[Pkg-clamav-devel] Bug#986622: ClamAV 0.103.2 security patch release
Ralf Hildebrandt
Ralf.Hildebrandt at charite.de
Thu Apr 8 09:11:51 BST 2021
Package: clamav
Version: 0.103.0+dfsg-3.1
ClamAV 0.103.2 is a security patch release with the following fixes:
CVE-2021-1252 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1252>:
Fix for Excel XLM parser infinite loop. Affects 0.103.0 and 0.103.1 only.
CVE-2021-1404 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1404>:
Fix for PDF parser buffer over-read; possible crash. Affects 0.103.0 and 0.103.1 only.
CVE-2021-1405 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1405>:
Fix for mail parser NULL-dereference crash. Affects 0.103.1 and prior.
CVE-2021-1386 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1386>:
Fix for UnRAR DLL load privilege escalation. Affects 0.103.1 and prior on Windows only.
More information about the Pkg-clamav-devel
mailing list