Advisory ROSA-SA-2024-2527

Software: clamav 0.103.11 OS: rosa-server79 packageevrstring: clamav-0.103.11-1.res7 CVE-ID: CVE-2023-20197 BDU-ID: 2023-04766 CVE-Crit: HIGH CVE-DESC.: A vulnerability in ClamAV's file system image parser for Hierarchical File System Plus HFS+ is related to incorrect resource scrubbing or freein...

Fedora: Security Advisory (FEDORA-2024-07342adb87)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-46989

In the Linux kernel, the following vulnerability has been resolved: hfsplus: prevent corruption in shrinking truncate I believe there are some issues introduced by commit 31651c607151 "hfsplus: avoid deadlock on file truncation" HFS+ has extent records which always contains 8 extents. In case the...

Updated clamav packages fix security vulnerability

A vulnerability in the filesystem image parser for Hierarchical File System Plus HFS+ of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an incorrect check for completion when a file is...

Amazon Linux AMI : clamav (ALAS-2023-1820)

The version of clamav installed on the remote host is prior to 0.103.9-1.55. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1820 advisory. A vulnerability in the filesystem image parser for Hierarchical File System Plus HFS+ of ClamAV could allow an unauthenticated,...

Mageia: Security Advisory (MGASA-2023-0257)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6342-2: Linux kernel (Azure)

Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information. CVE-2023-20593 Zheng Zhang discovered that the device-mapper implementation in the Linux kernel...

Amazon Linux 2 : clamav (ALAS-2023-2233)

The version of clamav installed on the remote host is prior to 0.103.9-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2233 advisory. A vulnerability in the filesystem image parser for Hierarchical File System Plus HFS+ of ClamAV could allow an unauthenticated,...

Amazon Linux 2023 : clamav, clamav-data, clamav-devel (ALAS2023-2023-331)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-331 advisory. A vulnerability in the filesystem image parser for Hierarchical File System Plus HFS+ of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected...

Important: clamav

Issue Overview: A vulnerability in the filesystem image parser for Hierarchical File System Plus HFS+ of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an incorrect check for completion when a...

Important: clamav

Issue Overview: A vulnerability in the filesystem image parser for Hierarchical File System Plus HFS+ of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an incorrect check for completion when a...

ClamAV < 0.103.9 / 1.0.x < 1.0.2 / 1.1.x < 1.1.1 DoS

A vulnerability in the filesystem image parser for Hierarchical File System Plus HFS+ of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an incorrect check for completion when a file is...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : clamav (SUSE-SU-2023:3456-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3456-1 advisory. - A vulnerability in the filesystem image parser for Hierarchical File System Plus HFS+ of ClamAV could...

SUSE SLES12 Security Update : clamav (SUSE-SU-2023:3435-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:3435-1 advisory. - A vulnerability in the filesystem image parser for Hierarchical File System Plus HFS+ of ClamAV could allow an unauthenticated, remote...

SUSE: Security Advisory (SUSE-SU-2023:3456-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 3544-1] clamav security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-3544-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta August 28, 2023 https://wiki.debian.org/LTS -...

Debian dla-3544 : clamav - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3544 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-3544-1 [email protected] https://www.debian.org/lts/security/...

Fedora 37 : clamav (2023-9f948bec13)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-9f948bec13 advisory. CVE-2023-20197 ClamAV File Scanning Infinite Loop Denial of Service Vulnerability Tenable has extracted the preceding description block directly fro...

Fedora 38 : clamav (2023-bf72d8833e)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-bf72d8833e advisory. CVE-2023-20197 ClamAV File Scanning Infinite Loop Denial of Service Vulnerability Tenable has extracted the preceding description block directly fro...

USN-6303-1: ClamAV vulnerability

It was discovered that ClamAV incorrectly handled parsing HFS+ files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service...