[prev in list] [next in list] [prev in thread] [next in thread]
List: clamav-announce
Subject: [Clamav-announce] =?utf-8?q?ClamAV=C2=AE_blog=3A_ClamAV_0=2E102?= =?utf-8?q?=2E2_security_patch_rele
From: "Joel Esler (jesler)" <jesler () cisco ! com>
Date: 2020-02-05 17:29:00
Message-ID: C8400022-044A-4191-AF65-C0A8A679004A () cisco ! com
[Download RAW message or body]
[Attachment #2 (text/plain)]
https://blog.clamav.net/2020/02/clamav-01022-security-patch-released.html
Today, we're publishing 0.102.2. Navigate to ClamAV's \
downloads<http://www.clamav.net/downloads> page to download the release materials. \
0.102.2 ClamAV 0.102.2 is a security patch release to address the following issues.
* CVE-2020-3123<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3123>: A \
denial-of-service (DoS) condition may occur when using the optional credit card \
data-loss-prevention (DLP) feature. Improper bounds checking of an unsigned variable \
resulted in an out-of-bounds read, which causes a crash.
* Significantly improved the scan speed of PDF files on Windows.
* Re-applied a fix to alleviate file access issues when scanning RAR files in \
downstream projects that use libclamav where the scanning engine is operating in a \
low-privilege process. This bug was originally fixed in 0.101.2 and the fix was \
mistakenly omitted from 0.102.0.
* Fixed an issue where freshclam failed to update if the database version \
downloaded is one version older than advertised. This situation may occur after a new \
database version is published. The issue affected users downloading the whole CVD \
database file.
* Changed the default freshclam ReceiveTimeout setting to 0 (infinite). The \
ReceiveTimeout had caused needless database update failures for users with slower \
internet connections.
* Correctly display the number of kilobytes (KiB) in progress bar and reduced the \
size of the progress bar to accommodate 80-character width terminals.
* Fixed an issue where running freshclam manually causes a daemonized freshclam \
process to fail when it updates because the manual instance deletes the temporary \
download directory. The freshclam temporary files will now download to a unique \
directory created at the time of an update instead of using a hardcoded directory \
created/destroyed at the program start/exit.
* Fix for freshclam's OnOutdatedExecute config option.
* Fixes a memory leak in the error condition handling for the email parser.
* Improved bound checking and error handling in ARJ archive parser.
* Improved error handling in PDF parser.
* Fix for memory leak in byte-compare signature handler.
* Updates to the unit test suite to support libcheck 0.13.
* Updates to support autoconf 2.69 and automake 1.15.
Special thanks to the following people for code contributions and bug reports:
* Antoine DeschĂȘnes
* Eric Lindblad
* Gianluigi Tiesi
* Tuomo Soini
Please join us on the ClamAV mailing lists<https://www.clamav.net/contact#ml> for \
further discussion. Thanks!
[Attachment #3 (text/html)]
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: \
after-white-space;" class=""> <div class="Apple-Mail-URLShareUserContentTopClass"><br \
class=""> </div>
<div class="Apple-Mail-URLShareWrapperClass">
<blockquote type="cite" style="border-left-style: none; color: inherit; padding: \
inherit; margin: inherit;" class=""> <a \
href="https://blog.clamav.net/2020/02/clamav-01022-security-patch-released.html" \
class="">https://blog.clamav.net/2020/02/clamav-01022-security-patch-released.html</a><br \
class=""> </blockquote>
<br class="">
</div>
<div class="Apple-Mail-URLShareWrapperClass"><span style="caret-color: rgb(68, 68, \
68); color: rgb(68, 68, 68); font-family: Arial, Tahoma, Helvetica, FreeSans, \
sans-serif; font-size: 13px; background-color: rgb(255, 255, 255);" class="">Today, \
we're publishing 0.102.2. Navigate to </span><a \
href="http://www.clamav.net/downloads" class="">ClamAV's downloads</a><span \
style="caret-color: rgb(68, 68, 68); color: rgb(68, 68, 68); font-family: Arial, \
Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; background-color: rgb(255, \
255, 255);" class=""> page to download the release materials.</span><br \
style="caret-color: rgb(68, 68, 68); color: rgb(68, 68, 68); font-family: Arial, \
Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px;" class=""> <h3 \
style="margin: 0px; position: relative; caret-color: rgb(68, 68, 68); color: rgb(68, \
68, 68); font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;" class=""> \
0.102.2</h3> <span style="caret-color: rgb(68, 68, 68); color: rgb(68, 68, 68); \
font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; \
background-color: rgb(255, 255, 255);" class="">ClamAV 0.102.2 is a security patch \
release to address the following issues.</span><br style="caret-color: rgb(68, 68, \
68); color: rgb(68, 68, 68); font-family: Arial, Tahoma, Helvetica, FreeSans, \
sans-serif; font-size: 13px;" class=""> <ul style="padding: 0px 2.5em; margin: 0.5em \
0px; line-height: 1.4; list-style-position: initial; list-style-image: initial; \
caret-color: rgb(68, 68, 68); color: rgb(68, 68, 68); font-family: Arial, Tahoma, \
Helvetica, FreeSans, sans-serif; font-size: 13px;" class=""> <li style="padding: \
0.25em 0px; margin: 0px 0px 0.25em; border: none;" class=""><a \
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3123" rel="nofollow" \
target="_blank" style="text-decoration: none; color: rgb(239, 62, 66);" \
