Advisories » MGASA-2021-0194

Updated clamav packages fix security vulnerability

Publication date: 18 Apr 2021
Modification date: 22 Sep 2021
Type: security
Affected Mageia releases : 7 , 8
CVE: CVE-2021-1405

Description

The updated packages fix a security vulnerability:

A vulnerability in the email parsing module in Clam AntiVirus (ClamAV)
Software version 0.103.1 and all prior versions could allow an
unauthenticated, remote attacker to cause a denial of service condition
on an affected device. The vulnerability is due to improper variable
initialization that may result in an NULL pointer read. An attacker could
exploit this vulnerability by sending a crafted email to an affected
device. An exploit could allow the attacker to cause the ClamAV scanning
process crash, resulting in a denial of service condition (CVE-2021-1405).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=28786
• https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1405

SRPMS

8/core

• clamav-0.103.2-1.mga8

7/core

• clamav-0.103.2-1.mga7