Univention Bugzilla – Bug 50909
clamav: Multiple issues (4.3)
Last modified: 2020-03-11 13:57:24 CET
New Debian clamav 0.102.1+dfsg-0+deb9u2A~4.3.5.202003091522 fixes: This update addresses the following issue: * A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing routines that result in extremely long scan times of specially formatted email files. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to scan the crafted email file indefinitely, resulting in a denial of service condition. (CVE-2019-15961)
--- mirror/ftp/4.3/unmaintained/4.3-5/source/clamav_0.101.4+dfsg-0+deb9u1A~4.3.0.201909091532.dsc +++ apt/ucs_4.3-0-errata4.3-5/source/clamav_0.102.1+dfsg-0+deb9u2A~4.3.5.202003091522.dsc @@ -1,7 +1,23 @@ -0.101.4+dfsg-0+deb9u1A~4.3.0.201909091532 [Mon, 09 Sep 2019 15:32:25 +0200] Univention builddaemon <buildd@univention.de>: +0.102.1+dfsg-0+deb9u2A~4.3.5.202003091522 [Tue, 10 Mar 2020 07:42:31 +0100] Univention builddaemon <buildd@univention.de>: * UCS auto build. The following patches have been applied to the original source package 030-silence-version-msg + +0.102.1+dfsg-0+deb9u2 [Fri, 31 Jan 2020 16:49:37 -0500] Scott Kitterman <scott@kitterman.com>: + + * clamav-daemon: Correct error from ScanOnAccess option removal so that + setting LogFile options via DebConf works again (Closes: #950296) + +0.102.1+dfsg-0+deb9u1 [Mon, 23 Dec 2019 21:07:34 +0100] Sebastian Andrzej Siewior <sebastian@breakpoint.cc>: + + * Import 0.102.1 (Closes: #945265) + - CVE-2019-15961 (A Denial-of-Service as a result of excessively long scan + times). + - Let freshclam show progress during download (Closes: #690789). + * Update symbol file. + * Add libfreshclam to the libclamav9 package. + * Add the clamonacc binary to the clamav-daemon package. + * Drop ScanOnAccess option. The clamonacc provides this functionality. 0.101.4+dfsg-0+deb9u1 [Sun, 25 Aug 2019 14:08:40 +0200] Sebastian Andrzej Siewior <sebastian@breakpoint.cc>: <http://10.200.17.11/4.3-5/#546265111359782189>
OK: yaml OK: announce_errata OK: patch OK: piuparts OK: journalctl -u clamav-freshclam [4.3-5] f243855d47 Bug #50909: clamav 0.102.1+dfsg-0+deb9u2A~4.3.5.202003091522 doc/errata/staging/clamav.yaml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+)
<http://errata.software-univention.de/ucs/4.3/639.html>