Advisories » MGASA-2024-0307

Updated clamav packages fix security vulnerabilities

Publication date: 17 Sep 2024
Modification date: 17 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-20505 , CVE-2024-20506

Description

Fixed a possible out-of-bounds read bug in the PDF file parser that
could cause a denial-of-service (DoS) condition. (CVE-2024-20505)
Changed the logging module to disable following symlinks on Linux and
Unix systems so as to prevent an attacker with existing access to the
'clamd' or 'freshclam' services from using a symlink to corrupt system
files. (CVE-2024-20506)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=33561
• https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20505
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20506

SRPMS

9/core

• clamav-1.0.7-1.mga9