MGASA-2019-0328
- Source
- https://advisories.mageia.org/MGASA-2019-0328.html
- Import Source
- https://advisories.mageia.org/MGASA-2019-0328.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2019-0328
- Related
- Published
- 2019-11-19T21:16:53Z
- Modified
- 2019-11-19T20:47:47Z
- Summary
- Updated clamav packages fix security vulnerabilities
- Details
-
The updated packages fix security vulnerabilities:
ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system. (CVE-2019-12625)
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. (CVE-2019-12900)
- References
-
- https://advisories.mageia.org/MGASA-2019-0328.html
- https://bugs.mageia.org/show_bug.cgi?id=25231
- https://blog.clamav.net/2019/08/clamav-01013-security-patch-release-and.html
- https://blog.clamav.net/2019/08/clamav-01014-security-patch-release-has.html
- https://www.openwall.com/lists/oss-security/2019/08/06/3
- https://usn.ubuntu.com/4146-1/
- Credits
-
-
- Mageia - COORDINATOR
-