Browse code
Merge pull request #13 from cisco-sbg/CLAM-2638-0.103.12-news
| ... | ... |
@@ -42,9 +42,6 @@ properties( |
| 42 | 42 |
string(name: 'FUZZ_CORPUS_BRANCH', |
| 43 | 43 |
defaultValue: '0.103', |
| 44 | 44 |
description: 'private-fuzz-corpus branch'), |
| 45 |
- string(name: 'APPCHECK_PIPELINE', |
|
| 46 |
- defaultValue: 'appcheck-0.103', |
|
| 47 |
- description: 'test-pipelines branch for appcheck'), |
|
| 48 | 45 |
string(name: 'SHARED_LIB_BRANCH', |
| 49 | 46 |
defaultValue: '0.103', |
| 50 | 47 |
description: 'tests-jenkins-shared-libraries branch') |
| ... | ... |
@@ -199,23 +196,6 @@ node('docker') {
|
| 199 | 199 |
} |
| 200 | 200 |
} |
| 201 | 201 |
|
| 202 |
- tasks["appcheck"] = {
|
|
| 203 |
- stage("AppCheck") {
|
|
| 204 |
- final appcheckResult = build(job: "test-pipelines/${params.APPCHECK_PIPELINE}",
|
|
| 205 |
- propagate: true, |
|
| 206 |
- wait: true, |
|
| 207 |
- parameters: [ |
|
| 208 |
- [$class: 'StringParameterValue', name: 'CLAMAV_JOB_NAME', value: "${JOB_NAME}"],
|
|
| 209 |
- [$class: 'StringParameterValue', name: 'CLAMAV_JOB_NUMBER', value: "${BUILD_NUMBER}"],
|
|
| 210 |
- [$class: 'StringParameterValue', name: 'BUILD_JOB_NAME', value: "test-pipelines/${params.BUILD_PIPELINE}"],
|
|
| 211 |
- [$class: 'StringParameterValue', name: 'BUILD_JOB_NUMBER', value: "${buildResult.number}"],
|
|
| 212 |
- [$class: 'StringParameterValue', name: 'VERSION', value: "${params.VERSION}"]
|
|
| 213 |
- ] |
|
| 214 |
- ) |
|
| 215 |
- echo "test-pipelines/${params.APPCHECK_PIPELINE} #${appcheckResult.number} succeeded."
|
|
| 216 |
- } |
|
| 217 |
- } |
|
| 218 |
- |
|
| 219 | 202 |
parallel tasks |
| 220 | 203 |
} |
| 221 | 204 |
} |
| ... | ... |
@@ -7,6 +7,44 @@ Note: This file refers to the source tarball. Things described here may differ |
| 7 | 7 |
|
| 8 | 8 |
ClamAV 0.103.12 is a patch release with the following fixes: |
| 9 | 9 |
|
| 10 |
+- [CVE-2024-20506](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20506): |
|
| 11 |
+ Changed the logging module to disable following symlinks on Linux and Unix |
|
| 12 |
+ systems so as to prevent an attacker with existing access to the 'clamd' or |
|
| 13 |
+ 'freshclam' services from using a symlink to corrupt system files. |
|
| 14 |
+ |
|
| 15 |
+ This issue affects all currently supported versions. It will be fixed in: |
|
| 16 |
+ - 1.4.1 |
|
| 17 |
+ - 1.3.2 |
|
| 18 |
+ - 1.0.7 |
|
| 19 |
+ - 0.103.12 |
|
| 20 |
+ |
|
| 21 |
+ Thank you to Detlef for identifying this issue. |
|
| 22 |
+ |
|
| 23 |
+- [CVE-2024-20505](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20505): |
|
| 24 |
+ Fixed a possible out-of-bounds read bug in the PDF file parser that could |
|
| 25 |
+ cause a denial-of-service (DoS) condition. |
|
| 26 |
+ |
|
| 27 |
+ This issue affects all currently supported versions. It will be fixed in: |
|
| 28 |
+ - 1.4.1 |
|
| 29 |
+ - 1.3.2 |
|
| 30 |
+ - 1.0.7 |
|
| 31 |
+ - 0.103.12 |
|
| 32 |
+ |
|
| 33 |
+ Thank you to OSS-Fuzz for identifying this issue. |
|
| 34 |
+ |
|
| 35 |
+- ClamOnAcc: Fixed an infinite loop when a watched directory does not exist. |
|
| 36 |
+ - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1198) |
|
| 37 |
+ |
|
| 38 |
+- Fixed a bug causing CVDs downloaded by the `DatabaseCustomURL` Freshclam |
|
| 39 |
+ config option to be pruned and then re-downloaded with every update. |
|
| 40 |
+ Also added the new 'valhalla' database name to the list of optional databases |
|
| 41 |
+ in preparation for future work. |
|
| 42 |
+ - Backport of [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1233) |
|
| 43 |
+ |
|
| 44 |
+- Fixed an unaligned pointer dereference issue on select architectures. |
|
| 45 |
+ Fix courtesy of Sebastian Andrzej Siewior. |
|
| 46 |
+ - Backport of [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1293) |
|
| 47 |
+ |
|
| 10 | 48 |
## 0.103.11 |
| 11 | 49 |
|
| 12 | 50 |
ClamAV 0.103.11 is a patch release with the following fixes: |