S-1-5-21-3422449514-3301129872-3917169998-500/desktop.ini: OK Scanning /media/win_c/$Windows.~WS/Sources/Panther/diagerr.xml /media/win_c/$Windows.~WS/Sources/Panther/diagerr.xml: OK Scanning /media/win_c/$Windows.~WS/Sources/Panther/diagwrn.xml /media/win_c/$Windows.~WS/Sources/Panther/diagwrn.xml: OK Scanning /media/win_c/$Windows.~WS/Sources/Panther/DlTel-Merge.etl /media/win_c/$Windows.~WS/Sources/Panther/DlTel-Merge.etl: OK and loads of it.
CC: (none) => herman.viaene
At the end of the /home/tester7/Documents: Known viruses: 8328734 Engine version: 0.102.4 Scanned directories: 2 Scanned files: 17 Infected files: 0 Data scanned: 0.29 MB Data read: 0.11 MB (ratio 2.64:1) Time: 18.889 sec (0 m 18 s) The Windows scan ran for 10h 48min. # systemctl -l status clamav-daemon ● clamav-daemon.service - Clam AntiVirus userspace daemon Loaded: loaded (/usr/lib/systemd/system/clamav-daemon.service; disabled; vendor preset: disabled) Active: inactive (dead) Docs: man:clamd(8) man:clamd.conf(5) https://www.clamav.net/documents/ # systemctl start clamav-daemon # systemctl -l status clamav-daemon ● clamav-daemon.service - Clam AntiVirus userspace daemon Loaded: loaded (/usr/lib/systemd/system/clamav-daemon.service; disabled; vendor preset: disabled) Active: active (running) since Tue 2020-08-04 08:45:47 CEST; 7s ago Docs: man:clamd(8) man:clamd.conf(5) https://www.clamav.net/documents/ Main PID: 22254 (clamd) Tasks: 1 (limit: 4915) Memory: 742.5M CGroup: /system.slice/clamav-daemon.service └─22254 /usr/sbin/clamd --foreground=true Aug 04 08:45:47 mach5.hviaene.thuis systemd[1]: Started Clam AntiVirus userspace daemon. All OK to me
Whiteboard: (none) => MGA7-64-OK
Validating. Advisory in Comment 1.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0322.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED