A clamav security update has been released for Fedora 31
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2019-1543eae191
2019-12-04 01:14:42.699071
--------------------------------------------------------------------------------
Name : clamav
Product : Fedora 31
Version : 0.101.5
Release : 1.fc31
URL : https://www.clamav.net/
Summary : End-user tools for the Clam Antivirus scanner
Description :
Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this
software is the integration with mail servers (attachment scanning). The
package provides a flexible and scalable multi-threaded daemon, a command
line scanner, and a tool for automatic updating via Internet. The programs
are based on a shared library distributed with the Clam AntiVirus package,
which you can use with your own software. The virus database is based on
the virus database from OpenAntiVirus, but contains additional signatures
(including signatures for popular polymorphic viruses, too) and is KEPT UP
TO DATE.
--------------------------------------------------------------------------------
Update Information:
- Drop clamd@scan.service file (bz#1725810) ClamAV 0.101.5 is a security patch
release that addresses the following issues. - CVE-2019-15961:
A Denial-of-Service (DoS) vulnerability may occur when scanning a specially
crafted email file as a result of excessively long scan times. The issue is
resolved by implementing several maximums in parsing MIME messages and by
optimizing use of memory allocation. - Added the zip scanning improvements
found in v0.102.0 where it scans files using zip records from a sorted catalogue
which provides deduplication of file records resulting in faster extraction and
scan time and reducing the likelihood of alerting on non-malicious duplicate
file entries as overlapping files. - Signature load time is significantly
reduced by changing to a more efficient algorithm for loading signature patterns
and allocating the AC trie. Patch courtesy of Alberto Wu. - Introduced a new
configure option to statically link libjson-c with libclamav. Static linking
with libjson is highly recommended to prevent crashes in applications that use
libclamav alongside another JSON parsing library. - Null-dereference fix in
email parser when using the --gen-json metadata option. ---- Add
TimeoutStartSec=420 to clamd@.service to match upstream
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 23 2019 Orion Poplawski - 0.101.5-1
- Update to 0.101.5 (CVE-2019-15961) (bz#1775550)
* Mon Nov 18 2019 Orion Poplawski - 0.101.4-3
- Drop clamd@scan.service file (bz#1725810)
- Change /var/run to /run
* Mon Nov 18 2019 Orion Poplawski - 0.101.4-2
- Add TimeoutStartSec=420 to clamd@.service to match upstream (bz#1764835)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1631525 - clamav: clamscan --gen-json does not output JSON
https://bugzilla.redhat.com/show_bug.cgi?id=1631525
[ 2 ] Bug #1775550 - Request to build clamav 0.101.5 for EPEL 7
https://bugzilla.redhat.com/show_bug.cgi?id=1775550
[ 3 ] Bug #1725810 - /usr/lib/systemd/system/clamd@scan.service:1: .include directives are deprecated
https://bugzilla.redhat.com/show_bug.cgi?id=1725810
[ 4 ] Bug #1764835 - clamd at 100% CPU and SystemD keeps restarting clamd
https://bugzilla.redhat.com/show_bug.cgi?id=1764835
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2019-1543eae191' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys