[clamav-users] ClamAV 0.103.5 and 0.104.2 security patch release; 0.102 past EOL

Jaspal Singh Sandhu jsandhu2204 at gmail.com
Thu Jan 13 17:13:49 UTC 2022 

Hi,

We are using Docker Image for 1.104 version at Roberthalf  Is that image
updated too with this patch?
Thanks,

Jaspal  Sandhu


On Wed, Jan 12, 2022 at 12:13 PM Micah Snyder (micasnyd) via clamav-users <
clamav-users at lists.clamav.net> wrote:

> Find this announcement online at:
> https://blog.clamav.net/2022/01/clamav-01035-and-01042-security-patch.html
>
>
> ClamAV versions 0.103.5 and 0.104.2 are now available for download on the clamav.net
> Downloads page <https://www.clamav.net/downloads>.
>
>
> We would also like to take this opportunity to remind users that versions
> 0.102 and 0.101 have reached their end-of-life period. *These versions
> exceeded our EOL dates on Jan. 3, 2022 and will soon be actively blocked
> from downloading signature database updates.*
>
>
> For additional details about ClamAV's end-of-life policy, please see our
> online documentation <https://docs.clamav.net/faq/faq-eol.html>.
>
>
> 0.103.5
>
> ClamAV 0.103.5 is a critical patch release with the following fixes:
>
>    -
>
>    CVE-2022-20698
>    <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20698>: Fix
>    for invalid pointer read that may cause a crash. This issue affects
>    0.104.1, 0.103.4 and prior when ClamAV is compiled with libjson-c and the
>    CL_SCAN_GENERAL_COLLECT_METADATA scan option (the clamscan --gen-json
>    option) is enabled.
>
>    Cisco would like to thank Laurent Delosieres of ManoMano for reporting
>    this vulnerability.
>    -
>
>    Fixed ability to disable the file size limit with libclamav C API,
>    like this:
>
>      cl_engine_set_num(engine, CL_ENGINE_MAX_FILESIZE, 0);
>
>    This issue didn't affect ClamD or ClamScan which also can disable the
>    limit by setting it to zero using MaxFileSize 0 in clamd.conf for
>    ClamD, or clamscan --max-filesize=0 for ClamScan.
>
>    Note: Internally, the max file size is still set to 2 GiB. Disabling
>    the limit for a scan will fall back on the internal 2 GiB limitation.
>    -
>
>    Increased the maximum line length for ClamAV config files from 512
>    bytes to 1,024 bytes to allow for longer config option strings.
>    -
>
>    SigTool: Fix insufficient buffer size for --list-sigs that caused a
>    failure when listing a database containing one or more very long
>    signatures. This fix was backported from 0.104.
>
> Special thanks to the following for code contributions and bug reports:
>
>    - Laurent Delosieres
>
> 0.104.2
>
> ClamAV 0.104.2 is a critical patch release with the following fixes:
>
>    -
>
>    CVE-2022-20698
>    <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20698>: Fix
>    for invalid pointer read that may cause a crash. Affects 0.104.1, 0.103.4
>    and prior when ClamAV is compiled with libjson-c and the
>    CL_SCAN_GENERAL_COLLECT_METADATA scan option (the clamscan --gen-json
>    option) is enabled.
>
>    Cisco would like to thank Laurent Delosieres of ManoMano for reporting
>    this vulnerability.
>    -
>
>    Fixed ability to disable the file size limit with libclamav C API,
>    like this:
>
>      cl_engine_set_num(engine, CL_ENGINE_MAX_FILESIZE, 0);
>
>    This issue didn't impact ClamD or ClamScan which also can disable the
>    limit by setting it to zero using MaxFileSize 0 in clamd.conf for
>    ClamD, or clamscan --max-filesize=0 for ClamScan.
>
>    Note: Internally, the max file size is still set to 2 GiB. Disabling
>    the limit for a scan will fall back on the internal 2 GiB limitation.
>    -
>
>    Increased the maximum line length for ClamAV config files from 512
>    bytes to 1,024 bytes to allow for longer config option strings.
>
> Special thanks to the following for code contributions and bug reports:
>
>    - Laurent Delosieres
>
>
>
> Micah Snyder
> ClamAV Development
> Talos
> Cisco Systems, Inc.
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users at lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20220113/55772bcf/attachment.htm>

More information about the clamav-users mailing list