... | ... |
@@ -3,6 +3,77 @@ |
3 | 3 |
Note: This file refers to the source tarball. Things described here may differ |
4 | 4 |
slightly from the binary packages. |
5 | 5 |
|
6 |
+## 0.101.2 |
|
7 |
+ |
|
8 |
+ClamAV 0.101.2 is a patch release to address a handful of security related bugs. |
|
9 |
+ |
|
10 |
+This patch release is being released alongside the 0.100.3 patch so that users |
|
11 |
+who are unable to upgrade to 0.101 due to libclamav API changes are protected. |
|
12 |
+ |
|
13 |
+This release includes 3 extra security related bug fixes that do not apply to |
|
14 |
+prior versions. In addition, it includes a number of minor bug fixes and |
|
15 |
+improvements. |
|
16 |
+ |
|
17 |
+- Fixes for the following vulnerabilities affecting 0.101.1 and prior: |
|
18 |
+ - [CVE-2019-1787](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1787): |
|
19 |
+ An out-of-bounds heap read condition may occur when scanning PDF |
|
20 |
+ documents. The defect is a failure to correctly keep track of the number |
|
21 |
+ of bytes remaining in a buffer when indexing file data. |
|
22 |
+ - [CVE-2019-1789](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1789): |
|
23 |
+ An out-of-bounds heap read condition may occur when scanning PE files |
|
24 |
+ (i.e. Windows EXE and DLL files) that have been packed using Aspack as a |
|
25 |
+ result of inadequate bound-checking. |
|
26 |
+ - [CVE-2019-1788](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1788): |
|
27 |
+ An out-of-bounds heap write condition may occur when scanning OLE2 files |
|
28 |
+ such as Microsoft Office 97-2003 documents. The invalid write happens when |
|
29 |
+ an invalid pointer is mistakenly used to initialize a 32bit integer to |
|
30 |
+ zero. This is likely to crash the application. |
|
31 |
+ |
|
32 |
+- Fixes for the following vulnerabilities affecting 0.101.1 and 0.101.0 only: |
|
33 |
+ - [CVE-2019-1786](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1786): |
|
34 |
+ An out-of-bounds heap read condition may occur when scanning malformed PDF |
|
35 |
+ documents as a result of improper bounds-checking. |
|
36 |
+ - [CVE-2019-1785](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1785): |
|
37 |
+ A path-traversal write condition may occur as a result of improper input |
|
38 |
+ validation when scanning RAR archives. Issue reported by aCaB. |
|
39 |
+ - [CVE-2019-1798](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1798): |
|
40 |
+ A use-after-free condition may occur as a result of improper error |
|
41 |
+ handling when scanning nested RAR archives. Issue reported by David L. |
|
42 |
+ |
|
43 |
+- Fixes for the following assorted bugs: |
|
44 |
+ - Added checks to prevent shifts from causing undefined behavior in HTML |
|
45 |
+ normalizer, UPX unpacker, ARJ extractor, CPIO extractor, OLE2 parser, |
|
46 |
+ LZW decompressor used in the PDF parser, Xz decompressor, and UTF-16 to |
|
47 |
+ ASCII transcoder. |
|
48 |
+ - Added checks to prevent integer overflow in UPX unpacker. |
|
49 |
+ - Fix for minor memory leak in OLE2 parser. |
|
50 |
+ - Fix to speed up PDF parser when handling truncated (or malformed) PDFs. |
|
51 |
+ - Fix for memory leak in ARJ decoder failure condition. |
|
52 |
+ - Fix for potential memory and file descriptor leak in HTML normalization code. |
|
53 |
+ |
|
54 |
+- Removed use of problematic feature that converted file descriptors to |
|
55 |
+ file paths. The feature was intended to improve performance when scanning |
|
56 |
+ file types, notably RAR archives, for which the API requires a file path. |
|
57 |
+ This feature caused issues in environments where the ClamAV engine is run |
|
58 |
+ in a low-permissions or sandboxed process. RAR archives are still supported |
|
59 |
+ with this change, but performance may suffer slightly if the file path is not |
|
60 |
+ provided in calls to `cl_scandesc_callback()`. |
|
61 |
+ - Added filename and tempfile names to scandesc calls in clamd. |
|
62 |
+ - Added general scan option `CL_SCAN_GENERAL_UNPRIVILEGED` to treat the scan |
|
63 |
+ engine as unprivileged, meaning that the scan engine will not have read |
|
64 |
+ access to the file. Provided file paths are for logging purposes only. |
|
65 |
+ - Added ability to create a temp file when scanning RAR archives when the |
|
66 |
+ process does not have read access to the file path provided (i.e. |
|
67 |
+ unprivileged is set, or an access check fails). |
|
68 |
+ |
|
69 |
+Thank you to the Google OSS-Fuzz project for identifying and reporting many of |
|
70 |
+the bugs patched in this release. |
|
71 |
+ |
|
72 |
+Additional thanks to the following community members for submitting bug reports: |
|
73 |
+ |
|
74 |
+- aCaB |
|
75 |
+- David L. |
|
76 |
+ |
|
6 | 77 |
## 0.101.1 |
7 | 78 |
|
8 | 79 |
ClamAV 0.101.1 is an urgent patch release to address an issue in 0.101.0 |
... | ... |
@@ -99,18 +170,18 @@ we've cooked up over the past 6 months. |
99 | 99 |
| | `AlertEncryptedArchive` | |
100 | 100 |
| | `AlertEncryptedDoc` | |
101 | 101 |
|
102 |
- | Old `clamscan` option | *New* `clamscan` option | |
|
103 |
- | ---------------------------- | -------------------------------- | |
|
104 |
- | `--algorithmic-detection` | `--heuristic-alerts` | |
|
105 |
- | `--detect-broken` | `--alert-broken` | |
|
106 |
- | `--phishing-cloak` | `--alert-phishing-cloak` | |
|
107 |
- | `--phishing-ssl` | `--alert-phishing-ssl` | |
|
108 |
- | `--partition-intersection` | `--alert-partition-intersection` | |
|
109 |
- | `--block-max` | `--alert-exceeds-max` | |
|
110 |
- | `--block-macros` | `--alert-macros` | |
|
111 |
- | `--block-encrypted` | `--alert-encrypted` | |
|
112 |
- | | `--alert-encrypted-archive` | |
|
113 |
- | | `--alert-encrypted-doc` | |
|
102 |
+ | Old `clamscan` option | *New* `clamscan` option | |
|
103 |
+ | -------------------------- | -------------------------------- | |
|
104 |
+ | `--algorithmic-detection` | `--heuristic-alerts` | |
|
105 |
+ | `--detect-broken` | `--alert-broken` | |
|
106 |
+ | `--phishing-cloak` | `--alert-phishing-cloak` | |
|
107 |
+ | `--phishing-ssl` | `--alert-phishing-ssl` | |
|
108 |
+ | `--partition-intersection` | `--alert-partition-intersection` | |
|
109 |
+ | `--block-max` | `--alert-exceeds-max` | |
|
110 |
+ | `--block-macros` | `--alert-macros` | |
|
111 |
+ | `--block-encrypted` | `--alert-encrypted` | |
|
112 |
+ | | `--alert-encrypted-archive` | |
|
113 |
+ | | `--alert-encrypted-doc` | |
|
114 | 114 |
|
115 | 115 |
### Some more subtle improvements |
116 | 116 |
|
... | ... |
@@ -1,6 +1,6 @@ |
1 | 1 |
#! /bin/sh |
2 | 2 |
# Guess values for system-dependent variables and create Makefiles. |
3 |
-# Generated by GNU Autoconf 2.69 for ClamAV 0.101.1. |
|
3 |
+# Generated by GNU Autoconf 2.69 for ClamAV 0.101.2. |
|
4 | 4 |
# |
5 | 5 |
# Report bugs to <https://bugzilla.clamav.net/>. |
6 | 6 |
# |
... | ... |
@@ -592,8 +592,8 @@ MAKEFLAGS= |
592 | 592 |
# Identity of this package. |
593 | 593 |
PACKAGE_NAME='ClamAV' |
594 | 594 |
PACKAGE_TARNAME='clamav' |
595 |
-PACKAGE_VERSION='0.101.1' |
|
596 |
-PACKAGE_STRING='ClamAV 0.101.1' |
|
595 |
+PACKAGE_VERSION='0.101.2' |
|
596 |
+PACKAGE_STRING='ClamAV 0.101.2' |
|
597 | 597 |
PACKAGE_BUGREPORT='https://bugzilla.clamav.net/' |
598 | 598 |
PACKAGE_URL='https://www.clamav.net/' |
599 | 599 |
|
... | ... |
@@ -1558,7 +1558,7 @@ if test "$ac_init_help" = "long"; then |
1558 | 1558 |
# Omit some internal or obsolete options to make the list less imposing. |
1559 | 1559 |
# This message is too long to be a string in the A/UX 3.1 sh. |
1560 | 1560 |
cat <<_ACEOF |
1561 |
-\`configure' configures ClamAV 0.101.1 to adapt to many kinds of systems. |
|
1561 |
+\`configure' configures ClamAV 0.101.2 to adapt to many kinds of systems. |
|
1562 | 1562 |
|
1563 | 1563 |
Usage: $0 [OPTION]... [VAR=VALUE]... |
1564 | 1564 |
|
... | ... |
@@ -1629,7 +1629,7 @@ fi |
1629 | 1629 |
|
1630 | 1630 |
if test -n "$ac_init_help"; then |
1631 | 1631 |
case $ac_init_help in |
1632 |
- short | recursive ) echo "Configuration of ClamAV 0.101.1:";; |
|
1632 |
+ short | recursive ) echo "Configuration of ClamAV 0.101.2:";; |
|
1633 | 1633 |
esac |
1634 | 1634 |
cat <<\_ACEOF |
1635 | 1635 |
|
... | ... |
@@ -1854,7 +1854,7 @@ fi |
1854 | 1854 |
test -n "$ac_init_help" && exit $ac_status |
1855 | 1855 |
if $ac_init_version; then |
1856 | 1856 |
cat <<\_ACEOF |
1857 |
-ClamAV configure 0.101.1 |
|
1857 |
+ClamAV configure 0.101.2 |
|
1858 | 1858 |
generated by GNU Autoconf 2.69 |
1859 | 1859 |
|
1860 | 1860 |
Copyright (C) 2012 Free Software Foundation, Inc. |
... | ... |
@@ -2444,7 +2444,7 @@ cat >config.log <<_ACEOF |
2444 | 2444 |
This file contains any messages produced by compilers while |
2445 | 2445 |
running configure, to aid debugging if configure makes a mistake. |
2446 | 2446 |
|
2447 |
-It was created by ClamAV $as_me 0.101.1, which was |
|
2447 |
+It was created by ClamAV $as_me 0.101.2, which was |
|
2448 | 2448 |
generated by GNU Autoconf 2.69. Invocation command line was |
2449 | 2449 |
|
2450 | 2450 |
$ $0 $@ |
... | ... |
@@ -4201,7 +4201,7 @@ fi |
4201 | 4201 |
|
4202 | 4202 |
# Define the identity of the package. |
4203 | 4203 |
PACKAGE='clamav' |
4204 |
- VERSION='0.101.1' |
|
4204 |
+ VERSION='0.101.2' |
|
4205 | 4205 |
|
4206 | 4206 |
|
4207 | 4207 |
# Some tools Automake needs. |
... | ... |
@@ -5929,10 +5929,10 @@ $as_echo "$ac_cv_safe_to_define___extensions__" >&6; } |
5929 | 5929 |
|
5930 | 5930 |
|
5931 | 5931 |
|
5932 |
-VERSION="0.101.1" |
|
5932 |
+VERSION="0.101.2" |
|
5933 | 5933 |
|
5934 | 5934 |
LC_CURRENT=9 |
5935 |
-LC_REVISION=1 |
|
5935 |
+LC_REVISION=2 |
|
5936 | 5936 |
LC_AGE=0 |
5937 | 5937 |
LIBCLAMAV_VERSION="$LC_CURRENT":"$LC_REVISION":"$LC_AGE" |
5938 | 5938 |
|
... | ... |
@@ -29986,7 +29986,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 |
29986 | 29986 |
# report actual input values of CONFIG_FILES etc. instead of their |
29987 | 29987 |
# values after options handling. |
29988 | 29988 |
ac_log=" |
29989 |
-This file was extended by ClamAV $as_me 0.101.1, which was |
|
29989 |
+This file was extended by ClamAV $as_me 0.101.2, which was |
|
29990 | 29990 |
generated by GNU Autoconf 2.69. Invocation command line was |
29991 | 29991 |
|
29992 | 29992 |
CONFIG_FILES = $CONFIG_FILES |
... | ... |
@@ -30053,7 +30053,7 @@ _ACEOF |
30053 | 30053 |
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 |
30054 | 30054 |
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" |
30055 | 30055 |
ac_cs_version="\\ |
30056 |
-ClamAV config.status 0.101.1 |
|
30056 |
+ClamAV config.status 0.101.2 |
|
30057 | 30057 |
configured by $0, generated by GNU Autoconf 2.69, |
30058 | 30058 |
with options \\"\$ac_cs_config\\" |
30059 | 30059 |
|
... | ... |
@@ -32875,7 +32875,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 |
32875 | 32875 |
# report actual input values of CONFIG_FILES etc. instead of their |
32876 | 32876 |
# values after options handling. |
32877 | 32877 |
ac_log=" |
32878 |
-This file was extended by ClamAV $as_me 0.101.1, which was |
|
32878 |
+This file was extended by ClamAV $as_me 0.101.2, which was |
|
32879 | 32879 |
generated by GNU Autoconf 2.69. Invocation command line was |
32880 | 32880 |
|
32881 | 32881 |
CONFIG_FILES = $CONFIG_FILES |
... | ... |
@@ -32942,7 +32942,7 @@ _ACEOF |
32942 | 32942 |
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 |
32943 | 32943 |
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" |
32944 | 32944 |
ac_cs_version="\\ |
32945 |
-ClamAV config.status 0.101.1 |
|
32945 |
+ClamAV config.status 0.101.2 |
|
32946 | 32946 |
configured by $0, generated by GNU Autoconf 2.69, |
32947 | 32947 |
with options \\"\$ac_cs_config\\" |
32948 | 32948 |
|
... | ... |
@@ -22,7 +22,7 @@ dnl MA 02110-1301, USA. |
22 | 22 |
AC_PREREQ([2.59]) |
23 | 23 |
dnl For a release change [devel] to the real version [0.xy] |
24 | 24 |
dnl also change VERSION below |
25 |
-AC_INIT([ClamAV], [0.101.1], [https://bugzilla.clamav.net/], [clamav], [https://www.clamav.net/]) |
|
25 |
+AC_INIT([ClamAV], [0.101.2], [https://bugzilla.clamav.net/], [clamav], [https://www.clamav.net/]) |
|
26 | 26 |
|
27 | 27 |
dnl enable C++ |
28 | 28 |
AC_PROG_CXX() |
... | ... |
@@ -6,9 +6,9 @@ If you wish to build ClamAV from source using Visual Studio 2015, please head ov |
6 | 6 |
|
7 | 7 |
Important: Installing ClamAV using the Installer will require Administrator privileges. |
8 | 8 |
|
9 |
-1. Download: http://www.clamav.net/downloads/production/ClamAV-0.101.1.exe |
|
9 |
+1. Download: http://www.clamav.net/downloads/production/ClamAV-0.101.2.exe |
|
10 | 10 |
2. Locate the file in your Downloads directory. |
11 |
-3. Right-click on `ClamAV-0.101.1.exe` and select `Run as administrator`. You may receive a warning message along the lines of "Windows protected your PC". Select `More info` and then select `Run anyway`. |
|
11 |
+3. Right-click on `ClamAV-0.101.2.exe` and select `Run as administrator`. You may receive a warning message along the lines of "Windows protected your PC". Select `More info` and then select `Run anyway`. |
|
12 | 12 |
4. Select `I accept the agreement` and click `Next`. |
13 | 13 |
5. Click `Next` again. If you've removed a previous installation of ClamAV, you may receive the prompt "The folder ... already exists...". If you do, select `Yes`. |
14 | 14 |
6. Click `Install`. |
... | ... |
@@ -28,9 +28,9 @@ Continue on to "First Time Set-Up" below... |
28 | 28 |
|
29 | 29 |
## Install using the ClamAV Portable Install Package |
30 | 30 |
|
31 |
-1. Download: https://www.clamav.net/downloads/production/clamav-0.101.1-win-x64-portable.zip |
|
31 |
+1. Download: https://www.clamav.net/downloads/production/clamav-0.101.2-win-x64-portable.zip |
|
32 | 32 |
2. Unzip it. |
33 |
-3. Open the `clamav-0.101.1-win-x64-portable` directory. |
|
33 |
+3. Open the `clamav-0.101.2-win-x64-portable` directory. |
|
34 | 34 |
4. Hold down Shift and then right-click on the background in the current directory (but not on one of the files). Select `"Open PowerShell window here"`. If that option doesn't appear, try again. |
35 | 35 |
|
36 | 36 |
Continue on to "First Time Set-Up"... |
... | ... |
@@ -114,9 +114,11 @@ enum FunctionalityLevels { |
114 | 114 |
FUNC_LEVEL_0100_0 = 91, /* LibClamAV release 0.100.0, 0.100.0-rc */ |
115 | 115 |
FUNC_LEVEL_0100_1 = 92, /**< LibClamAV release 0.100.1 */ |
116 | 116 |
FUNC_LEVEL_0100_2 = 93, /**< LibClamAV release 0.100.2 */ |
117 |
+ FUNC_LEVEL_0100_3 = 94, /**< LibClamAV release 0.100.3 */ |
|
117 | 118 |
FUNC_LEVEL_0101_0_BETA = 100, /* LibClamAV beta release 0.101.0-beta */ |
118 | 119 |
FUNC_LEVEL_0101_0 = 101, /* LibClamAV release 0.101.0, 0.101.0-rc */ |
119 | 120 |
FUNC_LEVEL_0101_1 = 102, /* LibClamAV release 0.101.1 */ |
121 |
+ FUNC_LEVEL_0101_2 = 103, /* LibClamAV release 0.101.3 */ |
|
120 | 122 |
FUNC_LEVEL_100 = 255 /* future release candidate */ |
121 | 123 |
}; |
122 | 124 |
|
... | ... |
@@ -1,9 +1,9 @@ |
1 | 1 |
dnl change this on a release |
2 | 2 |
dnl VERSION="devel-`date +%Y%m%d`" |
3 |
-VERSION="0.101.1" |
|
3 |
+VERSION="0.101.2" |
|
4 | 4 |
|
5 | 5 |
LC_CURRENT=9 |
6 |
-LC_REVISION=1 |
|
6 |
+LC_REVISION=2 |
|
7 | 7 |
LC_AGE=0 |
8 | 8 |
LIBCLAMAV_VERSION="$LC_CURRENT":"$LC_REVISION":"$LC_AGE" |
9 | 9 |
AC_SUBST([LIBCLAMAV_VERSION]) |
... | ... |
@@ -8,7 +8,7 @@ |
8 | 8 |
|
9 | 9 |
[Setup] |
10 | 10 |
AppName=ClamAV |
11 |
-AppVersion=0.101.1 |
|
11 |
+AppVersion=0.101.2 |
|
12 | 12 |
DefaultDirName={pf}\ClamAV |
13 | 13 |
DefaultGroupName=ClamAV |
14 | 14 |
AppCopyright=2019 Cisco Systems, Inc. |
... | ... |
@@ -20,7 +20,7 @@ UninstallDisplayName=ClamAV |
20 | 20 |
Compression=lzma2 |
21 | 21 |
SolidCompression=yes |
22 | 22 |
OutputDir=. |
23 |
-OutputBaseFilename=ClamAV-0.101.1 |
|
23 |
+OutputBaseFilename=ClamAV-0.101.2 |
|
24 | 24 |
WizardImageFile=demon.bmp |
25 | 25 |
WizardSmallImageFile=talos.bmp |
26 | 26 |
|
... | ... |
@@ -475,7 +475,7 @@ |
475 | 475 |
#define PACKAGE_NAME "ClamAV" |
476 | 476 |
|
477 | 477 |
/* Define to the full name and version of this package. */ |
478 |
-#define PACKAGE_STRING "ClamAV 0.101.1" |
|
478 |
+#define PACKAGE_STRING "ClamAV 0.101.2" |
|
479 | 479 |
|
480 | 480 |
/* Define to the one symbol short name of this package. */ |
481 | 481 |
#define PACKAGE_TARNAME "clamav" |
... | ... |
@@ -484,7 +484,7 @@ |
484 | 484 |
#define PACKAGE_URL "https://www.clamav.net/" |
485 | 485 |
|
486 | 486 |
/* Define to the version of this package. */ |
487 |
-#define PACKAGE_VERSION "0.101.1" |
|
487 |
+#define PACKAGE_VERSION "0.101.2" |
|
488 | 488 |
|
489 | 489 |
/* scan buffer size */ |
490 | 490 |
#define SCANBUFF 131072 |
... | ... |
@@ -520,7 +520,7 @@ |
520 | 520 |
/* #undef USE_SYSLOG */ |
521 | 521 |
|
522 | 522 |
/* Version number of package */ |
523 |
-#define VERSION "0.101.1" |
|
523 |
+#define VERSION "0.101.2" |
|
524 | 524 |
|
525 | 525 |
/* Version suffix for package */ |
526 | 526 |
#define VERSION_SUFFIX "" |