33969 – clamav new security issue CVE-2025-20128

Bug 33969 - clamav new security issue CVE-2025-20128

Summary: clamav new security issue CVE-2025-20128

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	9
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA9-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2025-01-28 17:11 CET by Nicolas Salguero
Modified:	2025-01-31 21:54 CET (History)
CC List:	3 users (show)

See Also:
Source RPM:	clamav-1.0.7-1.mga9.src.rpm
CVE:	CVE-2025-20128
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2025-01-28 17:11:39 CET

Ubuntu has issued an advisory on January 27:
https://ubuntu.com/security/notices/USN-7229-1

For Cauldron, we need to switch to the new LTS (1.4.2).

Nicolas Salguero 2025-01-28 17:12:06 CET

Source RPM: (none) => clamav-1.0.7-1.mga9.src.rpm
Whiteboard: (none) => MGA9TOO
Status comment: (none) => Fixed upstream in 1.4.2 and 1.0.8
CVE: (none) => CVE-2025-20128

Comment 1 Nicolas Salguero 2025-01-29 15:08:19 CET

Suggested advisory:
========================

The updated packages fix a security vulnerability:

ClamAV OLE2 File Format Decryption Denial of Service Vulnerability. (CVE-2025-20128)

References:
https://ubuntu.com/security/notices/USN-7229-1
========================

Updated packages in core/updates_testing:
========================
clamav-1.0.8-1.mga9
clamav-db-1.0.8-1.mga9
clamav-milter-1.0.8-1.mga9
clamd-1.0.8-1.mga9
lib(64)clamav11-1.0.8-1.mga9
lib(64)clamav-devel-1.0.8-1.mga9

from SRPM:
clamav-1.0.8-1.mga9.src.rpm

Whiteboard: MGA9TOO => (none)
Status comment: Fixed upstream in 1.4.2 and 1.0.8 => (none)
Assignee: bugsquad => qa-bugs
Version: Cauldron => 9
Status: NEW => ASSIGNED

katnatek 2025-01-29 18:18:32 CET

Keywords: (none) => advisory

Comment 2 Herman Viaene 2025-01-30 10:42:47 CET

MGA9-64 Plasma Wayland on Compaq H000SB
No installation issues.
Ref bug 33561
# freshclam 
Current working dir is /var/lib/clamav/
Can't open freshclam.dat in /var/lib/clamav
It probably doesn't exist yet. That's ok.
Failed to load freshclam.dat; will create a new freshclam.dat
Creating new freshclam.dat
Saved freshclam.dat
ClamAV update process started at Thu Jan 30 10:11:27 2025
Current working dir is /var/lib/clamav/
Querying current.cvd.clamav.net
TTL: 1800
fc_dns_query_update_info: Software version from DNS: 0.103.12
and a lot more ....
At the end:Properly loaded 86 signatures from /var/lib/clamav/tmp.47d842be25/clamav-52df62d0ab29f20e9b097dca4b5dbc12.tmp-bytecode.cvd
Database test passed.
bytecode.cvd updated (version: 335, sigs: 86, f-level: 90, builder: raynman)
fc_update_database: bytecode.cvd updated.
WARNING: Clamd was NOT notified: Can't connect to clamd through /var/lib/clamav/clamd.socket: No such file or directory
Which is OK as clamd hasn't been started yet.

$ clamscan
Loading:    1m 29s, ETA:   0s [========================>]    8.70M/8.70M sigs    
Compiling:  16s, ETA:   0s [========================>]       41/41 tasks ks 

/home/tester9/.dmrc: OK
/home/tester9/.lesshst: OK
/home/tester9/.screenrc: OK
/home/tester9/.xsession-errors.old: OK
/home/tester9/.bash_completion: OK
/home/tester9/.bashrc: OK
/home/tester9/.bash_logout: OK
/home/tester9/.xsession-errors: OK
/home/tester9/.gtkrc-2.0: OK
/home/tester9/.bash_history: OK
/home/tester9/.mdk-menu-migrated: Empty file
/home/tester9/.viminfo: OK
/home/tester9/.bash_profile: OK
/home/tester9/.ICEauthority: Empty file
/home/tester9/.Xauthority: OK
/home/tester9/.gtk-bookmarks: Symbolic link
/home/tester9/.menu-updates.stamp: Empty file
/home/tester9/.qareporc: OK
/home/tester9/.gitconfig: OK

----------- SCAN SUMMARY -----------
Known viruses: 8704095
Engine version: 1.0.8
Scanned directories: 1
Scanned files: 15
Infected files: 0
Data scanned: 0.02 MB
Data read: 0.01 MB (ratio 2.00:1)
Time: 110.381 sec (1 m 50 s)
Start Date: 2025:01:30 10:13:08
End Date:   2025:01:30 10:14:58

# systemctl -l status clamav-daemon
○ clamav-daemon.service - Clam AntiVirus userspace daemon
     Loaded: loaded (/usr/lib/systemd/system/clamav-daemon.service; disabled; preset: disabled)
     Active: inactive (dead)
TriggeredBy: ○ clamav-daemon.socket
       Docs: man:clamd(8)
             man:clamd.conf(5)
             https://docs.clamav.net/
# systemctl start clamav-daemon
# systemctl -l status clamav-daemon
● clamav-daemon.service - Clam AntiVirus userspace daemon
     Loaded: loaded (/usr/lib/systemd/system/clamav-daemon.service; disabled; preset: disabled)
     Active: active (running) since Thu 2025-01-30 10:33:11 CET; 4s ago
TriggeredBy: ● clamav-daemon.socket
       Docs: man:clamd(8)
             man:clamd.conf(5)
             https://docs.clamav.net/
   Main PID: 32658 (clamd)
      Tasks: 1 (limit: 8806)
     Memory: 144.6M
        CPU: 4.286s
     CGroup: /system.slice/clamav-daemon.service
             └─32658 /usr/sbin/clamd --foreground=true

Jan 30 10:33:11 mach3.hviaene.thuis systemd[1]: Started clamav-daemon.service.

Looks all OK to me.

Whiteboard: (none) => MGA9-64-OK
CC: (none) => herman.viaene

Comment 3 Thomas Andrews 2025-01-31 21:08:40 CET

Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Comment 4 Mageia Robot 2025-01-31 21:54:55 CET

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2025-0031.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED

Note You need to log in before you can comment on or make changes to this bug.