| 1 |
type: security |
| 2 |
subject: Updated clamav packages fix security vulnerability |
| 3 |
CVE: |
| 4 |
- CVE-2021-1405 |
| 5 |
src: |
| 6 |
8: |
| 7 |
core: |
| 8 |
- clamav-0.103.2-1.mga8 |
| 9 |
7: |
| 10 |
core: |
| 11 |
- clamav-0.103.2-1.mga7 |
| 12 |
description: | |
| 13 |
The updated packages fix a security vulnerability: |
| 14 |
|
| 15 |
A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) |
| 16 |
Software version 0.103.1 and all prior versions could allow an |
| 17 |
unauthenticated, remote attacker to cause a denial of service condition |
| 18 |
on an affected device. The vulnerability is due to improper variable |
| 19 |
initialization that may result in an NULL pointer read. An attacker could |
| 20 |
exploit this vulnerability by sending a crafted email to an affected |
| 21 |
device. An exploit could allow the attacker to cause the ClamAV scanning |
| 22 |
process crash, resulting in a denial of service condition (CVE-2021-1405). |
| 23 |
|
| 24 |
Advisory text to describe the update. |
| 25 |
Wrap lines at ~75 chars. |
| 26 |
references: |
| 27 |
- https://bugs.mageia.org/show_bug.cgi?id=28786 |
| 28 |
- https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html |
| 29 |
ID: MGASA-2021-0194 |
Parent Directory
| 
Revision Log