Description of problem: Update for ClamAV 1.0.x - 1.0.1 - was released which fixes some CVE bugs. We have ClamAV 1.0 --- https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html ClamAV 1.0.1 is a critical patch release with the following fixes: CVE-2023-20032: Fixed a possible remote code execution vulnerability in the HFS+ file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue. CVE-2023-20052: Fixed a possible remote information leak vulnerability in the DMG file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue. Fix an allmatch detection issue with the preclass bytecode hook. GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/825 Update the vendored libmspack library to version 0.11alpha. GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/828
Whiteboard: (none) => MGA8TOOSummary: ClamAV 1.0.1 update (CVE bugfix)- MGA9 => ClamAV update (CVE bugfix) - MGA9 / MGA8
For MGA8 - Update to 0.103.8
Thank you for the helpful report. ns80 did version 1.0.0, so assigning to you for this update.
Summary: ClamAV update (CVE bugfix) - MGA9 / MGA8 => ClamAV update (CVE-2023-20032, CVE-2023-20052 bugfix) - MGA9 / MGA8Source RPM: (none) => clamav-1.0.0-1.mga9.src.rpmAssignee: bugsquad => nicolas.salgueroCC: (none) => luigiwalser
QA Contact: (none) => securityCC: luigiwalser => (none)Component: RPM Packages => Security
Status comment: (none) => Fixed upstream in 0.103.8 and 1.0.1Summary: ClamAV update (CVE-2023-20032, CVE-2023-20052 bugfix) - MGA9 / MGA8 => clamav new security issues CVE-2023-20032 and CVE-2023-20052
Suggested advisory: ======================== The updated packages fix security vulnerabilities: A possible remote code execution vulnerability in the HFS+ file parser. (CVE-2023-20032) A possible remote information leak vulnerability in the DMG file parser. (CVE-2023-20052) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20032 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20052 https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html ======================== Updated packages in core/updates_testing: ======================== clamav-0.103.8-1.mga8 clamav-db-0.103.8-1.mga8 clamav-milter-0.103.8-1.mga8 clamd-0.103.8-1.mga8 lib(64)clamav9-0.103.8-1.mga8 lib(64)clamav-devel-0.103.8-1.mga8 from SRPM: clamav-0.103.8-1.mga8.src.rpm
Version: Cauldron => 8Source RPM: clamav-1.0.0-1.mga9.src.rpm => clamav-0.103.7-1.mga8.src.rpmStatus: NEW => ASSIGNEDAssignee: nicolas.salguero => qa-bugsCVE: (none) => CVE-2023-20032, CVE-2023-20052Whiteboard: MGA8TOO => (none)CC: (none) => nicolas.salgueroStatus comment: Fixed upstream in 0.103.8 and 1.0.1 => (none)
MGA8-64 MATE on Acer Aspire 5253. No installation issues. Ref bug 29663 for tests # freshclam Current working dir is /var/lib/clamav/ Can't open freshclam.dat in /var/lib/clamav It probably doesn't exist yet. That's ok. Failed to load freshclam.dat; will create a new freshclam.dat Creating new freshclam.dat Saved freshclam.dat ClamAV update process started at Tue Feb 21 15:25:00 2023 Current working dir is /var/lib/clamav/ Querying current.cvd.clamav.net TTL: 1800 fc_dns_query_update_info: Software version from DNS: 0.103.8 Current working dir is /var/lib/clamav/ check_for_new_database_version: Local copy of daily found: daily.cvd. query_remote_database_version: daily.cvd version from DNS: 26819 daily database available for update (local version: 26814, remote version: 26819) Current database is 5 versions behind. Downloading database patch # 26815... and then a long list of retrieval actions..... and at the end Testing database: '/var/lib/clamav/tmp.38567d1b46/clamav-b7fae270c79844e83749178298cd0e5e.tmp-bytecode.cvd' ... Loading signatures from /var/lib/clamav/tmp.38567d1b46/clamav-b7fae270c79844e83749178298cd0e5e.tmp-bytecode.cvd Properly loaded 92 signatures from /var/lib/clamav/tmp.38567d1b46/clamav-b7fae270c79844e83749178298cd0e5e.tmp-bytecode.cvd Database test passed. bytecode.cvd updated (version: 333, sigs: 92, f-level: 63, builder: awillia2) fc_update_database: bytecode.cvd updated. WARNING: Clamd was NOT notified: Can't connect to clamd through /var/lib/clamav/clamd.socket: No such file or directory That's OK since I didn't start clamd yet. $ clamscan /home/tester8/.xsession-errors.old: OK /home/tester8/.rubberband.wisdom.d: OK /home/tester8/.bashrc: OK /home/tester8/myfile.css: OK /home/tester8/.Xauthority: OK /home/tester8/.node_repl_history: OK /home/tester8/.screenrc: OK /home/tester8/.bash_history: OK etc.... ending ----------- SCAN SUMMARY ----------- Known viruses: 8653276 Engine version: 0.103.8 Scanned directories: 1 Scanned files: 31 Infected files: 0 Data scanned: 0.75 MB Data read: 0.43 MB (ratio 1.74:1) Time: 127.201 sec (2 m 7 s) Start Date: 2023:02:21 15:31:49 End Date: 2023:02:21 15:33:57 # systemctl -l status clamav-daemon ● clamav-daemon.service - Clam AntiVirus userspace daemon Loaded: loaded (/usr/lib/systemd/system/clamav-daemon.service; disabled; vendor preset: disabled) Active: inactive (dead) TriggeredBy: ● clamav-daemon.socket Docs: man:clamd(8) man:clamd.conf(5) https://docs.clamav.net/ Feb 21 15:35:55 mach7.hviaene.thuis systemd[1]: /usr/lib/systemd/system/clamav-daemon.service:13: Standard output type syslog is obsolet> Feb 21 15:35:56 mach7.hviaene.thuis systemd[1]: /usr/lib/systemd/system/clamav-daemon.service:13: Standard output type syslog is obsolet> # systemctl start clamav-daemon # systemctl -l status clamav-daemon ● clamav-daemon.service - Clam AntiVirus userspace daemon Loaded: loaded (/usr/lib/systemd/system/clamav-daemon.service; disabled; vendor preset: disabled) Active: active (running) since Tue 2023-02-21 15:36:27 CET; 2s ago TriggeredBy: ● clamav-daemon.socket Docs: man:clamd(8) man:clamd.conf(5) https://docs.clamav.net/ Main PID: 17190 (clamd) Tasks: 1 (limit: 4364) Memory: 47.8M CPU: 2.511s CGroup: /system.slice/clamav-daemon.service └─17190 /usr/sbin/clamd --foreground=true Feb 21 15:36:27 mach7.hviaene.thuis systemd[1]: Started Clam AntiVirus userspace daemon. All looks OK.
Whiteboard: (none) => MGA8-64-OKCC: (none) => herman.viaene
Validating. Advisory in Comment 3.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0068.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED