Linux Security
    Linux Security
    Linux Security

    Mageia 2020-0322: clamav security update

    Date
    60
    Posted By
    A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning malicious files. An attacker with local shell access could exploit this vulnerability by executing a script that
    MGASA-2020-0322 - Updated clamav packages fix security vulnerability
    
    Publication date: 18 Aug 2020
    URL: https://advisories.mageia.org/MGASA-2020-0322.html
    Type: security
    Affected Mageia releases: 7
    CVE: CVE-2020-3350,
         CVE-2020-3481
    
    A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam
    AntiVirus could allow an authenticated, local attacker to cause the running
    software to delete arbitrary files on the system. The vulnerability is due to a
    race condition that could occur when scanning malicious files. An attacker with
    local shell access could exploit this vulnerability by executing a script that
    could trigger the race condition. A successful exploit could allow the attacker
    to delete arbitrary files on the system that the attacker would not normally
    have privileges to delete, producing system instability or causing the endpoint
    software to stop working. (CVE-2020-3350)
    
    A vulnerability in the EGG archive parsing module in Clam AntiVirus (ClamAV)
    Software versions 0.102.0 - 0.102.3 could allow an unauthenticated, remote
    attacker to cause a denial of service condition on an affected device. The
    vulnerability is due to a null pointer dereference. An attacker could exploit
    this vulnerability by sending a crafted EGG file to an affected device. An
    exploit could allow the attacker to cause the ClamAV scanning process crash,
    resulting in a denial of service condition. (CVE-2020-3481)
    
    References:
    - https://bugs.mageia.org/show_bug.cgi?id=27020
    - https://blog.clamav.net/2020/07/clamav-01024-security-patch-released.html
    - https://ubuntu.com/security/notices/USN-4435-1
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3350
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3481
    
    SRPMS:
    - 7/core/clamav-0.102.4-1.mga7
    

    Advisories

    LinuxSecurity Poll

    Which statement best describes how you feel about the recent Linux 5.9 release?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/40-what-change-are-you-most-excited-about-in-linux-5-9?task=poll.vote&format=json
    40
    radio
    [{"id":"140","title":"Not a game-changer for me.","votes":"1","type":"x","order":"1","pct":16.67,"resources":[]},{"id":"141","title":"I'm happy with the performance improvements it offers.","votes":"5","type":"x","order":"2","pct":83.33,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.