Univention Bugzilla – Bug 50839
clamav: Multiple issues (4.4)
Last modified: 2020-03-11 14:41:50 CET
New Debian clamav 0.102.1+dfsg-0+deb9u2A~4.4.3.202002191052 fixes: This update addresses the following issue: * A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing routines that result in extremely long scan times of specially formatted email files. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to scan the crafted email file indefinitely, resulting in a denial of service condition. (CVE-2019-15961)
r18795 Bug #50839,Bug #50909: ClamAV 0.102.1+dfsg-0+deb9u2
--- mirror/ftp/4.4/unmaintained/4.4-2/source/clamav_0.101.4+dfsg-0+deb9u1A~4.4.0.201909091505.dsc +++ apt/ucs_4.4-0-errata4.4-3/source/clamav_0.102.1+dfsg-0+deb9u2A~4.4.3.202002191052.dsc @@ -1,7 +1,23 @@ -0.101.4+dfsg-0+deb9u1A~4.4.0.201909091505 [Mon, 09 Sep 2019 15:05:24 +0200] Univention builddaemon <buildd@univention.de>: +0.102.1+dfsg-0+deb9u2A~4.4.3.202002191052 [Tue, 10 Mar 2020 07:43:26 +0100] Univention builddaemon <buildd@univention.de>: * UCS auto build. The following patches have been applied to the original source package 030-silence-version-msg + +0.102.1+dfsg-0+deb9u2 [Fri, 31 Jan 2020 16:49:37 -0500] Scott Kitterman <scott@kitterman.com>: + + * clamav-daemon: Correct error from ScanOnAccess option removal so that + setting LogFile options via DebConf works again (Closes: #950296) + +0.102.1+dfsg-0+deb9u1 [Mon, 23 Dec 2019 21:07:34 +0100] Sebastian Andrzej Siewior <sebastian@breakpoint.cc>: + + * Import 0.102.1 (Closes: #945265) + - CVE-2019-15961 (A Denial-of-Service as a result of excessively long scan + times). + - Let freshclam show progress during download (Closes: #690789). + * Update symbol file. + * Add libfreshclam to the libclamav9 package. + * Add the clamonacc binary to the clamav-daemon package. + * Drop ScanOnAccess option. The clamonacc provides this functionality. 0.101.4+dfsg-0+deb9u1 [Sun, 25 Aug 2019 14:08:40 +0200] Sebastian Andrzej Siewior <sebastian@breakpoint.cc>: <http://10.200.17.11/4.4-3/#3056824733653634346>
OK: yaml OK: announce_errata OK: patch OK: piuparts OK: journalctl -u clamav-freshclam [4.4-3] 33e2ec1aa7 Bug #50839: clamav 0.102.1+dfsg-0+deb9u2A~4.4.3.202002191052 doc/errata/staging/clamav.yaml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+)
<http://errata.software-univention.de/ucs/4.4/457.html>