[SECURITY] [DLA 3544-1] clamav security update

2023-08-2801:27:54

lists.debian.org

filesystem

clamav

hfs+

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.0%

JSON

Debian LTS Advisory DLA-3544-1 [email protected]
https://www.debian.org/lts/security/ Utkarsh Gupta
August 28, 2023 https://wiki.debian.org/LTS

Package : clamav
Version : 0.103.9+dfsg-0+deb10u1
CVE ID : CVE-2023-20197
Debian Bug : 1050057

A vulnerability in the filesystem image parser for Hierarchical File
System Plus (HFS+) of ClamAV, an anti-virus utility for Unix, could
allow an unauthenticated, remote attacker to cause a denial of service
(DoS) condition on an affected device.

For Debian 10 buster, this problem has been fixed in new upstream
version 0.103.9+dfsg-0+deb10u1.

We recommend that you upgrade your clamav packages.

For the detailed security status of clamav please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/clamav

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian11armellibclamav9< 0.103.9+dfsg-0+deb11u1libclamav9_0.103.9+dfsg-0+deb11u1_armel.deb
Debian11armhfclamdscan< 0.103.9+dfsg-0+deb11u1clamdscan_0.103.9+dfsg-0+deb11u1_armhf.deb
Debian10arm64clamav-milter-dbgsym< 0.103.9+dfsg-0+deb10u1clamav-milter-dbgsym_0.103.9+dfsg-0+deb10u1_arm64.deb
Debian12mips64elclamav-dbgsym< 1.0.2+dfsg-1~deb12u1clamav-dbgsym_1.0.2+dfsg-1~deb12u1_mips64el.deb
Debian10arm64clamav-dbgsym< 0.103.9+dfsg-0+deb10u1clamav-dbgsym_0.103.9+dfsg-0+deb10u1_arm64.deb
Debian11s390xclamav-dbgsym< 0.103.9+dfsg-0+deb11u1clamav-dbgsym_0.103.9+dfsg-0+deb11u1_s390x.deb
Debian12i386clamav< 1.0.2+dfsg-1~deb12u1clamav_1.0.2+dfsg-1~deb12u1_i386.deb
Debian12arm64clamav-freshclam< 1.0.2+dfsg-1~deb12u1clamav-freshclam_1.0.2+dfsg-1~deb12u1_arm64.deb
Debian10armhfclamav-milter-dbgsym< 0.103.9+dfsg-0+deb10u1clamav-milter-dbgsym_0.103.9+dfsg-0+deb10u1_armhf.deb
Debian11arm64libclamav-dev< 0.103.9+dfsg-0+deb11u1libclamav-dev_0.103.9+dfsg-0+deb11u1_arm64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	11	armel	libclamav9	< 0.103.9+dfsg-0+deb11u1	libclamav9_0.103.9+dfsg-0+deb11u1_armel.deb
Debian	11	armhf	clamdscan	< 0.103.9+dfsg-0+deb11u1	clamdscan_0.103.9+dfsg-0+deb11u1_armhf.deb
Debian	10	arm64	clamav-milter-dbgsym	< 0.103.9+dfsg-0+deb10u1	clamav-milter-dbgsym_0.103.9+dfsg-0+deb10u1_arm64.deb
Debian	12	mips64el	clamav-dbgsym	< 1.0.2+dfsg-1~deb12u1	clamav-dbgsym_1.0.2+dfsg-1~deb12u1_mips64el.deb
Debian	10	arm64	clamav-dbgsym	< 0.103.9+dfsg-0+deb10u1	clamav-dbgsym_0.103.9+dfsg-0+deb10u1_arm64.deb
Debian	11	s390x	clamav-dbgsym	< 0.103.9+dfsg-0+deb11u1	clamav-dbgsym_0.103.9+dfsg-0+deb11u1_s390x.deb
Debian	12	i386	clamav	< 1.0.2+dfsg-1~deb12u1	clamav_1.0.2+dfsg-1~deb12u1_i386.deb
Debian	12	arm64	clamav-freshclam	< 1.0.2+dfsg-1~deb12u1	clamav-freshclam_1.0.2+dfsg-1~deb12u1_arm64.deb
Debian	10	armhf	clamav-milter-dbgsym	< 0.103.9+dfsg-0+deb10u1	clamav-milter-dbgsym_0.103.9+dfsg-0+deb10u1_armhf.deb
Debian	11	arm64	libclamav-dev	< 0.103.9+dfsg-0+deb11u1	libclamav-dev_0.103.9+dfsg-0+deb11u1_arm64.deb