Awesome On Thu, Jan 13, 2022 at 10:31 AM Micah Snyder (micasnyd) <micas...@cisco.com> wrote:
> Hi Jaspal, > > There was an issue with the release steps and the Docker image was missed > yesterday. > It has been fixed and the 0.104.2 image is now up on Docker Hub. > > 0.104.2: > https://registry.hub.docker.com/layers/clamav/clamav/0.104.2/images/sha256-7177e1771bd696f9ff5acb97221107ab7d8961b1ab3b370cd1e24bf66cf02fe1?context=explore > > 0.104.2_base: > https://registry.hub.docker.com/layers/clamav/clamav/0.104.2_base/images/sha256-8aea3e0f684f50402bd10456045eb3a3ad2772ecda99739100da9345b068e25c?context=explore > > The 0.104 / 0.104_base and latest / latest_base tags also point to the > same 0.104.2 and 0.104.2_base images. > > Thanks for pointing out the issue! Please reach out again if there is > anything else. > > Regards, > Micah > > Micah Snyder > ClamAV Development > Talos > Cisco Systems, Inc. > ------------------------------ > *From:* Jaspal Singh Sandhu <jsandhu2...@gmail.com> > *Sent:* Thursday, January 13, 2022 9:13 AM > *To:* ClamAV users ML <clamav-users@lists.clamav.net> > *Cc:* ClamAV Announcements ML <clamav-annou...@lists.clamav.net>; ClamAV > Development <clamav-de...@lists.clamav.net>; Micah Snyder (micasnyd) < > micas...@cisco.com> > *Subject:* Re: [clamav-users] ClamAV 0.103.5 and 0.104.2 security patch > release; 0.102 past EOL > > Hi, > > We are using Docker Image for 1.104 version at Roberthalf Is that image > updated too with this patch? > Thanks, > > Jaspal Sandhu > > > On Wed, Jan 12, 2022 at 12:13 PM Micah Snyder (micasnyd) via clamav-users < > clamav-users@lists.clamav.net> wrote: > > Find this announcement online at: > https://blog.clamav.net/2022/01/clamav-01035-and-01042-security-patch.html > > > ClamAV versions 0.103.5 and 0.104.2 are now available for download on the > clamav.net > Downloads page <https://www.clamav.net/downloads>. > > > We would also like to take this opportunity to remind users that versions > 0.102 and 0.101 have reached their end-of-life period. *These versions > exceeded our EOL dates on Jan. 3, 2022 and will soon be actively blocked > from downloading signature database updates.* > > > For additional details about ClamAV's end-of-life policy, please see our > online documentation <https://docs.clamav.net/faq/faq-eol.html>. > > > 0.103.5 > > ClamAV 0.103.5 is a critical patch release with the following fixes: > > - > > CVE-2022-20698 > <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20698>: Fix > for invalid pointer read that may cause a crash. This issue affects > 0.104.1, 0.103.4 and prior when ClamAV is compiled with libjson-c and the > CL_SCAN_GENERAL_COLLECT_METADATA scan option (the clamscan --gen-json > option) is enabled. > > Cisco would like to thank Laurent Delosieres of ManoMano for reporting > this vulnerability. > - > > Fixed ability to disable the file size limit with libclamav C API, > like this: > > cl_engine_set_num(engine, CL_ENGINE_MAX_FILESIZE, 0); > > This issue didn't affect ClamD or ClamScan which also can disable the > limit by setting it to zero using MaxFileSize 0 in clamd.conf for > ClamD, or clamscan --max-filesize=0 for ClamScan. > > Note: Internally, the max file size is still set to 2 GiB. Disabling > the limit for a scan will fall back on the internal 2 GiB limitation. > - > > Increased the maximum line length for ClamAV config files from 512 > bytes to 1,024 bytes to allow for longer config option strings. > - > > SigTool: Fix insufficient buffer size for --list-sigs that caused a > failure when listing a database containing one or more very long > signatures. This fix was backported from 0.104. > > Special thanks to the following for code contributions and bug reports: > > - Laurent Delosieres > > 0.104.2 > > ClamAV 0.104.2 is a critical patch release with the following fixes: > > - > > CVE-2022-20698 > <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20698>: Fix > for invalid pointer read that may cause a crash. Affects 0.104.1, 0.103.4 > and prior when ClamAV is compiled with libjson-c and the > CL_SCAN_GENERAL_COLLECT_METADATA scan option (the clamscan --gen-json > option) is enabled. > > Cisco would like to thank Laurent Delosieres of ManoMano for reporting > this vulnerability. > - > > Fixed ability to disable the file size limit with libclamav C API, > like this: > > cl_engine_set_num(engine, CL_ENGINE_MAX_FILESIZE, 0); > > This issue didn't impact ClamD or ClamScan which also can disable the > limit by setting it to zero using MaxFileSize 0 in clamd.conf for > ClamD, or clamscan --max-filesize=0 for ClamScan. > > Note: Internally, the max file size is still set to 2 GiB. Disabling > the limit for a scan will fall back on the internal 2 GiB limitation. > - > > Increased the maximum line length for ClamAV config files from 512 > bytes to 1,024 bytes to allow for longer config option strings. > > Special thanks to the following for code contributions and bug reports: > > - Laurent Delosieres > > > > Micah Snyder > ClamAV Development > Talos > Cisco Systems, Inc. > > _______________________________________________ > > clamav-users mailing list > clamav-users@lists.clamav.net > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > > -- Thanks, Jaspal Sandhu
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
