[Buildroot] [PATCH 1/1] package/clamav: security bump to version 0.101.2
Peter Korsgaard
peter at korsgaard.com
Thu Mar 28 10:01:28 UTC 2019
>>>>> "Bernd" == Bernd Kuhls <bernd.kuhls at t-online.de> writes:
> Release notes:
> https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html
> - Fixes for the following vulnerabilities affecting 0.101.1 and prior:
> - CVE-2019-1787:
> An out-of-bounds heap read condition may occur when scanning PDF
> documents. The defect is a failure to correctly keep track of the number
> of bytes remaining in a buffer when indexing file data.
> - CVE-2019-1789:
> An out-of-bounds heap read condition may occur when scanning PE files
> (i.e. Windows EXE and DLL files) that have been packed using Aspack as a
> result of inadequate bound-checking.
> - CVE-2019-1788:
> An out-of-bounds heap write condition may occur when scanning OLE2 files
> such as Microsoft Office 97-2003 documents. The invalid write happens when
> an invalid pointer is mistakenly used to initialize a 32bit integer to
> zero. This is likely to crash the application.
> - Fixes for the following vulnerabilities affecting 0.101.1 and 0.101.0 only:
> - CVE-2019-1786:
> An out-of-bounds heap read condition may occur when scanning malformed PDF
> documents as a result of improper bounds-checking.
> - CVE-2019-1785:
> A path-traversal write condition may occur as a result of improper input
> validation when scanning RAR archives. Issue reported by aCaB.
> - CVE-2019-1798:
> A use-after-free condition may occur as a result of improper error
> handling when scanning nested RAR archives. Issue reported by David L.
> Signed-off-by: Bernd Kuhls <bernd.kuhls at t-online.de>
Committed to 2018.02.x, 2018.11.x and 2019.02.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list