Advisories ยป MGASA-2019-0328

Updated clamav packages fix security vulnerabilities

Publication date: 19 Nov 2019
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-12625 , CVE-2019-12900


The updated packages fix security vulnerabilities:

ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability
where an unauthenticated attacker can cause a denial of service condition by
sending crafted messages to an affected system. (CVE-2019-12625)

BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds
write when there are many selectors. (CVE-2019-12900)