ClamAV 0.101.5 security patch addressing DoS, zip scanning improvements, signature load time optimization, and static linking with libjson-c
Reporter | Title | Published | Views | Family All 58 |
---|---|---|---|---|
Ubuntu | ClamAV vulnerability | 23 Jan 202000:00 | – | ubuntu |
Ubuntu | ClamAV vulnerability | 8 Jan 202000:00 | – | ubuntu |
SUSE Linux | Security update for clamav (important) | 11 Dec 201900:00 | – | suse |
SUSE Linux | Security update for clamav (moderate) | 17 Dec 202000:00 | – | suse |
SUSE Linux | Security update for clamav (moderate) | 18 Dec 202000:00 | – | suse |
Fedora | [SECURITY] Fedora 31 Update: clamav-0.101.5-1.fc31 | 4 Dec 201901:15 | – | fedora |
Fedora | [SECURITY] Fedora 30 Update: clamav-0.101.5-1.fc30 | 1 Dec 201901:04 | – | fedora |
Amazon | Medium: clamav | 14 Jan 202018:11 | – | amazon |
OpenVAS | Fedora Update for clamav FEDORA-2019-dcbfe89e39 | 4 Dec 201900:00 | – | openvas |
OpenVAS | SUSE: Security Advisory (SUSE-SU-2019:14236-1) | 9 Jun 202100:00 | – | openvas |
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2019-dcbfe89e39.
#
include('compat.inc');
if (description)
{
script_id(131462);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/09");
script_cve_id("CVE-2019-15961");
script_xref(name:"FEDORA", value:"2019-dcbfe89e39");
script_name(english:"Fedora 30 : clamav (2019-dcbfe89e39)");
script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing a security update.");
script_set_attribute(attribute:"description", value:
"- Drop [email protected] file (bz#1725810)
ClamAV 0.101.5 is a security patch release that addresses the
following issues.
- CVE-2019-15961: A Denial-of-Service (DoS) vulnerability
may occur when scanning a specially crafted email file
as a result of excessively long scan times. The issue is
resolved by implementing several maximums in parsing
MIME messages and by optimizing use of memory
allocation.
- Added the zip scanning improvements found in v0.102.0
where it scans files using zip records from a sorted
catalogue which provides deduplication of file records
resulting in faster extraction and scan time and
reducing the likelihood of alerting on non-malicious
duplicate file entries as overlapping files.
- Signature load time is significantly reduced by changing
to a more efficient algorithm for loading signature
patterns and allocating the AC trie. Patch courtesy of
Alberto Wu.
- Introduced a new configure option to statically link
libjson-c with libclamav. Static linking with libjson is
highly recommended to prevent crashes in applications
that use libclamav alongside another JSON parsing
library.
- Null-dereference fix in email parser when using the
--gen-json metadata option.
----
Add TimeoutStartSec=420 to [email protected] to match upstream
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-dcbfe89e39");
script_set_attribute(attribute:"solution", value:
"Update the affected clamav package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-15961");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/15");
script_set_attribute(attribute:"patch_publication_date", value:"2019/12/01");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/03");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:clamav");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:30");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Fedora Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^30([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 30", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC30", reference:"clamav-0.101.5-1.fc30")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "clamav");
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo