- Update from version 1.3.1 to 1.3.2 - Update of rootfile - 2 CVE Fixes - Changelog 1.3.2 - [CVE-2024-20506](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20506): Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the 'clamd' or 'freshclam' services from using a symlink to corrupt system files. This issue affects all currently supported versions. It will be fixed in: - 1.4.1 - 1.3.2 - 1.0.7 - 0.103.12 Thank you to Detlef for identifying this issue. - [CVE-2024-20505](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20505): Fixed a possible out-of-bounds read bug in the PDF file parser that could cause a denial-of-service (DoS) condition. This issue affects all currently supported versions. It will be fixed in: - 1.4.1 - 1.3.2 - 1.0.7 - 0.103.12 Thank you to OSS-Fuzz for identifying this issue. - Removed unused Python modules from freshclam tests including deprecated 'cgi' module that is expected to cause test failures in Python 3.13. - Fix unit test caused by expiring signing certificate. - Backport of [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1305) - Fixed a build issue on Windows with newer versions of Rust. Also upgraded GitHub Actions imports to fix CI failures. Fixes courtesy of liushuyu. - Backport of [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1307) - Fixed an unaligned pointer dereference issue on select architectures. Fix courtesy of Sebastian Andrzej Siewior. - Backport of [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1293) - Fixes to Jenkins CI pipeline. For details, see [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1330)
Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- config/rootfiles/packages/clamav | 4 ++-- lfs/clamav | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/config/rootfiles/packages/clamav b/config/rootfiles/packages/clamav index 2c7242d7e..f8deb9479 100644 --- a/config/rootfiles/packages/clamav +++ b/config/rootfiles/packages/clamav @@ -105,14 +105,13 @@ usr/sbin/clamd #usr/share/doc/ClamAV/html/images #usr/share/doc/ClamAV/html/images/change-fork-name.png #usr/share/doc/ClamAV/html/images/cisco.png +#usr/share/doc/ClamAV/html/images/clamav-git-workflow.png #usr/share/doc/ClamAV/html/images/clone-your-fork.png #usr/share/doc/ClamAV/html/images/create-a-fork.png #usr/share/doc/ClamAV/html/images/demon.png #usr/share/doc/ClamAV/html/images/flamegraph.svg #usr/share/doc/ClamAV/html/images/fork-is-behind.png #usr/share/doc/ClamAV/html/images/logo.png -#usr/share/doc/ClamAV/html/images/new-git-workflow.png -#usr/share/doc/ClamAV/html/images/old-git-workflow.png #usr/share/doc/ClamAV/html/index.html #usr/share/doc/ClamAV/html/manual #usr/share/doc/ClamAV/html/manual/Development @@ -163,6 +162,7 @@ usr/sbin/clamd #usr/share/doc/ClamAV/html/manual/Usage/Scanning.html #usr/share/doc/ClamAV/html/manual/Usage/Services.html #usr/share/doc/ClamAV/html/manual/Usage/SignatureManagement.html +#usr/share/doc/ClamAV/html/manual/cisco-talos.gpg #usr/share/doc/ClamAV/html/mark.min.js #usr/share/doc/ClamAV/html/mode-rust.js #usr/share/doc/ClamAV/html/print.html diff --git a/lfs/clamav b/lfs/clamav index 32b4aa4f9..f98d52532 100644 --- a/lfs/clamav +++ b/lfs/clamav @@ -26,7 +26,7 @@ include Config
SUMMARY = Antivirus Toolkit
-VER = 1.3.1 +VER = 1.3.2
THISAPP = clamav-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = clamav -PAK_VER = 72 +PAK_VER = 73
DEPS =
@@ -50,7 +50,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 49fc5f2f9b4497c095c4d19f86ebcdbcd49cac0e1355c0dbaba8bd56cbbc5af94404b6e6b04fbfb5e3d4364b7ff110b8461f93ba485ddc3f6b56cd86dbe4b362 +$(DL_FILE)_BLAKE2 = 65f5e951a0c8b506e4975a7f5ffcf2c0402907ac528075362efd39fece1325ca05127b89a8ae7dcb638577b441af20aed7ab233e5b73d33f5daa0f793e6416e8
install : $(TARGET)