Upstream has released ClamAV 0.103.2 on April 7, fixing security issues: https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html Mageia 7 and 8 are also affected.
Whiteboard: (none) => MGA8TOO, MGA7TOOSource RPM: (none) => clamav-0.102.4-2.mga8.src.rpmCVE: (none) => CVE-2021-1405
Suggested advisory: ======================== The updated packages fix a security vulnerability: A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) Software version 0.103.1 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper variable initialization that may result in an NULL pointer read. An attacker could exploit this vulnerability by sending a crafted email to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. (CVE-2021-1405) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1405 https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html ======================== Updated packages in core/updates_testing: ======================== clamav-0.103.2-1.mga{7|8} clamd-0.103.2-1.mga{7|8} clamav-milter-0.103.2-1.mga{7|8} clamav-db-0.103.2-1.mga{7|8} lib(64)clamav9-0.103.2-1.mga{7|8} lib(64)clamav-devel-0.103.2-1.mga{7|8} from SRPMS: clamav-0.103.2-1.mga{7|8}.src.rpm
Status: NEW => ASSIGNEDAssignee: bugsquad => qa-bugsCC: (none) => nicolas.salgueroVersion: Cauldron => 8Whiteboard: MGA8TOO, MGA7TOO => MGA7TOO
MGA 8 XFCE Installtion of Clamav 0.102.4-2.mga8vand scan test OK. Updated Clamav with QA repo and: clamav-0.103.2-1.mga8 clamd-0.103.2-1.mga8 clamav-milter-0.103.2-1.mga8 clamav-db-0.103.2-1.mga8 lib64clamav9-0.103.2-1.mga8 lib64clamav-devel-0.103.2-1.mga8 No issues after installation. Rescan of same directory OK I give OK for MGA8
CC: (none) => guillaume.royer
MGA7 Plasma in a vbox guest. No installation issues. Referenced Bug 27020 for a test procedure: # freshclam Current working dir is /var/lib/clamav/ Loaded mirrors.dat: version: 1 uuid: 18db7fcb-36c6-4f40-ba89-87bee092f481 ClamAV update process started at Fri Apr 16 19:42:49 2021 Current working dir is /var/lib/clamav/ Querying current.cvd.clamav.net TTL: 1719 fc_dns_query_update_info: Software version from DNS: 0.103.2 Current working dir is /var/lib/clamav/ check_for_new_database_version: Local copy of daily found: daily.cld. query_remote_database_version: daily.cvd version from DNS: 26142 daily.cld database is up-to-date (version: 26142, sigs: 3971117, f-level: 63, builder: raynman) fc_update_database: daily.cld already up-to-date. Current working dir is /var/lib/clamav/ check_for_new_database_version: Local copy of main found: main.cvd. query_remote_database_version: main.cvd version from DNS: 59 main.cvd database is up-to-date (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr) fc_update_database: main.cvd already up-to-date. Current working dir is /var/lib/clamav/ check_for_new_database_version: Local copy of bytecode found: bytecode.cvd. query_remote_database_version: bytecode.cvd version from DNS: 333 bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2) fc_update_database: bytecode.cvd already up-to-date. $ clamscan -av Lots of verbiage. at the end: Scanning /home/tom/.bash_completion /home/tom/.bash_completion: OK /home/tom/.gtkrc-2.0: Empty file ----------- SCAN SUMMARY ----------- Known viruses: 8520753 Engine version: 0.103.2 Scanned directories: 1 Scanned files: 14 Infected files: 0 Data scanned: 0.00 MB Data read: 0.00 MB (ratio 0.00:1) Time: 18.583 sec (0 m 18 s) Start Date: 2021:04:16 19:49:42 End Date: 2021:04:16 19:50:00 # systemctl start clamav-daemon # systemctl status clamav-daemon ● clamav-daemon.service - Clam AntiVirus userspace daemon Loaded: loaded (/usr/lib/systemd/system/clamav-daemon.service; disabled; > Active: active (running) since Fri 2021-04-16 19:54:21 EDT; 23s ago Docs: man:clamd(8) man:clamd.conf(5) https://www.clamav.net/documents/ Main PID: 20641 (clamd) Tasks: 2 (limit: 4702) Memory: 1.0G CGroup: /system.slice/clamav-daemon.service └─20641 /usr/sbin/clamd --foreground=true Apr 16 19:54:38 localhost clamd[20641]: SWF support enabled. Apr 16 19:54:38 localhost clamd[20641]: HTML support enabled. Apr 16 19:54:38 localhost clamd[20641]: XMLDOCS support enabled. Apr 16 19:54:38 localhost clamd[20641]: HWP3 support enabled. Apr 16 19:54:38 localhost clamd[20641]: Self checking every 600 seconds. Apr 16 19:54:38 localhost clamd[20641]: Listening daemon: PID: 20641 Apr 16 19:54:38 localhost clamd[20641]: WARNING: MaxThreads * MaxRecursion i> Apr 16 19:54:38 localhost clamd[20641]: WARNING: MaxQueue value too high, lo> Apr 16 19:54:38 localhost clamd[20641]: MaxQueue set to: 64 Apr 16 19:54:38 localhost clamd[20641]: Set stacksize to 8454144 Looks OK here for MGA7. Validating. Advisory in Comment 1.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_updateWhiteboard: MGA7TOO => MGA7TOO MGA7-64-OK MGA8-64-OK
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0194.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED
Debian-LTS has issued an advisory for this on April 14: https://www.debian.org/lts/security/2021/dla-2626