1 |
type: security |
2 |
subject: Updated clamav packages fix security vulnerability |
3 |
CVE: |
4 |
- CVE-2021-1405 |
5 |
src: |
6 |
8: |
7 |
core: |
8 |
- clamav-0.103.2-1.mga8 |
9 |
7: |
10 |
core: |
11 |
- clamav-0.103.2-1.mga7 |
12 |
description: | |
13 |
The updated packages fix a security vulnerability: |
14 |
|
15 |
A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) |
16 |
Software version 0.103.1 and all prior versions could allow an |
17 |
unauthenticated, remote attacker to cause a denial of service condition |
18 |
on an affected device. The vulnerability is due to improper variable |
19 |
initialization that may result in an NULL pointer read. An attacker could |
20 |
exploit this vulnerability by sending a crafted email to an affected |
21 |
device. An exploit could allow the attacker to cause the ClamAV scanning |
22 |
process crash, resulting in a denial of service condition (CVE-2021-1405). |
23 |
|
24 |
Advisory text to describe the update. |
25 |
Wrap lines at ~75 chars. |
26 |
references: |
27 |
- https://bugs.mageia.org/show_bug.cgi?id=28786 |
28 |
- https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html |
29 |
ID: MGASA-2021-0194 |