Read this online at: https://blog.clamav.net/2024/04/clamav-131-123-106-patch-versions.html
Today, we are publishing the 1.3.1, 1.2.3, and 1.0.6 security patch versions.
The release files for the patch versions are available for download on the ClamAV downloads page<https://www.clamav.net/downloads>, on the GitHub Release page<https://github.com/Cisco-Talos/clamav/releases>, and through Docker Hub<https://hub.docker.com/r/clamav/clamav/>.
The images on Docker Hub may not be immediately available on release day.
Continue reading to learn what changed in each version.
1.3.1
ClamAV 1.3.1 is a critical patch release with the following fixes:
* CVE-2024-20380<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20380>: Fixed a possible crash in the HTML file parser that could cause a denial-of-service (DoS) condition.
This issue affects version 1.3.0 only and does not affect prior versions.
Thank you to B?a?ej Paw?owski for identifying this issue.
* GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1242>
* Updated select Rust dependencies to the latest versions. This resolved Cargo audit complaints and included PNG parser bug fixes.
* GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1227>
* Fixed a bug causing some text to be truncated when converting from UTF-16.
* GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1230>
* Fixed assorted complaints identified by Coverity static analysis.
* GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1235>
* Fixed a bug causing CVDs downloaded by the DatabaseCustomURL Freshclam config option to be pruned and then re-downloaded with every update.
* GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1238>
* Added the new 'valhalla' database name to the list of optional databases in preparation for future work.
* GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1238>
* Added symbols to the libclamav.map file to enable additional build configurations.
Patch courtesy of Neil Wilson.
* GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1244>
1.2.3
ClamAV 1.2.3 is a critical patch release with the following fixes:
* Updated select Rust dependencies to the latest versions. This resolved Cargo audit complaints and included PNG parser bug fixes.
* GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1226>
* Fixed a bug causing some text to be truncated when converting from UTF-16.
* GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1231>
* Fixed assorted complaints identified by Coverity static analysis.
* GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1236>
* Fixed a bug causing CVDs downloaded by the DatabaseCustomURL Freshclam config option to be pruned and then re-downloaded with every update.
* GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1239>
* Added the new 'valhalla' database name to the list of optional databases in preparation for future work.
* GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1239>
* Silenced a warning "Unexpected early end-of-file" that occured when scanning some PNG files.
* GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1215>
1.0.6
ClamAV 1.0.6 is a critical patch release with the following fixes:
* Updated select Rust dependencies to the latest versions. This resolved Cargo audit complaints and included PNG parser bug fixes.
* GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1225>
* Fixed a bug causing some text to be truncated when converting from UTF-16.
* GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1232>
* Fixed assorted complaints identified by Coverity static analysis.
* GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1237>
* Fixed a bug causing CVDs downloaded by the DatabaseCustomURL Freshclam config option to be pruned and then re-downloaded with every update.
* GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1240>
* Added the new 'valhalla' database name to the list of optional databases in preparation for future work.
* GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1240>
* Silenced a warning "Unexpected early end-of-file" that occured when scanning some PNG files.
* GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1216>
Micah Snyder (they/them)
ClamAV Development
Talos
Cisco Systems, Inc.
_______________________________________________
clamav-devel mailing list
clamav-devel@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-devel
Please submit your patches to our Github: https://github.com/Cisco-Talos/clamav-devel/pulls
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
Today, we are publishing the 1.3.1, 1.2.3, and 1.0.6 security patch versions.
The release files for the patch versions are available for download on the ClamAV downloads page<https://www.clamav.net/downloads>, on the GitHub Release page<https://github.com/Cisco-Talos/clamav/releases>, and through Docker Hub<https://hub.docker.com/r/clamav/clamav/>.
The images on Docker Hub may not be immediately available on release day.
Continue reading to learn what changed in each version.
1.3.1
ClamAV 1.3.1 is a critical patch release with the following fixes:
* CVE-2024-20380<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20380>: Fixed a possible crash in the HTML file parser that could cause a denial-of-service (DoS) condition.
This issue affects version 1.3.0 only and does not affect prior versions.
Thank you to B?a?ej Paw?owski for identifying this issue.
* GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1242>
* Updated select Rust dependencies to the latest versions. This resolved Cargo audit complaints and included PNG parser bug fixes.
* GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1227>
* Fixed a bug causing some text to be truncated when converting from UTF-16.
* GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1230>
* Fixed assorted complaints identified by Coverity static analysis.
* GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1235>
* Fixed a bug causing CVDs downloaded by the DatabaseCustomURL Freshclam config option to be pruned and then re-downloaded with every update.
* GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1238>
* Added the new 'valhalla' database name to the list of optional databases in preparation for future work.
* GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1238>
* Added symbols to the libclamav.map file to enable additional build configurations.
Patch courtesy of Neil Wilson.
* GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1244>
1.2.3
ClamAV 1.2.3 is a critical patch release with the following fixes:
* Updated select Rust dependencies to the latest versions. This resolved Cargo audit complaints and included PNG parser bug fixes.
* GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1226>
* Fixed a bug causing some text to be truncated when converting from UTF-16.
* GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1231>
* Fixed assorted complaints identified by Coverity static analysis.
* GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1236>
* Fixed a bug causing CVDs downloaded by the DatabaseCustomURL Freshclam config option to be pruned and then re-downloaded with every update.
* GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1239>
* Added the new 'valhalla' database name to the list of optional databases in preparation for future work.
* GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1239>
* Silenced a warning "Unexpected early end-of-file" that occured when scanning some PNG files.
* GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1215>
1.0.6
ClamAV 1.0.6 is a critical patch release with the following fixes:
* Updated select Rust dependencies to the latest versions. This resolved Cargo audit complaints and included PNG parser bug fixes.
* GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1225>
* Fixed a bug causing some text to be truncated when converting from UTF-16.
* GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1232>
* Fixed assorted complaints identified by Coverity static analysis.
* GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1237>
* Fixed a bug causing CVDs downloaded by the DatabaseCustomURL Freshclam config option to be pruned and then re-downloaded with every update.
* GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1240>
* Added the new 'valhalla' database name to the list of optional databases in preparation for future work.
* GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1240>
* Silenced a warning "Unexpected early end-of-file" that occured when scanning some PNG files.
* GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1216>
Micah Snyder (they/them)
ClamAV Development
Talos
Cisco Systems, Inc.
_______________________________________________
clamav-devel mailing list
clamav-devel@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-devel
Please submit your patches to our Github: https://github.com/Cisco-Talos/clamav-devel/pulls
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml