[clamav-users] ClamAV 0.103.8, 0.105.2 and 1.0.1 patch versions published

Newcomer01 newcomer01 at posteo.de
Wed Feb 15 20:11:07 UTC 2023 

Unfortunately Ubuntu (22.04.1) has not released 0.103.7 since today... We 
are on 0.103.6 and get always warnings from feshclam that we use an 
outdated version 😔.... Don't know, when Ubuntu will push this fixed 
version. I will really update, but when we don't get the new packages...

Am 15. Februar 2023 20:58:18 schrieb "Micah Snyder \(micasnyd\) via 
clamav-users" <clamav-users at lists.clamav.net>:
> Read this online at
> https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html
>
>
> -----------------
>
>
>
> Today, we are releasing the following critical patch versions for ClamAV:
> 0.103.8
> 0.105.2
> 1.0.1
> ClamAV 0.104 has reached end-of-life according to the
>
> ClamAV End of Life (EOL) policy and will not be patched. Anyone using 
> ClamAV 0.104 must switch to a supported version. All users should update as 
> soon as possible to patch for two remote code execution vulnerabilities 
> that we recently discovered and patched.
> The release files are available for download on
> ClamAV.net, on the
>
> Github Release page, and through Docker Hub.
> 1.0.1
> ClamAV 1.0.1 is a critical patch release with the following fixes:
> CVE-2023-20032: Fixed a possible remote code execution vulnerability in the 
> HFS+ file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and 
> earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting 
> this issue.
> CVE-2023-20052: Fixed a possible remote information leak vulnerability in 
> the DMG file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 
> and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for 
> reporting this issue.
> Fix an allmatch detection issue with the preclass bytecode hook.
> GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/825
> Update the vendored libmspack library to version 0.11alpha.
> GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/828
> 0.105.2
> ClamAV 0.105.2 is a critical patch release with the following fixes:
> CVE-2023-20032: Fixed a possible remote code execution vulnerability in the 
> HFS+ file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and 
> earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting 
> this issue.
> CVE-2023-20052: Fixed a possible remote information leak vulnerability in 
> the DMG file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 
> and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for 
> reporting this issue.
> Fixed an issue loading Yara rules containing regex strings with an escaped 
> forward-slash (\/) followed by a colon (:).
> GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/695
> Moved the ClamAV Docker files for building containers to a new Git 
> repository. The Docker files are now in 
> https://github.com/Cisco-Talos/clamav-docker. This change enables us to fix 
> issues with the images and with the supporting scripts used to publish and 
> update the images without committing changes directly to files in the 
> ClamAV release branches.
> GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/765
> Update the vendored libmspack library to version 0.11alpha.
> GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/829
> 0.103.8
> ClamAV 0.103.8 is a critical patch release with the following fixes:
> CVE-2023-20032: Fixed a possible remote code execution vulnerability in the 
> HFS+ file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and 
> earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting 
> this issue.
> CVE-2023-20052: Fixed a possible remote information leak vulnerability in 
> the DMG file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 
> and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for 
> reporting this issue.
> Update the vendored libmspack library to version 0.11alpha.
> GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/830
>
>
>
>
> Micah Snyder
> ClamAV Development
> Talos
> Cisco Systems, Inc.
> _______________________________________________
>
> Manage your clamav-users mailing list subscription / unsubscribe:
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/Cisco-Talos/clamav-documentation
>
> https://docs.clamav.net/#mailing-lists-and-chat

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20230215/4350a2ec/attachment.htm>

More information about the clamav-users mailing list