Ubuntu has issued an advisory on January 27: https://ubuntu.com/security/notices/USN-7229-1 For Cauldron, we need to switch to the new LTS (1.4.2).
Source RPM: (none) => clamav-1.0.7-1.mga9.src.rpmWhiteboard: (none) => MGA9TOOStatus comment: (none) => Fixed upstream in 1.4.2 and 1.0.8CVE: (none) => CVE-2025-20128
Suggested advisory: ======================== The updated packages fix a security vulnerability: ClamAV OLE2 File Format Decryption Denial of Service Vulnerability. (CVE-2025-20128) References: https://ubuntu.com/security/notices/USN-7229-1 ======================== Updated packages in core/updates_testing: ======================== clamav-1.0.8-1.mga9 clamav-db-1.0.8-1.mga9 clamav-milter-1.0.8-1.mga9 clamd-1.0.8-1.mga9 lib(64)clamav11-1.0.8-1.mga9 lib(64)clamav-devel-1.0.8-1.mga9 from SRPM: clamav-1.0.8-1.mga9.src.rpm
Whiteboard: MGA9TOO => (none)Status comment: Fixed upstream in 1.4.2 and 1.0.8 => (none)Assignee: bugsquad => qa-bugsVersion: Cauldron => 9Status: NEW => ASSIGNED
Keywords: (none) => advisory
MGA9-64 Plasma Wayland on Compaq H000SB No installation issues. Ref bug 33561 # freshclam Current working dir is /var/lib/clamav/ Can't open freshclam.dat in /var/lib/clamav It probably doesn't exist yet. That's ok. Failed to load freshclam.dat; will create a new freshclam.dat Creating new freshclam.dat Saved freshclam.dat ClamAV update process started at Thu Jan 30 10:11:27 2025 Current working dir is /var/lib/clamav/ Querying current.cvd.clamav.net TTL: 1800 fc_dns_query_update_info: Software version from DNS: 0.103.12 and a lot more .... At the end:Properly loaded 86 signatures from /var/lib/clamav/tmp.47d842be25/clamav-52df62d0ab29f20e9b097dca4b5dbc12.tmp-bytecode.cvd Database test passed. bytecode.cvd updated (version: 335, sigs: 86, f-level: 90, builder: raynman) fc_update_database: bytecode.cvd updated. WARNING: Clamd was NOT notified: Can't connect to clamd through /var/lib/clamav/clamd.socket: No such file or directory Which is OK as clamd hasn't been started yet. $ clamscan Loading: 1m 29s, ETA: 0s [========================>] 8.70M/8.70M sigs Compiling: 16s, ETA: 0s [========================>] 41/41 tasks ks /home/tester9/.dmrc: OK /home/tester9/.lesshst: OK /home/tester9/.screenrc: OK /home/tester9/.xsession-errors.old: OK /home/tester9/.bash_completion: OK /home/tester9/.bashrc: OK /home/tester9/.bash_logout: OK /home/tester9/.xsession-errors: OK /home/tester9/.gtkrc-2.0: OK /home/tester9/.bash_history: OK /home/tester9/.mdk-menu-migrated: Empty file /home/tester9/.viminfo: OK /home/tester9/.bash_profile: OK /home/tester9/.ICEauthority: Empty file /home/tester9/.Xauthority: OK /home/tester9/.gtk-bookmarks: Symbolic link /home/tester9/.menu-updates.stamp: Empty file /home/tester9/.qareporc: OK /home/tester9/.gitconfig: OK ----------- SCAN SUMMARY ----------- Known viruses: 8704095 Engine version: 1.0.8 Scanned directories: 1 Scanned files: 15 Infected files: 0 Data scanned: 0.02 MB Data read: 0.01 MB (ratio 2.00:1) Time: 110.381 sec (1 m 50 s) Start Date: 2025:01:30 10:13:08 End Date: 2025:01:30 10:14:58 # systemctl -l status clamav-daemon ○ clamav-daemon.service - Clam AntiVirus userspace daemon Loaded: loaded (/usr/lib/systemd/system/clamav-daemon.service; disabled; preset: disabled) Active: inactive (dead) TriggeredBy: ○ clamav-daemon.socket Docs: man:clamd(8) man:clamd.conf(5) https://docs.clamav.net/ # systemctl start clamav-daemon # systemctl -l status clamav-daemon ● clamav-daemon.service - Clam AntiVirus userspace daemon Loaded: loaded (/usr/lib/systemd/system/clamav-daemon.service; disabled; preset: disabled) Active: active (running) since Thu 2025-01-30 10:33:11 CET; 4s ago TriggeredBy: ● clamav-daemon.socket Docs: man:clamd(8) man:clamd.conf(5) https://docs.clamav.net/ Main PID: 32658 (clamd) Tasks: 1 (limit: 8806) Memory: 144.6M CPU: 4.286s CGroup: /system.slice/clamav-daemon.service └─32658 /usr/sbin/clamd --foreground=true Jan 30 10:33:11 mach3.hviaene.thuis systemd[1]: Started clamav-daemon.service. Looks all OK to me.
Whiteboard: (none) => MGA9-64-OKCC: (none) => herman.viaene
Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2025-0031.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED