MGASA-2020-0105

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2020-0105.html

Import Source

https://advisories.mageia.org/MGASA-2020-0105.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2020-0105

Related

CVE-2020-3123

Published

2020-02-26T10:21:01Z

Modified

2020-02-26T10:00:55Z

Summary

Updated clamav packages fix security vulnerability

Details

The updated packages fix a security vulnerability:

A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to an out-of-bounds read affecting users that have enabled the optional DLP feature. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. (CVE-2020-3123)

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

MGASA-2020-0105

Affected packages