23 matches found
CLSA-2024-1725385588 clamav: Fix of 2 CVEs
Update to 0.103.11 - CVE-2023-20032: fix missing buffer size check that may result in a heap buffer overflow write - Don't apply clamav-check.patch and CVE-2022-20698.patch as they have already been applied in new 0.103.11 version - Don't apply clamav-clamonacc-service.patch since el6 doesn't...
clamav: Fix of 2 CVEs
Update to 0.103.11 - CVE-2023-20032: fix missing buffer size check that may result in a heap buffer overflow write - Don't apply clamav-check.patch and CVE-2022-20698.patch as they have already been applied in new 0.103.11 version - Don't apply clamav-clamonacc-service.patch since el6 doesn't...
QNAP QTS / QuTS hero Multiple Vulnerabilities in ClamAV (QSA-23-26)
The version of QNAP QTS / QuTS hero installed on the remote host is affected by multiple vulnerabilities as referenced in the QSA-23-26 advisory. - A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7and earlier could allow an...
Zimbra Collaboration Server 8.8.x < 8.8.15 Patch 38 / 9.0.0 < 9.0.0 Patch 31 Multiple Vulnerabilities in ClamAV
According to its self-reported version number, Zimbra Collaboration Server is affected by multiple vulnerabilities in the bundled ClamAV package, including: - A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could...
Security fix for the ALT Linux 8 package clamav version 0.103.8-alt1
0.103.8-alt1 built March 27, 2023 Sergey Y. Afonin in task 316773 March 9, 2023 Sergey Y. Afonin - 0.103.8 CVE-2023-20032, CVE-2023-20052...
CBL Mariner 2.0 Security Update: clamav (CVE-2023-20032)
The version of clamav installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-20032 advisory. - On February 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A...
Security fix for the ALT Linux 9 package clamav version 0.103.8-alt1
0.103.8-alt1 built March 17, 2023 Sergey Y. Afonin in task 316772 March 9, 2023 Sergey Y. Afonin - 0.103.8 CVE-2023-20032, CVE-2023-20052...
Security fix for the ALT Linux 10 package clamav version 0.103.8-alt1
0.103.8-alt1 built March 15, 2023 Sergey Y. Afonin in task 316417 March 9, 2023 Sergey Y. Afonin - 0.103.8 CVE-2023-20032, CVE-2023-20052...
ClamAV < 0.103.8 / 0.104.x < 0.105.2 / 1.0.0 Multiple Vulnerabilities
According to its version, the ClamAV clamd antivirus daemon running on the remote host is prior to 0.103.8, 0.104.x prior to 0.105.2, or 1.0.0. It is, therefore, affected by multiple vulnerabilities: - A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1...
Ubuntu: Security Advisory (USN-5887-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : ClamAV vulnerabilities (USN-5887-1)
The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5887-1 advisory. Simon Scannell discovered that ClamAV incorrectly handled parsing HFS+ files. A remote attacker could possibly use th...
Amazon Linux AMI : clamav (ALAS-2023-1694)
The version of clamav installed on the remote host is prior to 0.103.8-1.52. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1694 advisory. Possible remote code execution vulnerability in the ClamAV HFS+ file parser. The issue affects ClamAV versions 1.0.0 an...
Amazon Linux 2 : clamav (ALAS-2023-1964)
The version of clamav installed on the remote host is prior to 0.103.8-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-1964 advisory. Possible remote code execution vulnerability in the ClamAV HFS+ file parser. The issue affects ClamAV versions 1.0.0 and...
SUSE-SU-2023:0470-1 Security update for clamav
This update for clamav fixes the following issues: - CVE-2023-20032: Fixed a possible remote code execution vulnerability in the HFS+ file parser bsc1208363. - CVE-2023-20052: Fixed a possible remote information leak vulnerability in the DMG file parser bsc1208365...
Fedora 36 : clamav (2023-3ba365d538)
The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-3ba365d538 advisory. - Fix daily.cvd file - Split out documentation into separate -doc sub-package - 2128276 Please port your pcre dependency to pcre2 - Explicit...
SUSE SLES12 Security Update : clamav (SUSE-SU-2023:0453-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0453-1 advisory. - CVE-2023-20032: Fixed a possible remote code execution vulnerability in the HFS+ file parser bsc1208363. - CVE-2023-20052: Fixed ...
[SECURITY] [DLA 3328-1] clamav security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3328-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort February 20, 2023 https://wiki.debian.org/LTS -...
Critical RCE Vulnerability Discovered in ClamAV Open Source Antivirus Software
Cisco has rolled out security updates to address a critical flaw reported in the ClamAV open source antivirus engine that could lead to remote code execution on susceptible devices. Tracked as CVE-2023-20032 CVSS score: 9.8, the issue relates to a case of remote code execution residing in the HFS...
Critical RCE Vulnerability Discovered in ClamAV Open Source Antivirus Software
Cisco has rolled out security updates to address a critical flaw reported in the ClamAV open source antivirus engine that could lead to remote code execution on susceptible devices. Tracked as CVE-2023-20032 CVSS score: 9.8, the issue relates to a case of remote code execution residing in the HFS...
CVE-2023-20032
CVE-2023-20032 affects ClamAV HFS+ parser: vulnerable in versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier due to a missing buffer size check that can cause a heap buffer overflow. An unauthenticated, remote attacker could trigger arbitrary code execution with the ClamAV sc...