clamav version bellow 0.99.3 is subject to
And probably some more that do not have CVE yet.
Additional reason to version bump is fact, that since new clamav release, content of daily.cvd cause clamav 0.99.2 to crash
Steps to Reproduce:
2. reload clamd database
3. see clam log file
LibClamAV Error: cli_scanscript: could not map file /tmp/clamav-4f44363190ef9da19b58fe176ee5e22d.tmp
LibClamAV Error: cli_scanscript: could not map file /tmp/clamav-92bc8f14fbf93f57e5ac90379c0c3ae3.tmp
clean log file
To fix clamd errors, which prevent clamd working you can delete daily.cvd and stop freshclam.
Im not sure whenever clamav 0.99.3 will fix this, however there are other reasons to version bump and it could also fix problem with daily.cvd.
@ tomas: Please do not add version information to summary when you report vulnerabilities. Thank you.
*** Bug 645806 has been marked as a duplicate of this bug. ***
0.99.3 is not in the Gentoo repository yet. Please do not put the version in the summary until an unaffected ebuild is committed.
The bug has been referenced in the following commit(s):
Author: Thomas Deutschmann <email@example.com>
AuthorDate: 2018-01-26 14:46:05 +0000
Commit: Thomas Deutschmann <firstname.lastname@example.org>
CommitDate: 2018-01-26 14:52:33 +0000
app-antivirus/clamav: bump, fixes multiple vulnerabilites
Package-Manager: Portage-2.3.20, Repoman-2.3.6
app-antivirus/clamav/Manifest | 1 +
app-antivirus/clamav/clamav-0.99.3.ebuild | 158 ++++++++++++++++++++++++++++++
2 files changed, 159 insertions(+)}
please test and mark stable:
I'll push -r1 to fix a fd leak problem in cli scanner.
New GLSA request filed.
This issue was resolved and addressed in
GLSA 201801-19 at https://security.gentoo.org/glsa/201801-19
by GLSA coordinator Thomas Deutschmann (whissi).
Re-opening for remaining architectures.
Thanks for adding 0.99.3 - I just got home a bit earlier and was going to have a go at it, but looks like you saved me some work ;)
I have tested 0.99.3-r1 and problem with hang on daily.cvd signatures is gone. Its working well.
Superseded by bug 649314.
Stable on alpha.
Cleanup will happen with GLSA release.