Mageia 2021-0194: clamav security update
Summary
The updated packages fix a security vulnerability:
A vulnerability in the email parsing module in Clam AntiVirus (ClamAV)
Software version 0.103.1 and all prior versions could allow an
unauthenticated, remote attacker to cause a denial of service condition
on an affected device. The vulnerability is due to improper variable
initialization that may result in an NULL pointer read. An attacker could
exploit this vulnerability by sending a crafted email to an affected
device. An exploit could allow the attacker to cause the ClamAV scanning
process crash, resulting in a denial of service condition (CVE-2021-1405).
Advisory text to describe the update.
Wrap lines at ~75 chars.
References
- https://bugs.mageia.org/show_bug.cgi?id=28786
- https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1405
Resolution
MGASA-2021-0194 - Updated clamav packages fix security vulnerability
SRPMS
- 8/core/clamav-0.103.2-1.mga8
- 7/core/clamav-0.103.2-1.mga7