--------------------------------------------------------------------------------Fedora Update Notification
FEDORA-2019-1543eae191
2019-12-04 01:14:42.699071
--------------------------------------------------------------------------------Name        : clamav
Product     : Fedora 31
Version     : 0.101.5
Release     : 1.fc31
URL         : https://www.clamav.net/
Summary     : End-user tools for the Clam Antivirus scanner
Description :
Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this
software is the integration with mail servers (attachment scanning). The
package provides a flexible and scalable multi-threaded daemon, a command
line scanner, and a tool for automatic updating via Internet. The programs
are based on a shared library distributed with the Clam AntiVirus package,
which you can use with your own software. The virus database is based on
the virus database from OpenAntiVirus, but contains additional signatures
(including signatures for popular polymorphic viruses, too) and is KEPT UP
TO DATE.

--------------------------------------------------------------------------------Update Information:

- Drop clamd@scan.service file (bz#1725810)  ClamAV 0.101.5 is a security patch
release that addresses the following issues.  -       CVE-2019-15961:
A Denial-of-Service (DoS) vulnerability may occur when scanning a specially
crafted email file as a result of excessively long scan times. The issue is
resolved by implementing several maximums in parsing MIME messages and by
optimizing use of memory allocation. -   Added the zip scanning improvements
found in v0.102.0 where it scans files using zip records from a sorted catalogue
which provides deduplication of file records resulting in faster extraction and
scan time and reducing the likelihood of alerting on non-malicious duplicate
file entries as overlapping files. -   Signature load time is significantly
reduced by changing to a more efficient algorithm for loading signature patterns
and allocating the AC trie. Patch courtesy of Alberto Wu. -   Introduced a new
configure option to statically link libjson-c with libclamav. Static linking
with libjson is highly recommended to prevent crashes in applications that use
libclamav alongside another JSON parsing library. -    Null-dereference fix in
email parser when using the --gen-json metadata option.    ----  Add
TimeoutStartSec=420 to clamd@.service to match upstream
--------------------------------------------------------------------------------ChangeLog:

* Sat Nov 23 2019 Orion Poplawski  - 0.101.5-1
- Update to 0.101.5 (CVE-2019-15961) (bz#1775550)
* Mon Nov 18 2019 Orion Poplawski  - 0.101.4-3
- Drop clamd@scan.service file (bz#1725810)
- Change /var/run to /run
* Mon Nov 18 2019 Orion Poplawski  - 0.101.4-2
- Add TimeoutStartSec=420 to clamd@.service to match upstream (bz#1764835)
--------------------------------------------------------------------------------References:

  [ 1 ] Bug #1631525 - clamav: clamscan --gen-json does not output JSON
        https://bugzilla.redhat.com/show_bug.cgi?id=1631525
  [ 2 ] Bug #1775550 - Request to build clamav 0.101.5 for EPEL 7
        https://bugzilla.redhat.com/show_bug.cgi?id=1775550
  [ 3 ] Bug #1725810 - /usr/lib/systemd/system/clamd@scan.service:1: .include directives are deprecated
        https://bugzilla.redhat.com/show_bug.cgi?id=1725810
  [ 4 ] Bug #1764835 - clamd at 100% CPU and SystemD keeps restarting clamd
        https://bugzilla.redhat.com/show_bug.cgi?id=1764835
--------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2019-1543eae191' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
--------------------------------------------------------------------------------_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Fedora 31: clamav FEDORA-2019-1543eae191

December 3, 2019
- Drop clamd@scan.service file (bz#1725810) ClamAV 0.101.5 is a security patch release that addresses the following issues

Summary

Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this

software is the integration with mail servers (attachment scanning). The

package provides a flexible and scalable multi-threaded daemon, a command

line scanner, and a tool for automatic updating via Internet. The programs

are based on a shared library distributed with the Clam AntiVirus package,

which you can use with your own software. The virus database is based on

the virus database from OpenAntiVirus, but contains additional signatures

(including signatures for popular polymorphic viruses, too) and is KEPT UP

TO DATE.

