Univention Bugzilla – Bug 53470
clamav: Multiple issues (5.0)
Last modified: 2021-06-23 15:55:53 CEST
New Debian clamav 0.103.2+dfsg-0+deb10u1A~5.0.0.202106210952 fixes: This update addresses the following issue: * A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) Software version 0.103.1 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper variable initialization that may result in an NULL pointer read. An attacker could exploit this vulnerability by sending a crafted email to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. (CVE-2021-1405)
--- mirror/ftp/pool/main/c/clamav/clamav_0.102.4+dfsg-0+deb10u1A~5.0.0.202008030841.dsc +++ apt/ucs_5.0-0-errata5.0-0/source/clamav_0.103.2+dfsg-0+deb10u1A~5.0.0.202106210952.dsc @@ -1,7 +1,29 @@ -0.102.4+dfsg-0+deb10u1A~5.0.0.202008030841 [Mon, 03 Aug 2020 08:53:48 +0200] Univention builddaemon <buildd@univention.de>: +0.103.2+dfsg-0+deb10u1A~5.0.0.202106210952 [Mon, 21 Jun 2021 09:56:25 +0200] Univention builddaemon <buildd@univention.de>: * UCS auto build. The following patches have been applied to the original source package 030-silence-version-msg + +0.103.2+dfsg-0+deb10u1 [Wed, 14 Apr 2021 08:38:52 +0200] Sebastian Andrzej Siewior <sebastian@breakpoint.cc>: + + [ Sebastian Andrzej Siewior ] + * Import 0.103.2 + - CVE-2021-1252 (Fix for Excel XLM parser infinite loop.) + - CVE-2021-1404 (Fix for PDF parser buffer over-read; possible crash.) + - CVE-2021-1405 (Fix for mail parser NULL-dereference crash.) + - Fix testsuite in an IPv6 only environment (Closes: #963853). + - Update symbol file. + - Drop CURL_CA_BUNDLE related patch, changes applied upstream. + (Closes: #986622). + * Rename NEWS.Debian to NEWS. + * Update lintian overrides. + * Update apparmor profile for freshclam. Thanks to Michael Borgelt. + (Closes: #972974) + * Update apparmor profile for clamd. Thanks to Stefano Callegari. + (Closes: #973619). + * Remove deprecated option SafeBrowsing from debconf templates. + + [ Helmut Grohne ] + * Honour DEB_BUILD_OPTIONS=nocheck again. (Closes: #960843) 0.102.4+dfsg-0+deb10u1 [Sat, 18 Jul 2020 00:22:32 +0200] Sebastian Andrzej Siewior <sebastian@breakpoint.cc>: <http://piuparts.knut.univention.de/5.0-0/#5608041106165004562>
OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-0] ec91f44a99 Bug #53470: clamav 0.103.2+dfsg-0+deb10u1A~5.0.0.202106210952 doc/errata/staging/clamav.yaml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x15>