Advisories » MGASA-2019-0361

Updated clamav packages fix security vulnerability

Publication date: 06 Dec 2019
Modification date: 06 Dec 2019
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-15961

Description

The updated packages fix two packaging problems and a security
vulnerability:

A Denial-of-Service (DoS) vulnerability may occur when scanning a specially
crafted email file as a result of excessively long scan times.
(CVE-2019-15961)

The first packaging issue, in the configuration of clamav-daemon.socket,
leads to freshclam and amavis complaining about not being able to access
clamd socket.

The second packaging issue, in the names of systemd services, leads to
warnigs at the installation/update of clamav and clamd.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=25754
• https://bugs.mageia.org/show_bug.cgi?id=25096
• https://blog.clamav.net/2019/11/clamav-01021-and-01015-patches-have.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15961

SRPMS

7/core

• clamav-0.101.5-1.1.mga7