Mageia alert MGASA-2021-0194 (clamav) [LWN.net]

From:
               Mageia Updates <buildsystem-daemon@mageia.org>
To:
               updates-announce@ml.mageia.org
Subject:
               [updates-announce] MGASA-2021-0194: Updated clamav packages fix security vulnerability
Date:
               Sun, 18 Apr 2021 20:36:47 +0200
Message-ID:
               <20210418183647.A89F69FC7C@duvel.mageia.org>
Archive-link:
               Article
MGASA-2021-0194 - Updated clamav packages fix security vulnerability

Publication date: 18 Apr 2021
URL: https://advisories.mageia.org/MGASA-2021-0194.html
Type: security
Affected Mageia releases: 7, 8
CVE: CVE-2021-1405

Description:
The updated packages fix a security vulnerability:

A vulnerability in the email parsing module in Clam AntiVirus (ClamAV)
Software version 0.103.1 and all prior versions could allow an
unauthenticated, remote attacker to cause a denial of service condition
on an affected device. The vulnerability is due to improper variable
initialization that may result in an NULL pointer read. An attacker could
exploit this vulnerability by sending a crafted email to an affected
device. An exploit could allow the attacker to cause the ClamAV scanning
process crash, resulting in a denial of service condition (CVE-2021-1405).

Advisory text to describe the update.
Wrap lines at ~75 chars.

References:
- https://bugs.mageia.org/show_bug.cgi?id=28786
- https://blog.clamav.net/2021/04/clamav-01032-security-pat...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1405

SRPMS:
- 8/core/clamav-0.103.2-1.mga8
- 7/core/clamav-0.103.2-1.mga7

From:		Mageia Updates <buildsystem-daemon@mageia.org>
To:		updates-announce@ml.mageia.org
Subject:		[updates-announce] MGASA-2021-0194: Updated clamav packages fix security vulnerability
Date:		Sun, 18 Apr 2021 20:36:47 +0200
Message-ID:		<20210418183647.A89F69FC7C@duvel.mageia.org>
Archive-link:		Article