> > https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html > <https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html> > > ClamAV 0.103.2 security patch release > > Wednesday, April 7, 2021 > > <>ClamAV 0.103.2 is out now. Users can head over to clamav.net/downloads > <https://www.clamav.net/downloads> to download the release materials. > > ClamAV 0.103.2 is a security patch release with the following fixes: > > CVE-2021-1386 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1386>: > Fix for UnRAR DLL load privilege escalation. Affects 0.103.1 and prior on > Windows only. > > CVE-2021-1252 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1252>: > Fix for Excel XLM parser infinite loop. Affects 0.103.0 and 0.103.1 only. > > CVE-2021-1404 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1404>: > Fix for PDF parser buffer over-read; possible crash. Affects 0.103.0 and > 0.103.1 only. > > CVE-2021-1405 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1405>: > Fix for mail parser NULL-dereference crash. Affects 0.103.1 and prior. > > Fix possible memory leak in PNG parser. > > Fix ClamOnAcc scan on file-creation race condition so files are scanned after > their contents are written. > > FreshClam: Deprecate the SafeBrowsing config option. The SafeBrowsing option > will no longer do anything. > > For more details, see our blog post from last year about the future of the > ClamAV Safe Browsing database > <https://blog.clamav.net/2020/06/the-future-of-clamav-safebrowsing.html>. > > Tip: If creating and hosting your own safebrowing.gdb database, you can use > the DatabaseCustomURL option in freshclam.conf to download it. > > FreshClam: Improved HTTP 304, 403, & 429 handling. > > FreshClam: Added back the mirrors.dat file to the database directory. > > This new mirrors.dat file will store: > A randomly generated UUID for the FreshClam User-Agent. > A retry-after timestamp that so FreshClam won't try to update after having > received an HTTP 429 response until the Retry-After timeout has expired. > > FreshClam will now exit with a failure in daemon mode if an HTTP 403 > (Forbidden) was received, because retrying later won't help any. The > FreshClam user will have to take actions to get unblocked. > > Fix the FreshClam mirror-sync issue where a downloaded database is "older > than the version advertised." > > If a new CVD download gets a version that is older than advertised, FreshClam > will keep the older version and retry the update so that the incremental > update process (CDIFF patch process) will update to the latest version. > Labels: 0.103.2 <https://blog.clamav.net/search/label/0.103.2>, clamav > <https://blog.clamav.net/search/label/clamav>, release > <https://blog.clamav.net/search/label/release>
signature.asc
Description: Message signed with OpenPGP
_______________________________________________
clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
