ClamAV security update for Debian 11 LTS

Debian 10278 Published by

ClamAV packages have been updated for Debian GNU/Linux 11 (Buster) LTS to resolve two vulnerabilities.

[SECURITY] [DLA 3983-1] clamav security update




[SECURITY] [DLA 3983-1] clamav security update


- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3983-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Lucas Kanashiro
December 04, 2024 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package : clamav
Version : 1.0.7+dfsg-1~deb11u1
CVE ID : CVE-2024-20505 CVE-2024-20506
Debian Bug : #1080962

Two vulnerabilities were found in ClamAV, an antivirus toolkit for Unix.

CVE-2024-20505

Affected versions could allow an unauthenticated, remote attacker to cause
a denial of service (DoS) condition on an affected device. The
vulnerability is due to an out of bounds read. An attacker could exploit
this vulnerability by submitting a crafted PDF file to be scanned by ClamAV
on an affected device. An exploit could allow the attacker to terminate the
scanning process.

CVE-2024-20506

Affected versions could allow an authenticated, local attacker to corrupt
critical system files. The vulnerability is due to allowing the ClamD
process to write to its log file while privileged without checking if the
logfile has been replaced with a symbolic link. An attacker could exploit
this vulnerability if they replace the ClamD log file with a symlink to a
critical system file and then find a way to restart the ClamD process. An
exploit could allow the attacker to corrupt a critical system file by
appending ClamD log messages after restart.

ClamAV was updated to version 1.0.7+dfsg-1~deb10u1. Due to the library soname
bump, the reverse dependencies of libclamav9 were rebuilt against libclamav11.
The following source packages were updated:

- - c-icap-modules/1:0.5.4-2+deb11u1
- - cyrus-imapd/3.2.6-2+deb11u3
- - havp/0.93-2+deb11u1
- - pg-snakeoil/1.3-2+deb11u1
- - libclamunrar/1.0.3-1~deb11u1

For Debian 11 bullseye, these problems have been fixed in version
1.0.7+dfsg-1~deb11u1.

We recommend that you upgrade your clamav packages.

For the detailed security status of clamav please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/clamav

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Django, Apache Shiro, Ghostscript updates for Ubuntu

macOS Sequoia 15.2 RC and iOS 18.2 RC released

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.orgĀ  I ...