Re: [PATCH] clamav: Update to 0.102.3

Re: [PATCH] clamav: Update to 0.102.3

[Michael Tremer]

[-- Attachment #1: Type: text/plain, Size: 1989 bytes --]

Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>

> On 12 May 2020, at 20:29, Matthias Fischer <matthias.fischer(a)ipfire.org> wrote:
> 
> For details see:
> https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html
> 
> "ClamAV 0.102.3 is a bug patch release to address the following issues.
> 
> - CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing module
> in ClamAV 0.102.2 that could cause a Denial-of-Service (DoS) condition.
> Improper bounds checking of an unsigned variable results in an
> out-of-bounds read which causes a crash.
> 
> - CVE-2020-3341: Fix a vulnerability in the PDF parsing module in ClamAV
> 0.101 - 0.102.2 that could cause a Denial-of-Service (DoS) condition.
> Improper size checking of a buffer used to initialize AES decryption
> routines results in an out-of-bounds read which may cause a crash. Bug
> found by OSS-Fuzz.
> 
> - Fix "Attempt to allocate 0 bytes" error when parsing some PDF
> documents.
> 
> - Fix a couple of minor memory leaks.
> 
> - Updated libclamunrar to UnRAR 5.9.2."
> 
> Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
> ---
> lfs/clamav | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/lfs/clamav b/lfs/clamav
> index 4688f0fb8..d1dce39ab 100644
> --- a/lfs/clamav
> +++ b/lfs/clamav
> @@ -24,7 +24,7 @@
> 
> include Config
> 
> -VER        = 0.102.2
> +VER        = 0.102.3
> 
> THISAPP    = clamav-$(VER)
> DL_FILE    = $(THISAPP).tar.gz
> @@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE)
> DIR_APP    = $(DIR_SRC)/$(THISAPP)
> TARGET     = $(DIR_INFO)/$(THISAPP)
> PROG       = clamav
> -PAK_VER    = 50
> +PAK_VER    = 51
> 
> DEPS       =
> 
> @@ -50,7 +50,7 @@ objects = $(DL_FILE)
> 
> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
> 
> -$(DL_FILE)_MD5 = ecf5dd2c5c43aeed1c4b458b2e689847
> +$(DL_FILE)_MD5 = 1577144c66f558fbd8ece3075ea2ac79
> 
> install : $(TARGET)
> 
> -- 
> 2.17.1

Re: [PATCH] clamav: Update to 0.102.3

[Michael Tremer]

[-- Attachment #1: Type: text/plain, Size: 1989 bytes --]

Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>

> On 12 May 2020, at 20:29, Matthias Fischer <matthias.fischer(a)ipfire.org> wrote:
> 
> For details see:
> https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html
> 
> "ClamAV 0.102.3 is a bug patch release to address the following issues.
> 
> - CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing module
> in ClamAV 0.102.2 that could cause a Denial-of-Service (DoS) condition.
> Improper bounds checking of an unsigned variable results in an
> out-of-bounds read which causes a crash.
> 
> - CVE-2020-3341: Fix a vulnerability in the PDF parsing module in ClamAV
> 0.101 - 0.102.2 that could cause a Denial-of-Service (DoS) condition.
> Improper size checking of a buffer used to initialize AES decryption
> routines results in an out-of-bounds read which may cause a crash. Bug
> found by OSS-Fuzz.
> 
> - Fix "Attempt to allocate 0 bytes" error when parsing some PDF
> documents.
> 
> - Fix a couple of minor memory leaks.
> 
> - Updated libclamunrar to UnRAR 5.9.2."
> 
> Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
> ---
> lfs/clamav | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/lfs/clamav b/lfs/clamav
> index 4688f0fb8..d1dce39ab 100644
> --- a/lfs/clamav
> +++ b/lfs/clamav
> @@ -24,7 +24,7 @@
> 
> include Config
> 
> -VER        = 0.102.2
> +VER        = 0.102.3
> 
> THISAPP    = clamav-$(VER)
> DL_FILE    = $(THISAPP).tar.gz
> @@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE)
> DIR_APP    = $(DIR_SRC)/$(THISAPP)
> TARGET     = $(DIR_INFO)/$(THISAPP)
> PROG       = clamav
> -PAK_VER    = 50
> +PAK_VER    = 51
> 
> DEPS       =
> 
> @@ -50,7 +50,7 @@ objects = $(DL_FILE)
> 
> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
> 
> -$(DL_FILE)_MD5 = ecf5dd2c5c43aeed1c4b458b2e689847
> +$(DL_FILE)_MD5 = 1577144c66f558fbd8ece3075ea2ac79
> 
> install : $(TARGET)
> 
> -- 
> 2.17.1

[PATCH] clamav: Update to 0.102.3

[Matthias Fischer]

[-- Attachment #1: Type: text/plain, Size: 1671 bytes --]

For details see:
https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html

"ClamAV 0.102.3 is a bug patch release to address the following issues.

- CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing module
in ClamAV 0.102.2 that could cause a Denial-of-Service (DoS) condition.
Improper bounds checking of an unsigned variable results in an
out-of-bounds read which causes a crash.

- CVE-2020-3341: Fix a vulnerability in the PDF parsing module in ClamAV
0.101 - 0.102.2 that could cause a Denial-of-Service (DoS) condition.
Improper size checking of a buffer used to initialize AES decryption
routines results in an out-of-bounds read which may cause a crash. Bug
found by OSS-Fuzz.

- Fix "Attempt to allocate 0 bytes" error when parsing some PDF
documents.

- Fix a couple of minor memory leaks.

- Updated libclamunrar to UnRAR 5.9.2."

Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
---
 lfs/clamav | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lfs/clamav b/lfs/clamav
index 4688f0fb8..d1dce39ab 100644
--- a/lfs/clamav
+++ b/lfs/clamav
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 0.102.2
+VER        = 0.102.3
 
 THISAPP    = clamav-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = clamav
-PAK_VER    = 50
+PAK_VER    = 51
 
 DEPS       =
 
@@ -50,7 +50,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = ecf5dd2c5c43aeed1c4b458b2e689847
+$(DL_FILE)_MD5 = 1577144c66f558fbd8ece3075ea2ac79
 
 install : $(TARGET)
 
-- 
2.17.1