drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in clamav
Name: |
Denial of Service in clamav |
|
ID: |
FEDORA-2019-1543eae191 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 31 |
|
Datum: |
Mi, 4. Dezember 2019, 07:45 |
|
Referenzen: |
https://bugzilla.redhat.com/show_bug.cgi?id=1764835
https://bugzilla.redhat.com/show_bug.cgi?id=1631525
https://bugzilla.redhat.com/show_bug.cgi?id=1725810
https://bugzilla.redhat.com/show_bug.cgi?id=1775550
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15961 |
|
Applikationen: |
Clam Antivirus |
|
Originalnachricht |
------------------------------------------------------------------------------- - Fedora Update Notification FEDORA-2019-1543eae191 2019-12-04 01:14:42.699071 ------------------------------------------------------------------------------- -
Name : clamav Product : Fedora 31 Version : 0.101.5 Release : 1.fc31 URL : https://www.clamav.net/ Summary : End-user tools for the Clam Antivirus scanner Description : Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use with your own software. The virus database is based on the virus database from OpenAntiVirus, but contains additional signatures (including signatures for popular polymorphic viruses, too) and is KEPT UP TO DATE.
------------------------------------------------------------------------------- - Update Information:
- Drop clamd@scan.service file (bz#1725810) ClamAV 0.101.5 is a security patch release that addresses the following issues. - CVE-2019-15961: A Denial-of-Service (DoS) vulnerability may occur when scanning a specially crafted email file as a result of excessively long scan times. The issue is resolved by implementing several maximums in parsing MIME messages and by optimizing use of memory allocation. - Added the zip scanning improvements found in v0.102.0 where it scans files using zip records from a sorted catalogue which provides deduplication of file records resulting in faster extraction and scan time and reducing the likelihood of alerting on non-malicious duplicate file entries as overlapping files. - Signature load time is significantly reduced by changing to a more efficient algorithm for loading signature patterns and allocating the AC trie. Patch courtesy of Alberto Wu. - Introduced a new configure option to statically link libjson-c with libclamav. Static linking with libjson is highly recommended to prevent crashes in applications that use libclamav alongside another JSON parsing library. - Null-dereference fix in email parser when using the --gen-json metadata option. ---- Add TimeoutStartSec=420 to clamd@.service to match upstream ------------------------------------------------------------------------------- - ChangeLog:
* Sat Nov 23 2019 Orion Poplawski <orion@nwra.com> - 0.101.5-1 - Update to 0.101.5 (CVE-2019-15961) (bz#1775550) * Mon Nov 18 2019 Orion Poplawski <orion@nwra.com> - 0.101.4-3 - Drop clamd@scan.service file (bz#1725810) - Change /var/run to /run * Mon Nov 18 2019 Orion Poplawski <orion@nwra.com> - 0.101.4-2 - Add TimeoutStartSec=420 to clamd@.service to match upstream (bz#1764835) ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #1631525 - clamav: clamscan --gen-json does not output JSON https://bugzilla.redhat.com/show_bug.cgi?id=1631525 [ 2 ] Bug #1775550 - Request to build clamav 0.101.5 for EPEL 7 https://bugzilla.redhat.com/show_bug.cgi?id=1775550 [ 3 ] Bug #1725810 - /usr/lib/systemd/system/clamd@scan.service:1: .include directives are deprecated https://bugzilla.redhat.com/show_bug.cgi?id=1725810 [ 4 ] Bug #1764835 - clamd at 100% CPU and SystemD keeps restarting clamd https://bugzilla.redhat.com/show_bug.cgi?id=1764835 ------------------------------------------------------------------------------- -
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-1543eae191' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
|
|
|
|