Hi, We are using Docker Image for 1.104 version at Roberthalf Is that image updated too with this patch? Thanks,
Jaspal Sandhu On Wed, Jan 12, 2022 at 12:13 PM Micah Snyder (micasnyd) via clamav-users < clamav-users@lists.clamav.net> wrote: > Find this announcement online at: > https://blog.clamav.net/2022/01/clamav-01035-and-01042-security-patch.html > > > ClamAV versions 0.103.5 and 0.104.2 are now available for download on the > clamav.net > Downloads page <https://www.clamav.net/downloads>. > > > We would also like to take this opportunity to remind users that versions > 0.102 and 0.101 have reached their end-of-life period. *These versions > exceeded our EOL dates on Jan. 3, 2022 and will soon be actively blocked > from downloading signature database updates.* > > > For additional details about ClamAV's end-of-life policy, please see our > online documentation <https://docs.clamav.net/faq/faq-eol.html>. > > > 0.103.5 > > ClamAV 0.103.5 is a critical patch release with the following fixes: > > - > > CVE-2022-20698 > <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20698>: Fix > for invalid pointer read that may cause a crash. This issue affects > 0.104.1, 0.103.4 and prior when ClamAV is compiled with libjson-c and the > CL_SCAN_GENERAL_COLLECT_METADATA scan option (the clamscan --gen-json > option) is enabled. > > Cisco would like to thank Laurent Delosieres of ManoMano for reporting > this vulnerability. > - > > Fixed ability to disable the file size limit with libclamav C API, > like this: > > cl_engine_set_num(engine, CL_ENGINE_MAX_FILESIZE, 0); > > This issue didn't affect ClamD or ClamScan which also can disable the > limit by setting it to zero using MaxFileSize 0 in clamd.conf for > ClamD, or clamscan --max-filesize=0 for ClamScan. > > Note: Internally, the max file size is still set to 2 GiB. Disabling > the limit for a scan will fall back on the internal 2 GiB limitation. > - > > Increased the maximum line length for ClamAV config files from 512 > bytes to 1,024 bytes to allow for longer config option strings. > - > > SigTool: Fix insufficient buffer size for --list-sigs that caused a > failure when listing a database containing one or more very long > signatures. This fix was backported from 0.104. > > Special thanks to the following for code contributions and bug reports: > > - Laurent Delosieres > > 0.104.2 > > ClamAV 0.104.2 is a critical patch release with the following fixes: > > - > > CVE-2022-20698 > <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20698>: Fix > for invalid pointer read that may cause a crash. Affects 0.104.1, 0.103.4 > and prior when ClamAV is compiled with libjson-c and the > CL_SCAN_GENERAL_COLLECT_METADATA scan option (the clamscan --gen-json > option) is enabled. > > Cisco would like to thank Laurent Delosieres of ManoMano for reporting > this vulnerability. > - > > Fixed ability to disable the file size limit with libclamav C API, > like this: > > cl_engine_set_num(engine, CL_ENGINE_MAX_FILESIZE, 0); > > This issue didn't impact ClamD or ClamScan which also can disable the > limit by setting it to zero using MaxFileSize 0 in clamd.conf for > ClamD, or clamscan --max-filesize=0 for ClamScan. > > Note: Internally, the max file size is still set to 2 GiB. Disabling > the limit for a scan will fall back on the internal 2 GiB limitation. > - > > Increased the maximum line length for ClamAV config files from 512 > bytes to 1,024 bytes to allow for longer config option strings. > > Special thanks to the following for code contributions and bug reports: > > - Laurent Delosieres > > > > Micah Snyder > ClamAV Development > Talos > Cisco Systems, Inc. > > _______________________________________________ > > clamav-users mailing list > clamav-users@lists.clamav.net > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml >
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
