clamav 1.0.1 is affected by both CVEs. clamav 0.103.8 is only affected by CVE-2023-20197.
CC: (none) => nicolas.salgueroAssignee: bugsquad => nicolas.salgueroWhiteboard: (none) => MGA9TOO, MGA8TOOSource RPM: (none) => clamav-1.0.1-1.mga9.src.rpm
Suggested advisory: ======================== The updated packages fix security vulnerabilities: A vulnerability in the filesystem image parser for Hierarchical File System Plus (HFS+) of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for completion when a file is decompressed, which may result in a loop condition that could cause the affected software to stop responding. An attacker could exploit this vulnerability by submitting a crafted HFS+ filesystem image to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to stop responding, resulting in a DoS condition on the affected software and consuming available system resources. (CVE-2023-20197) A vulnerability in the AutoIt module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a logic error in the memory management of an affected device. An attacker could exploit this vulnerability by submitting a crafted AutoIt file to be scanned by ClamAV on the affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to restart unexpectedly, resulting in a DoS condition. (CVE-2023-20212) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20197 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20212 ======================== Updated packages in 8/core/updates_testing: ======================== clamav-0.103.10-1.mga8 clamav-db-0.103.10-1.mga8 clamav-milter-0.103.10-1.mga8 clamd-0.103.10-1.mga8 lib(64)clamav9-0.103.10-1.mga8 lib(64)clamav-devel-0.103.10-1.mga8 from SRPM: clamav-0.103.10-1.mga8.src.rpm Updated packages in 9/core/updates_testing: ======================== clamav-1.0.3-1.mga9 clamav-db-1.0.3-1.mga9 clamav-milter-1.0.3-1.mga9 clamd-1.0.3-1.mga9 lib(64)clamav11-1.0.3-1.mga9 lib(64)clamav-devel-1.0.3-1.mga9 from SRPM: clamav-1.0.3-1.mga9.src.rpm
Version: Cauldron => 9Assignee: nicolas.salguero => qa-bugsStatus: NEW => ASSIGNEDWhiteboard: MGA9TOO, MGA8TOO => MGA8TOO
MGA8_64, Plasma # uname -a Linux localhost 5.15.120-desktop-2.mga8 #1 SMP Mon Jul 10 19:58:36 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux # urpmi clamav To satisfy dependencies, the following packages are going to be installed: Package Version Release Arch (medium "Core Updates Testing") clamav 0.103.10 1.mga8 x86_64 clamav-db 0.103.10 1.mga8 noarch lib64clamav9 0.103.10 1.mga8 x86_64 # freshclam - worked # clamscan -vr ----------- SCAN SUMMARY ----------- Known viruses: 8672060 Engine version: 0.103.10 Scanned directories: 7994 Scanned files: 70786 Infected files: 0 Data scanned: 21829.34 MB Data read: 151654.97 MB (ratio 0.14:1) Time: 1574.011 sec (26 m 14 s) Start Date: 2023:09:02 14:57:22 End Date: 2023:09:02 15:23:36 working for me
Whiteboard: MGA8TOO => MGA8TOO MGA8-64-OKCC: (none) => brtians1
MGA9 Gnome 16Go ram, Intel Core I5 Apple Mac mini Updated with QA repo and RPM: clamav 1.0.3 1.mga9 x86_64 clamav-db 1.0.3 1.mga9 noarch lib64clamav11 1.0.3 1.mga9 x86_64 # freshclam Ok # clamscan --infected /home/xxx/ ----------- SCAN SUMMARY ----------- Known viruses: 8672274 Engine version: 1.0.3 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 1.03 MB Data read: 0.25 MB (ratio 4.17:1) Time: 26.998 sec (0 m 26 s) Start Date: 2023:09:09 16:35:56 End Date: 2023:09:09 16:36:23 Ok for me
CC: (none) => guillaume.royer
Whiteboard: MGA8TOO MGA8-64-OK => MGA8TOO MGA8-64-OK MGA9-64-OK
Validating. Advisory in comment 1.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0257.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED
After an automatic update, clamav has disappeared (and no longer works). I couldn't reinstall it because of a dependency error : urpmi clamav The requested package cannot be installed: clamav-0.103.10-1.mga8.x86_64 (because clamav-db[*] is unsatisfied) Do you still want to continue? (Y/n) o Some packages were installed but others failed.
Resolution: FIXED => (none)Status: RESOLVED => UNCONFIRMEDEver confirmed: 1 => 0CC: (none) => richard
Please do not reopen bugs that have been used to push an update. A new bug should be opened. That said, what's the output of "urpmq --list-media active" and "urpmq ---list-url|head -n 10".
On one of my m8 x86_64 systems ... # urpmi clamav clamd To satisfy dependencies, the following packages are going to be installed: Package Version Release Arch (medium "Core Updates (distrib3)") clamav 0.103.10 1.mga8 x86_64 clamav-db 0.103.10 1.mga8 noarch clamd 0.103.10 1.mga8 x86_64 lib64clamav9 0.103.10 1.mga8 x86_64 250MB of additional disk space will be used. 226MB of packages will be retrieved. Proceed with the installation of the 4 packages? (Y/n) http://mirror.math.princeton.edu/pub/mageia/distrib/8/x86_64/media/core/updates/clamav-0.103.10-1.mga8.x86_64.rpm http://mirror.math.princeton.edu/pub/mageia/distrib/8/x86_64/media/core/updates/clamd-0.103.10-1.mga8.x86_64.rpm http://mirror.math.princeton.edu/pub/mageia/distrib/8/x86_64/media/core/updates/clamav-db-0.103.10-1.mga8.noarch.rpm http://mirror.math.princeton.edu/pub/mageia/distrib/8/x86_64/media/core/updates/lib64clamav9-0.103.10-1.mga8.x86_64.rpm installing clamd-0.103.10-1.mga8.x86_64.rpm lib64clamav9-0.103.10-1.mga8.x86_64.rpm clamav-db-0.103.10-1.mga8.noarch.rpm clamav-0.103.10-1.mga8.x86_64.rpm from /var/cache/urpmi/rpms Preparing... ############################################################################################################################################################################### 1/4: lib64clamav9 ############################################################################################################################################################################### 2/4: clamav-db ############################################################################################################################################################################### 3/4: clamav ############################################################################################################################################################################### 4/4: clamd ############################################################################################################################################################################### ---------------------------------------------------------------------- More information on package clamav-0.103.10-1.mga8.x86_64 clamav-0.95+ bundles support for RAR v3 in "libclamav" without permission, from Eugene Roshal of RARlabs. There is also patent issues involved. Therefore Mageia has been forced to remove the offending code. ----------------------------------------------------------------------
Re-closing this bug report. You can still add comments that will go to everyone in the cc list without re-opening the bug report.
Status: UNCONFIRMED => RESOLVEDResolution: (none) => FIXED
Hello, I've described the problem with this update (comment 6) in a new bug. Thank you for your investigations https://bugs.mageia.org/show_bug.cgi?id=32404
A vulnerability in the HFS+ filesystem image parser could allow an unauthenticated remote attacker to trigger a denial of service (DoS) condition. This occurs due to an improper check during file decompression, potentially leading to a loop that makes the software unresponsive. I saw the bug description at https://bugs.mageia.org/show_bug.cgi?id=32404 https://geometrydash-online.io but is there a code solution? Attackers could exploit this by submitting a crafted HFS+ filesystem image for scanning, causing resource exhaustion and making the ClamAV scanning process stop responding.
CC: (none) => lojajoy179
CC: lojajoy179 => (none)