Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Update from version 1.3.1 to 1.3.2 - Update of rootfile - 2 CVE Fixes - Changelog 1.3.2 - [CVE-2024-20506](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20506): Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the 'clamd' or 'freshclam' services from using a symlink to corrupt system files. This issue affects all currently supported versions. It will be fixed in: - 1.4.1 - 1.3.2 - 1.0.7 - 0.103.12 Thank you to Detlef for identifying this issue. - [CVE-2024-20505](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20505): Fixed a possible out-of-bounds read bug in the PDF file parser that could cause a denial-of-service (DoS) condition. This issue affects all currently supported versions. It will be fixed in: - 1.4.1 - 1.3.2 - 1.0.7 - 0.103.12 Thank you to OSS-Fuzz for identifying this issue. - Removed unused Python modules from freshclam tests including deprecated 'cgi' module that is expected to cause test failures in Python 3.13. - Fix unit test caused by expiring signing certificate. - Backport of [GitHub pull request](Cisco-Talos/clamav#1305) - Fixed a build issue on Windows with newer versions of Rust. Also upgraded GitHub Actions imports to fix CI failures. Fixes courtesy of liushuyu. - Backport of [GitHub pull request](Cisco-Talos/clamav#1307) - Fixed an unaligned pointer dereference issue on select architectures. Fix courtesy of Sebastian Andrzej Siewior. - Backport of [GitHub pull request](Cisco-Talos/clamav#1293) - Fixes to Jenkins CI pipeline. For details, see [GitHub pull request](Cisco-Talos/clamav#1330) Signed-off-by: Adolf Belka <[email protected]> Signed-off-by: Michael Tremer <[email protected]>
- Loading branch information