bpfire/lfs/clamav at d9c1908f64e6d3e1adcd2c400f7c2b939f1393aa

mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-25 18:32:57 +02:00

Files

Matthias Fischer cb9fd5923b clamav: Update to 0.102.3

For details see:
https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html

"ClamAV 0.102.3 is a bug patch release to address the following issues.

- CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing module
in ClamAV 0.102.2 that could cause a Denial-of-Service (DoS) condition.
Improper bounds checking of an unsigned variable results in an
out-of-bounds read which causes a crash.

- CVE-2020-3341: Fix a vulnerability in the PDF parsing module in ClamAV
0.101 - 0.102.2 that could cause a Denial-of-Service (DoS) condition.
Improper size checking of a buffer used to initialize AES decryption
routines results in an out-of-bounds read which may cause a crash. Bug
found by OSS-Fuzz.

- Fix "Attempt to allocate 0 bytes" error when parsing some PDF
documents.

- Fix a couple of minor memory leaks.

- Updated libclamunrar to UnRAR 5.9.2."

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

2020-05-17 07:58:37 +00:00

3.6 KiB

Raw Blame History

View Raw

3.6 KiB Raw Blame History

3.6 KiB

Raw Blame History