Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 940140 (CVE-2024-20505, CVE-2024-20506) - app-antivirus/clamav: multiple vulnerabilities
Summary: app-antivirus/clamav: multiple vulnerabilities
Status: CONFIRMED
Alias: CVE-2024-20505, CVE-2024-20506
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Antivirus Team
URL: https://blog.clamav.net/2024/09/clama...
Whiteboard:
Keywords:
Depends on: 940141 940142
Blocks:
  Show dependency tree
 
Reported: 2024-09-23 10:46 UTC by Matt Jolly
Modified: 2024-09-23 11:12 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Matt Jolly gentoo-dev 2024-09-23 10:46:22 UTC
CVE-2024-20506: Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the 'clamd' or 'freshclam' services from using a symlink to corrupt system files.

    This issue affects all currently supported versions. It will be fixed in:
        1.4.1
        1.3.2
        1.0.7
        0.103.12

    Thank you to Detlef for identifying this issue.

CVE-2024-20505: Fixed a possible out-of-bounds read bug in the PDF file parser that could cause a denial-of-service (DoS) condition.

    This issue affects all currently supported versions. It will be fixed in:
        1.4.1
        1.3.2
        1.0.7
        0.103.12

    Thank you to OSS-Fuzz for identifying this issue.
Comment 1 Larry the Git Cow gentoo-dev 2024-09-23 11:12:05 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=71557910e46822fea0d51122c20f6d3a1bd9ac2a

commit 71557910e46822fea0d51122c20f6d3a1bd9ac2a
Author:     Matt Jolly <kangie@gentoo.org>
AuthorDate: 2024-09-23 10:52:06 +0000
Commit:     Matt Jolly <kangie@gentoo.org>
CommitDate: 2024-09-23 11:11:56 +0000

    app-antivirus/clamav: drop vulnerable
    
    These versions of clamav have been superseded and
    are vulnerable to CVE-2024-20505 and CVE-2024-20506.
    
    Bug: https://bugs.gentoo.org/940140
    Signed-off-by: Matt Jolly <kangie@gentoo.org>

 app-antivirus/clamav/Manifest               |  50 +---
 app-antivirus/clamav/clamav-1.0.6.ebuild    | 400 ---------------------------
 app-antivirus/clamav/clamav-1.2.3.ebuild    | 394 --------------------------
 app-antivirus/clamav/clamav-1.3.1-r2.ebuild | 408 ---------------------------
 app-antivirus/clamav/clamav-1.3.1.ebuild    | 397 --------------------------
 app-antivirus/clamav/clamav-1.4.0.ebuild    | 414 ----------------------------
 6 files changed, 1 insertion(+), 2062 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6091414aa294862a44a98047c7a0f738b845d4cd

commit 6091414aa294862a44a98047c7a0f738b845d4cd
Author:     Matt Jolly <kangie@gentoo.org>
AuthorDate: 2024-09-23 11:09:13 +0000
Commit:     Matt Jolly <kangie@gentoo.org>
CommitDate: 2024-09-23 11:11:56 +0000

    app-antivirus/clamav: add 1.0.7
    
    Bug: https://bugs.gentoo.org/940140
    Signed-off-by: Matt Jolly <kangie@gentoo.org>

 app-antivirus/clamav/clamav-1.0.7.ebuild           | 404 +++++++++++++++++++++
 .../files/clamav-1.0.7-cmake-python-version.patch  |  51 +++
 2 files changed, 455 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9f29d4c4ad7418acd552a813068c4e1428d1462e

commit 9f29d4c4ad7418acd552a813068c4e1428d1462e
Author:     Matt Jolly <kangie@gentoo.org>
AuthorDate: 2024-09-23 10:46:38 +0000
Commit:     Matt Jolly <kangie@gentoo.org>
CommitDate: 2024-09-23 11:11:55 +0000

    app-antivirus/clamav: add 1.4.1
    
    Bug: https://bugs.gentoo.org/940140
    Signed-off-by: Matt Jolly <kangie@gentoo.org>

 app-antivirus/clamav/Manifest            |   1 +
 app-antivirus/clamav/clamav-1.4.1.ebuild | 413 +++++++++++++++++++++++++++++++
 2 files changed, 414 insertions(+)