class="">CVE-2020-3123</a>: A denial-of-service (DoS) condition may occur when using \
the optional credit card data-loss-prevention (DLP) feature. Improper bounds checking \
of an unsigned variable resulted in an out-of-bounds read, which causes a \
crash.</li><li style="padding: 0.25em 0px; margin: 0px 0px 0.25em; border: none;" \
class="">Significantly improved the scan speed of PDF files on Windows.</li><li \
style="padding: 0.25em 0px; margin: 0px 0px 0.25em; border: none;" \
class="">Re-applied a fix to alleviate file access issues when scanning RAR files in \
downstream projects that use libclamav where the scanning engine is operating in a \
low-privilege process. This bug was originally fixed in 0.101.2 and the fix was \
mistakenly omitted from 0.102.0.</li><li style="padding: 0.25em 0px; margin: 0px 0px \
0.25em; border: none;" class="">Fixed an issue where freshclam failed to update if \
the database version downloaded is one version older than advertised. This situation \
may occur after a new database version is published. The issue affected users \
downloading the whole CVD database file.</li><li style="padding: 0.25em 0px; margin: \
0px 0px 0.25em; border: none;" class="">Changed the default freshclam ReceiveTimeout \
setting to 0 (infinite). The ReceiveTimeout had caused needless database update \
failures for users with slower internet connections.</li><li style="padding: 0.25em \
0px; margin: 0px 0px 0.25em; border: none;" class="">Correctly display the number of \
kilobytes (KiB) in progress bar and reduced the size of the progress bar to \
accommodate 80-character width terminals.</li><li style="padding: 0.25em 0px; margin: \
0px 0px 0.25em; border: none;" class="">Fixed an issue where running freshclam \
manually causes a daemonized freshclam process to fail when it updates because the \
manual instance deletes the temporary download directory. The freshclam temporary \
files will now download to a unique directory created at the time of an update \
instead of using a hardcoded directory created/destroyed at the program \
start/exit.</li><li style="padding: 0.25em 0px; margin: 0px 0px 0.25em; border: \
none;" class="">Fix for freshclam's OnOutdatedExecute config option.</li><li \
style="padding: 0.25em 0px; margin: 0px 0px 0.25em; border: none;" class="">Fixes a \
memory leak in the error condition handling for the email parser.</li><li \
style="padding: 0.25em 0px; margin: 0px 0px 0.25em; border: none;" class="">Improved \
bound checking and error handling in ARJ archive parser.</li><li style="padding: \
0.25em 0px; margin: 0px 0px 0.25em; border: none;" class="">Improved error handling \
in PDF parser.</li><li style="padding: 0.25em 0px; margin: 0px 0px 0.25em; border: \
none;" class="">Fix for memory leak in byte-compare signature handler.</li><li \
style="padding: 0.25em 0px; margin: 0px 0px 0.25em; border: none;" class="">Updates \
to the unit test suite to support libcheck 0.13.</li><li style="padding: 0.25em 0px; \
margin: 0px 0px 0.25em; border: none;" class="">Updates to support autoconf 2.69 and \
automake 1.15.</li></ul> <span style="caret-color: rgb(68, 68, 68); color: rgb(68, \
68, 68); font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: \
13px; background-color: rgb(255, 255, 255);" class="">Special thanks to the following \
people for code contributions and bug reports:</span><br style="caret-color: rgb(68, \
68, 68); color: rgb(68, 68, 68); font-family: Arial, Tahoma, Helvetica, FreeSans, \
sans-serif; font-size: 13px;" class=""> <br style="caret-color: rgb(68, 68, 68); \
color: rgb(68, 68, 68); font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; \
font-size: 13px;" class=""> <ul style="padding: 0px 2.5em; margin: 0.5em 0px; \
line-height: 1.4; list-style-position: initial; list-style-image: initial; \
caret-color: rgb(68, 68, 68); color: rgb(68, 68, 68); font-family: Arial, Tahoma, \
Helvetica, FreeSans, sans-serif; font-size: 13px;" class=""> <li style="padding: \
0.25em 0px; margin: 0px 0px 0.25em; border: none;" class=""> \
Antoine DeschĂȘnes</li><li style="padding: 0.25em 0px; margin: 0px 0px 0.25em; \
border: none;" class=""> Eric Lindblad</li><li style="padding: \
0.25em 0px; margin: 0px 0px 0.25em; border: none;" class=""> \
Gianluigi Tiesi</li><li style="padding: 0.25em 0px; margin: 0px 0px 0.25em; border: \
none;" class=""> Tuomo Soini</li></ul> <br style="caret-color: \
rgb(68, 68, 68); color: rgb(68, 68, 68); font-family: Arial, Tahoma, Helvetica, \
FreeSans, sans-serif; font-size: 13px;" class=""> <span style="caret-color: rgb(68, \
68, 68); color: rgb(68, 68, 68); font-family: Arial, Tahoma, Helvetica, FreeSans, \
sans-serif; font-size: 13px; background-color: rgb(255, 255, 255);" class="">Please \
join us on the </span><a href="https://www.clamav.net/contact#ml" \
target="_blank" style="text-decoration: none; color: rgb(239, 62, 66); font-family: \
Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px;" class="">ClamAV \
mailing lists</a><span style="caret-color: rgb(68, 68, 68); color: rgb(68, 68, 68); \
font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; \
background-color: rgb(255, 255, 255);" class=""> for further discussion. \
Thanks!</span></div> </body>
</html>
_______________________________________________
clamav-announce mailing list
clamav-announce@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-announce
http://www.clamav.net/contact.html#ml
--===============1865717294532311460==--
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic