Control: unfixed 888484 0.99.3~beta2+dfsg-1 Control: fixed 888511 0.99.3~beta2+dfsg-1
Hi >> >> We've have started seeing unexpected clamd crashes on a high-traffic mail >> system today, though I've been unable to isolate a test case. It's seems like >> too much of a coincidence that these crashes start happening the day after a >> security release was announced. We've implemented mitigations but an updated >> package would be even better. > > I *think* the crashes you obsereved might be due to FD desc issue. This > was fixed in Stretch by chance but not in Jessie. However the remaining > CVEs were not addressed yet and I'm looking into it… > > [0] > http://blog.clamav.net/2018/01/update-on-recent-file-descriptors-issue.html Indeed. There is a separate Bug#888511 for that, I have migrated the fixed Version above to avoid confusion. Are you sure about the Stretch thing? Stretch contains 0.99.2 which should be affected by this bug. But I’m not 100% sure, as all my high traffic mail gateways are still running Jessie. According to reports 0.99.3~beta2 was indeed not affected by the signature bug, so Buster/Sid where fine. What makes things even more confusing is that 0.99.3 does not contain this fix, because 0.99.3 is 0.99.2+security fixes, while 0.99.3~beta was a development tree that is now called 0.100 :-( http://blog.clamav.net/2018/01/clamav-version-number-adjustment.html Upstream announcement suggests you cannot do a clean switch from 0.99.3~beta to 0.99.3 As previously mentioned, if you downloaded the beta version of ClamAV 0.99.3, you will need to completely uninstall it and do a fresh install with the production version of 0.99.3 as there are significant code differences Bernhard
