Bug 33561 - clamav new security issues CVE-2024-2050[56]
Summary: clamav new security issues CVE-2024-2050[56]
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 9
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA9-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2024-09-13 16:29 CEST by Nicolas Salguero
Modified: 2024-09-17 04:42 CEST (History)
3 users (show)

See Also:
Source RPM: clamav-1.0.6-1.mga9.src.rpm
CVE: CVE-2024-20505, CVE-2024-20506
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2024-09-13 16:29:26 CEST 
Those CVEs were announced here:
https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html
Nicolas Salguero 2024-09-13 16:30:07 CEST

Source RPM: (none) => clamav-1.0.6-1.mga9.src.rpm
CVE: (none) => CVE-2024-20505, CVE-2024-20506
Whiteboard: (none) => MGA9TOO

Nicolas Salguero 2024-09-13 16:42:47 CEST

Assignee: bugsquad => nicolas.salguero

Comment 1 Nicolas Salguero 2024-09-16 09:12:49 CEST 
Suggested advisory:
========================

The updated packages fix security vulnerabilities:

Fixed a possible out-of-bounds read bug in the PDF file parser that could cause a denial-of-service (DoS) condition. (CVE-2024-20505)

Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the 'clamd' or 'freshclam' services from using a symlink to corrupt system files. (CVE-2024-20506)

References:
https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html
========================

Updated packages in core/updates_testing:
========================
clamav-1.0.7-1.mga9
clamav-db-1.0.7-1.mga9
clamav-milter-1.0.7-1.mga9
clamd-1.0.7-1.mga9
lib(64)clamav11-1.0.7-1.mga9
lib(64)clamav-devel-1.0.7-1.mga9

from SRPM:
clamav-1.0.7-1.mga9.src.rpm

Version: Cauldron => 9
Assignee: nicolas.salguero => qa-bugs
Status: NEW => ASSIGNED
Whiteboard: MGA9TOO => (none)

Comment 2 Herman Viaene 2024-09-16 11:36:07 CEST 
MGA9-64 server Plasma Wayland on HP-Pavillion
No installation issues.
Ref bug31562 e.a. for testing
# freshclam 
Current working dir is /var/lib/clamav/
Can't open freshclam.dat in /var/lib/clamav
It probably doesn't exist yet. That's ok.
Failed to load freshclam.dat; will create a new freshclam.dat
Creating new freshclam.dat
Saved freshclam.dat
ClamAV update process started at Mon Sep 16 11:25:02 2024
Current working dir is /var/lib/clamav/
Querying current.cvd.clamav.net
etc....
at the end
Testing database: '/var/lib/clamav/tmp.1a32ad164c/clamav-262bb8a8e2c75d350b6ff98a03aaf732.tmp-bytecode.cvd' ...
Loading signatures from /var/lib/clamav/tmp.1a32ad164c/clamav-262bb8a8e2c75d350b6ff98a03aaf732.tmp-bytecode.cvd
Properly loaded 86 signatures from /var/lib/clamav/tmp.1a32ad164c/clamav-262bb8a8e2c75d350b6ff98a03aaf732.tmp-bytecode.cvd
Database test passed.
bytecode.cvd updated (version: 335, sigs: 86, f-level: 90, builder: raynman)
fc_update_database: bytecode.cvd updated.
WARNING: Clamd was NOT notified: Can't connect to clamd through /var/lib/clamav/clamd.socket: No such file or directory
OK, clamd hasn't been started yet

$ clamscan
Loading:    47s, ETA:   0s [========================>]    8.70M/8.70M sigs       
Compiling:  12s, ETA:   0s [========================>]       41/41 tasks 

/home/tester9/.xsession-errors: Empty file
/home/tester9/.screenrc: OK
/home/tester9/.qareporc: OK
/home/tester9/.gtkrc-2.0: OK
/home/tester9/.bash_logout: OK
/home/tester9/.bash_profile: OK
/home/tester9/.dmrc: OK
/home/tester9/.bashrc: OK
/home/tester9/.xsession-errors.old: Empty file
/home/tester9/.mdk-menu-migrated: Empty file
/home/tester9/.bash_history: OK
/home/tester9/.bash_completion: OK

----------- SCAN SUMMARY -----------
Known viruses: 8698650
Engine version: 1.0.7
Scanned directories: 1
Scanned files: 9
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 63.450 sec (1 m 3 s)
Start Date: 2024:09:16 11:31:32
End Date:   2024:09:16 11:32:35

# systemctl -l status clamav-daemon
○ clamav-daemon.service - Clam AntiVirus userspace daemon
     Loaded: loaded (/usr/lib/systemd/system/clamav-daemon.service; disabled; preset: disabled)
     Active: inactive (dead)
TriggeredBy: ○ clamav-daemon.socket
       Docs: man:clamd(8)
             man:clamd.conf(5)
             https://docs.clamav.net/

# systemctl start clamav-daemon
# systemctl -l status clamav-daemon
● clamav-daemon.service - Clam AntiVirus userspace daemon
     Loaded: loaded (/usr/lib/systemd/system/clamav-daemon.service; disabled; preset: disabled)
     Active: active (running) since Mon 2024-09-16 11:34:42 CEST; 4s ago
TriggeredBy: ● clamav-daemon.socket
       Docs: man:clamd(8)
             man:clamd.conf(5)
             https://docs.clamav.net/
   Main PID: 56549 (clamd)
      Tasks: 1 (limit: 4473)
     Memory: 270.4M
        CPU: 4.275s
     CGroup: /system.slice/clamav-daemon.service
             └─56549 /usr/sbin/clamd --foreground=true

Sep 16 11:34:42 mach4.hviaene.thuis systemd[1]: Started clamav-daemon.service.

Looks fine to me.

Whiteboard: (none) => MGA9-64-OK
CC: (none) => herman.viaene

Comment 3 Thomas Andrews 2024-09-17 02:38:47 CEST 
Validating. Advisory in Comment 1.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

katnatek 2024-09-17 03:16:23 CEST

Keywords: (none) => advisory

Comment 4 Mageia Robot 2024-09-17 04:42:07 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2024-0307.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.