Unfortunately Ubuntu (22.04.1) has not released 0.103.7 since today... We
are on 0.103.6 and get always warnings from feshclam that we use an
outdated version 😔.... Don't know, when Ubuntu will push this fixed
version. I will really update, but when we don't get the new packages...
Am 15. Februar 2023 20:58:18 schrieb "Micah Snyder \(micasnyd\) via
clamav-users" <clamav-users@lists.clamav.net>:
Read this online at
https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html
-----------------
Today, we are releasing the following critical patch versions for ClamAV:
0.103.8
0.105.2
1.0.1
ClamAV 0.104 has reached end-of-life according to the
ClamAV End of Life (EOL) policy and will not be patched. Anyone using
ClamAV 0.104 must switch to a supported version. All users should update as
soon as possible to patch for two remote code execution vulnerabilities
that we recently discovered and patched.
The release files are available for download on
ClamAV.net, on the
Github Release page, and through Docker Hub.
1.0.1
ClamAV 1.0.1 is a critical patch release with the following fixes:
CVE-2023-20032: Fixed a possible remote code execution vulnerability in the
HFS+ file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and
earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting
this issue.
CVE-2023-20052: Fixed a possible remote information leak vulnerability in
the DMG file parser. The issue affects versions 1.0.0 and earlier, 0.105.1
and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for
reporting this issue.
Fix an allmatch detection issue with the preclass bytecode hook.
GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/825
Update the vendored libmspack library to version 0.11alpha.
GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/828
0.105.2
ClamAV 0.105.2 is a critical patch release with the following fixes:
CVE-2023-20032: Fixed a possible remote code execution vulnerability in the
HFS+ file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and
earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting
this issue.
CVE-2023-20052: Fixed a possible remote information leak vulnerability in
the DMG file parser. The issue affects versions 1.0.0 and earlier, 0.105.1
and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for
reporting this issue.
Fixed an issue loading Yara rules containing regex strings with an escaped
forward-slash (\/) followed by a colon (:).
GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/695
Moved the ClamAV Docker files for building containers to a new Git
repository. The Docker files are now in
https://github.com/Cisco-Talos/clamav-docker. This change enables us to fix
issues with the images and with the supporting scripts used to publish and
update the images without committing changes directly to files in the
ClamAV release branches.
GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/765
Update the vendored libmspack library to version 0.11alpha.
GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/829
0.103.8
ClamAV 0.103.8 is a critical patch release with the following fixes:
CVE-2023-20032: Fixed a possible remote code execution vulnerability in the
HFS+ file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and
earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting
this issue.
CVE-2023-20052: Fixed a possible remote information leak vulnerability in
the DMG file parser. The issue affects versions 1.0.0 and earlier, 0.105.1
and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for
reporting this issue.
Update the vendored libmspack library to version 0.11alpha.
GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/830
Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
