[Pkg-clamav-devel] [Clamav-binary] ClamAV® blog: ClamAV 0.103.2 security patch release
Joel Esler (jesler)
jesler at cisco.com
Wed Apr 7 19:06:13 BST 2021
>
> https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html <https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html>
>
> ClamAV 0.103.2 security patch release
>
> Wednesday, April 7, 2021
>
> <>ClamAV 0.103.2 is out now. Users can head over to clamav.net/downloads <https://www.clamav.net/downloads> to download the release materials.
>
> ClamAV 0.103.2 is a security patch release with the following fixes:
>
> CVE-2021-1386 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1386>: Fix for UnRAR DLL load privilege escalation. Affects 0.103.1 and prior on Windows only.
>
> CVE-2021-1252 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1252>: Fix for Excel XLM parser infinite loop. Affects 0.103.0 and 0.103.1 only.
>
> CVE-2021-1404 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1404>: Fix for PDF parser buffer over-read; possible crash. Affects 0.103.0 and 0.103.1 only.
>
> CVE-2021-1405 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1405>: Fix for mail parser NULL-dereference crash. Affects 0.103.1 and prior.
>
> Fix possible memory leak in PNG parser.
>
> Fix ClamOnAcc scan on file-creation race condition so files are scanned after their contents are written.
>
> FreshClam: Deprecate the SafeBrowsing config option. The SafeBrowsing option will no longer do anything.
>
> For more details, see our blog post from last year about the future of the ClamAV Safe Browsing database <https://blog.clamav.net/2020/06/the-future-of-clamav-safebrowsing.html>.
>
> Tip: If creating and hosting your own safebrowing.gdb database, you can use the DatabaseCustomURL option in freshclam.conf to download it.
>
> FreshClam: Improved HTTP 304, 403, & 429 handling.
>
> FreshClam: Added back the mirrors.dat file to the database directory.
>
> This new mirrors.dat file will store:
> A randomly generated UUID for the FreshClam User-Agent.
> A retry-after timestamp that so FreshClam won't try to update after having received an HTTP 429 response until the Retry-After timeout has expired.
>
> FreshClam will now exit with a failure in daemon mode if an HTTP 403 (Forbidden) was received, because retrying later won't help any. The FreshClam user will have to take actions to get unblocked.
>
> Fix the FreshClam mirror-sync issue where a downloaded database is "older than the version advertised."
>
> If a new CVD download gets a version that is older than advertised, FreshClam will keep the older version and retry the update so that the incremental update process (CDIFF patch process) will update to the latest version.
> Labels: 0.103.2 <https://blog.clamav.net/search/label/0.103.2>, clamav <https://blog.clamav.net/search/label/clamav>, release <https://blog.clamav.net/search/label/release>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-clamav-devel/attachments/20210407/a0c51010/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: Message signed with OpenPGP
URL: <http://alioth-lists.debian.net/pipermail/pkg-clamav-devel/attachments/20210407/a0c51010/attachment.sig>
-------------- next part --------------
_______________________________________________
clamav-binary mailing list
clamav-binary at lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-binary
http://www.clamav.net/contact.html#ml
More information about the Pkg-clamav-devel
mailing list