Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Mageia 9 MGASA-2024-0307 Moderate: Clamav DoS and Symlink Protection

mageia
Calendar Grey September 17, 2024
Dist Mageia Esm H88
Recent security enhancements for ClamAV target critical flaws and denial-of-service threats in Mageia, bolstering overall system security.
Fixed a possible out-of-bounds read bug in the PDF file parser that could cause a denial-of-service (DoS) condition

Summary

Fixed a possible out-of-bounds read bug in the PDF file parser that could cause a denial-of-service (DoS) condition. (CVE-2024-20505) Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the 'clamd' or 'freshclam' services from using a symlink to corrupt system files. (CVE-2024-20506)

References

- https://bugs.mageia.org/show_bug.cgi?id=33561

- https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html

- https://www.cve.org/CVERecord?id=CVE-2024-20505

- https://www.cve.org/CVERecord?id=CVE-2024-20506

Topics%20covered

Topics Covered

security advisory update DoS vulnerability clamav mageia symlink protection

Resolution

SRPMS

- 9/core/clamav-1.0.7-1.mga9

Publication date: 17 Sep 2024
URL: https://advisories.mageia.org/MGASA-2024-0307.html
Type: security
CVE: CVE-2024-20505, CVE-2024-20506

Topics%20covered

Topics Covered

security advisory update DoS vulnerability clamav mageia symlink protection

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here