Updated clamav packages fix security vulnerabilities
Publication date: 24 Feb 2024Modification date: 24 Feb 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-20290 , CVE-2024-20328
Description
The updated packages fix security vulnerabilities:
A possible heap overflow read bug in the OLE2 file parser that could
cause a denial-of-service (DoS) condition. (CVE-2024-20290)
A possible command injection vulnerability in the "VirusEvent" feature
of ClamAV's ClamD service. (CVE-2024-20328)
References
SRPMS
9/core
- clamav-1.0.5-1.mga9