- Drop clamd@scan.service file (bz#1725810) ClamAV 0.101.5 is a security patch

release that addresses the following issues. - CVE-2019-15961:

A Denial-of-Service (DoS) vulnerability may occur when scanning a specially

crafted email file as a result of excessively long scan times. The issue is

resolved by implementing several maximums in parsing MIME messages and by

optimizing use of memory allocation. - Added the zip scanning improvements

found in v0.102.0 where it scans files using zip records from a sorted catalogue

which provides deduplication of file records resulting in faster extraction and

scan time and reducing the likelihood of alerting on non-malicious duplicate

file entries as overlapping files. - Signature load time is significantly

reduced by changing to a more efficient algorithm for loading signature patterns

and allocating the AC trie. Patch courtesy of Alberto Wu. - Introduced a new

configure option to statically link libjson-c with libclamav. Static linking

with libjson is highly recommended to prevent crashes in applications that use

libclamav alongside another JSON parsing library. - Null-dereference fix in

email parser when using the --gen-json metadata option. ---- Add

TimeoutStartSec=420 to clamd@.service to match upstream

* Sat Nov 23 2019 Orion Poplawski - 0.101.5-1

- Update to 0.101.5 (CVE-2019-15961) (bz#1775550)

* Mon Nov 18 2019 Orion Poplawski - 0.101.4-3

- Drop clamd@scan.service file (bz#1725810)

- Change /var/run to /run

* Mon Nov 18 2019 Orion Poplawski - 0.101.4-2

- Add TimeoutStartSec=420 to clamd@.service to match upstream (bz#1764835)

[ 1 ] Bug #1631525 - clamav: clamscan --gen-json does not output JSON

https://bugzilla.redhat.com/show_bug.cgi?id=1631525

[ 2 ] Bug #1775550 - Request to build clamav 0.101.5 for EPEL 7

https://bugzilla.redhat.com/show_bug.cgi?id=1775550

[ 3 ] Bug #1725810 - /usr/lib/systemd/system/clamd@scan.service:1: .include directives are deprecated

https://bugzilla.redhat.com/show_bug.cgi?id=1725810

[ 4 ] Bug #1764835 - clamd at 100% CPU and SystemD keeps restarting clamd

https://bugzilla.redhat.com/show_bug.cgi?id=1764835

su -c 'dnf upgrade --advisory FEDORA-2019-1543eae191' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

FEDORA-2019-1543eae191 2019-12-04 01:14:42.699071 Product : Fedora 31 Version : 0.101.5 Release : 1.fc31 URL : https://www.clamav.net/ Summary : End-user tools for the Clam Antivirus scanner Description : Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use with your own software. The virus database is based on the virus database from OpenAntiVirus, but contains additional signatures (including signatures for popular polymorphic viruses, too) and is KEPT UP TO DATE. - Drop clamd@scan.service file (bz#1725810) ClamAV 0.101.5 is a security patch release that addresses the following issues. - CVE-2019-15961: A Denial-of-Service (DoS) vulnerability may occur when scanning a specially crafted email file as a result of excessively long scan times. The issue is resolved by implementing several maximums in parsing MIME messages and by optimizing use of memory allocation. - Added the zip scanning improvements found in v0.102.0 where it scans files using zip records from a sorted catalogue which provides deduplication of file records resulting in faster extraction and scan time and reducing the likelihood of alerting on non-malicious duplicate file entries as overlapping files. - Signature load time is significantly reduced by changing to a more efficient algorithm for loading signature patterns and allocating the AC trie. Patch courtesy of Alberto Wu. - Introduced a new configure option to statically link libjson-c with libclamav. Static linking with libjson is highly recommended to prevent crashes in applications that use libclamav alongside another JSON parsing library. - Null-dereference fix in email parser when using the --gen-json metadata option. ---- Add TimeoutStartSec=420 to clamd@.service to match upstream * Sat Nov 23 2019 Orion Poplawski - 0.101.5-1 - Update to 0.101.5 (CVE-2019-15961) (bz#1775550) * Mon Nov 18 2019 Orion Poplawski - 0.101.4-3 - Drop clamd@scan.service file (bz#1725810) - Change /var/run to /run * Mon Nov 18 2019 Orion Poplawski - 0.101.4-2 - Add TimeoutStartSec=420 to clamd@.service to match upstream (bz#1764835) [ 1 ] Bug #1631525 - clamav: clamscan --gen-json does not output JSON https://bugzilla.redhat.com/show_bug.cgi?id=1631525 [ 2 ] Bug #1775550 - Request to build clamav 0.101.5 for EPEL 7 https://bugzilla.redhat.com/show_bug.cgi?id=1775550 [ 3 ] Bug #1725810 - /usr/lib/systemd/system/clamd@scan.service:1: .include directives are deprecated https://bugzilla.redhat.com/show_bug.cgi?id=1725810 [ 4 ] Bug #1764835 - clamd at 100% CPU and SystemD keeps restarting clamd https://bugzilla.redhat.com/show_bug.cgi?id=1764835 su -c 'dnf upgrade --advisory FEDORA-2019-1543eae191' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Change Log

References

Update Instructions

Severity
Product : Fedora 31
Version : 0.101.5
Release : 1.fc31
URL : https://www.clamav.net/
Summary : End-user tools for the Clam Antivirus scanner

Related News

19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved