MGASA-2021-0194

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2021-0194.html

Import Source

https://advisories.mageia.org/MGASA-2021-0194.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2021-0194

Related

CVE-2021-1405

Published

2021-04-18T18:34:40Z

Modified

2021-09-22T20:02:52Z

Summary

Updated clamav packages fix security vulnerability

Details

The updated packages fix a security vulnerability:

A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) Software version 0.103.1 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper variable initialization that may result in an NULL pointer read. An attacker could exploit this vulnerability by sending a crafted email to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition (CVE-2021-1405).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:7 / clamav

Package

Name: clamav
Purl: pkg:rpm/mageia/clamav?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.103.2-1.mga7

Ecosystem specific

{
    "section": "core"
}

Mageia:8 / clamav

Package

Name: clamav
Purl: pkg:rpm/mageia/clamav?distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.103.2-1.mga8

Ecosystem specific

{
    "section": "core"
}