git.ipfire.org Git - people/pmueller/ipfire-2.x.git/commit

author	Matthias Fischer <matthias.fischer@ipfire.org>
	Tue, 12 May 2020 19:29:32 +0000 (21:29 +0200)
committer	Arne Fitzenreiter <arne_f@ipfire.org>
	Sun, 17 May 2020 07:58:37 +0000 (07:58 +0000)
commit	cb9fd5923b2e942de745218d75986ba7a6dd6df7
tree	95b0b7b3429b71ca43a893ef33451d9e25542b2e	tree \| snapshot
parent	dde7e22c44fb488ab2c801d5025f3dd8009f0cdb	commit \| diff

clamav: Update to 0.102.3

For details see:
https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html

"ClamAV 0.102.3 is a bug patch release to address the following issues.

- CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing module
in ClamAV 0.102.2 that could cause a Denial-of-Service (DoS) condition.
Improper bounds checking of an unsigned variable results in an
out-of-bounds read which causes a crash.

- CVE-2020-3341: Fix a vulnerability in the PDF parsing module in ClamAV
0.101 - 0.102.2 that could cause a Denial-of-Service (DoS) condition.
Improper size checking of a buffer used to initialize AES decryption
routines results in an out-of-bounds read which may cause a crash. Bug
found by OSS-Fuzz.

- Fix "Attempt to allocate 0 bytes" error when parsing some PDF
documents.

- Fix a couple of minor memory leaks.

- Updated libclamunrar to UnRAR 5.9.2."

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>