|
|
|
|
@ -7,6 +7,34 @@ differ slightly from third-party binary packages. |
|
|
|
|
|
|
|
|
|
ClamAV 1.3.2 is a patch release with the following fixes: |
|
|
|
|
|
|
|
|
|
- [CVE-2024-20506](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20506): |
|
|
|
|
Changed the logging module to disable following symlinks on Linux and Unix |
|
|
|
|
systems so as to prevent an attacker with existing access to the 'clamd' or |
|
|
|
|
'freshclam' services from using a symlink to corrupt system files. |
|
|
|
|
|
|
|
|
|
This issue affects all currently supported versions. It will be fixed in: |
|
|
|
|
- 1.4.1 |
|
|
|
|
- 1.3.2 |
|
|
|
|
- 1.0.7 |
|
|
|
|
- 0.103.12 |
|
|
|
|
|
|
|
|
|
Thank you to Detlef for identifying this issue. |
|
|
|
|
|
|
|
|
|
- [CVE-2024-20505](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20505): |
|
|
|
|
Fixed a possible out-of-bounds read bug in the PDF file parser that could |
|
|
|
|
cause a denial-of-service (DoS) condition. |
|
|
|
|
|
|
|
|
|
This issue affects all currently supported versions. It will be fixed in: |
|
|
|
|
- 1.4.1 |
|
|
|
|
- 1.3.2 |
|
|
|
|
- 1.0.7 |
|
|
|
|
- 0.103.12 |
|
|
|
|
|
|
|
|
|
Thank you to OSS-Fuzz for identifying this issue. |
|
|
|
|
|
|
|
|
|
- Removed unused Python modules from freshclam tests including deprecated |
|
|
|
|
'cgi' module that is expected to cause test failures in Python 3.13. |
|
|
|
|
|
|
|
|
|
- Fix unit test caused by expiring signing certificate. |
|
|
|
|
- Backport of [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1305) |
|
|
|
|
|
|
|
|
|
|
Micah Snyder
9 months ago