Hi Jaspal,

There was an issue with the release steps and the Docker image was missed 
yesterday.
It has been fixed and the 0.104.2 image is now up on Docker Hub.

0.104.2: 
https://registry.hub.docker.com/layers/clamav/clamav/0.104.2/images/sha256-7177e1771bd696f9ff5acb97221107ab7d8961b1ab3b370cd1e24bf66cf02fe1?context=explore

0.104.2_base: 
https://registry.hub.docker.com/layers/clamav/clamav/0.104.2_base/images/sha256-8aea3e0f684f50402bd10456045eb3a3ad2772ecda99739100da9345b068e25c?context=explore

The 0.104 / 0.104_base and latest / latest_base tags also point to the same 
0.104.2 and 0.104.2_base images.

Thanks for pointing out the issue!  Please reach out again if there is anything 
else.

Regards,
Micah

Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.
________________________________
From: Jaspal Singh Sandhu <jsandhu2...@gmail.com>
Sent: Thursday, January 13, 2022 9:13 AM
To: ClamAV users ML <clamav-users@lists.clamav.net>
Cc: ClamAV Announcements ML <clamav-annou...@lists.clamav.net>; ClamAV 
Development <clamav-de...@lists.clamav.net>; Micah Snyder (micasnyd) 
<micas...@cisco.com>
Subject: Re: [clamav-users] ClamAV 0.103.5 and 0.104.2 security patch release; 
0.102 past EOL

Hi,

We are using Docker Image for 1.104 version at Roberthalf  Is that image 
updated too with this patch?
Thanks,

Jaspal  Sandhu


On Wed, Jan 12, 2022 at 12:13 PM Micah Snyder (micasnyd) via clamav-users 
<clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>> wrote:
Find this announcement online at: 
https://blog.clamav.net/2022/01/clamav-01035-and-01042-security-patch.html


ClamAV versions 0.103.5 and 0.104.2 are now available for download on the 
clamav.net Downloads page<https://www.clamav.net/downloads>.


We would also like to take this opportunity to remind users that versions 0.102 
and 0.101 have reached their end-of-life period. These versions exceeded our 
EOL dates on Jan. 3, 2022 and will soon be actively blocked from downloading 
signature database updates.


For additional details about ClamAV's end-of-life policy, please see our online 
documentation<https://docs.clamav.net/faq/faq-eol.html>.


0.103.5

ClamAV 0.103.5 is a critical patch release with the following fixes:

  *   
CVE-2022-20698<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20698>: 
Fix for invalid pointer read that may cause a crash. This issue affects 
0.104.1, 0.103.4 and prior when ClamAV is compiled with libjson-c and the 
CL_SCAN_GENERAL_COLLECT_METADATA scan option (the clamscan --gen-json option) 
is enabled.

Cisco would like to thank Laurent Delosieres of ManoMano for reporting this 
vulnerability.

  *   Fixed ability to disable the file size limit with libclamav C API, like 
this:

  cl_engine_set_num(engine, CL_ENGINE_MAX_FILESIZE, 0);

This issue didn't affect ClamD or ClamScan which also can disable the limit by 
setting it to zero using MaxFileSize 0 in clamd.conf for ClamD, or clamscan 
--max-filesize=0 for ClamScan.

Note: Internally, the max file size is still set to 2 GiB. Disabling the limit 
for a scan will fall back on the internal 2 GiB limitation.

  *   Increased the maximum line length for ClamAV config files from 512 bytes 
to 1,024 bytes to allow for longer config option strings.

  *   SigTool: Fix insufficient buffer size for --list-sigs that caused a 
failure when listing a database containing one or more very long signatures. 
This fix was backported from 0.104.

Special thanks to the following for code contributions and bug reports:

  *   Laurent Delosieres

0.104.2

ClamAV 0.104.2 is a critical patch release with the following fixes:

  *   
CVE-2022-20698<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20698>: 
Fix for invalid pointer read that may cause a crash. Affects 0.104.1, 0.103.4 
and prior when ClamAV is compiled with libjson-c and the 
CL_SCAN_GENERAL_COLLECT_METADATA scan option (the clamscan --gen-json option) 
is enabled.

Cisco would like to thank Laurent Delosieres of ManoMano for reporting this 
vulnerability.

  *   Fixed ability to disable the file size limit with libclamav C API, like 
this:

  cl_engine_set_num(engine, CL_ENGINE_MAX_FILESIZE, 0);

This issue didn't impact ClamD or ClamScan which also can disable the limit by 
setting it to zero using MaxFileSize 0 in clamd.conf for ClamD, or clamscan 
--max-filesize=0 for ClamScan.

Note: Internally, the max file size is still set to 2 GiB. Disabling the limit 
for a scan will fall back on the internal 2 GiB limitation.

  *   Increased the maximum line length for ClamAV config files from 512 bytes 
to 1,024 bytes to allow for longer config option strings.

Special thanks to the following for code contributions and bug reports:

  *   Laurent Delosieres


Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Reply via email to