ClamAV 0.100.1 is a hotfix release to patch a set of vulnerabilities.
• Fixes for the following CVE's:
• Fixes for a few additional bugs:
• Buffer over-read in unRAR code due to missing max value checks in table initialization. Reported by Rui Reis.
• Libmspack heap buffer over-read in CHM parser. Reported by Hanno Böck.
• PDF parser bugs reported by Alex Gaynor.
• Buffer length checks when reading integers from non-NULL terminated strings.
• Buffer length tracking when reading strings from dictionary objects.
• HTTPS support for clamsubmit.
• Fix for DNS resolution for users on IPv4-only machines where IPv6 is not available or is link-local only. Patch provided by Guilherme Benkenstein.
Thank you to the following ClamAV community members for your code submissions and bug reports!
• Alex Gaynor
• Guilherme Benkenstein
• Hanno Böck
• Rui Reis
• Laurent Delosieres, Secunia Research at Flexera
Open Source, Design, Web, and Education