Read this online at https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html
-----------------
Today, we are releasing the following critical patch versions for ClamAV:
* 0.103.8
* 0.105.2
* 1.0.1
ClamAV 0.104 has reached end-of-life according to the ClamAV End of Life (EOL) policy<https://docs.clamav.net/faq/faq-eol.html> and will not be patched. Anyone using ClamAV 0.104 must switch to a supported version. All users should update as soon as possible to patch for two remote code execution vulnerabilities that we recently discovered and patched.
The release files are available for download on ClamAV.net<https://www.clamav.net/downloads>, on the Github Release page<https://github.com/Cisco-Talos/clamav/releases>, and through Docker Hub<https://hub.docker.com/r/clamav/clamav/>.
1.0.1
ClamAV 1.0.1 is a critical patch release with the following fixes:
* CVE-2023-20032<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20032>: Fixed a possible remote code execution vulnerability in the HFS+ file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue.
* CVE-2023-20052<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20052>: Fixed a possible remote information leak vulnerability in the DMG file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue.
* Fix an allmatch detection issue with the preclass bytecode hook.
* GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/825
* Update the vendored libmspack library to version 0.11alpha.
* GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/828
0.105.2
ClamAV 0.105.2 is a critical patch release with the following fixes:
* CVE-2023-20032<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20032>: Fixed a possible remote code execution vulnerability in the HFS+ file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue.
* CVE-2023-20052<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20052>: Fixed a possible remote information leak vulnerability in the DMG file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue.
* Fixed an issue loading Yara rules containing regex strings with an escaped forward-slash (\/) followed by a colon (:).
* GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/695
* Moved the ClamAV Docker files for building containers to a new Git repository. The Docker files are now in https://github.com/Cisco-Talos/clamav-docker. This change enables us to fix issues with the images and with the supporting scripts used to publish and update the images without committing changes directly to files in the ClamAV release branches.
* GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/765
* Update the vendored libmspack library to version 0.11alpha.
* GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/829
0.103.8
ClamAV 0.103.8 is a critical patch release with the following fixes:
* CVE-2023-20032<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20032>: Fixed a possible remote code execution vulnerability in the HFS+ file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue.
* CVE-2023-20052<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20052>: Fixed a possible remote information leak vulnerability in the DMG file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue.
* Update the vendored libmspack library to version 0.11alpha.
* GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/830
Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.
-----------------
Today, we are releasing the following critical patch versions for ClamAV:
* 0.103.8
* 0.105.2
* 1.0.1
ClamAV 0.104 has reached end-of-life according to the ClamAV End of Life (EOL) policy<https://docs.clamav.net/faq/faq-eol.html> and will not be patched. Anyone using ClamAV 0.104 must switch to a supported version. All users should update as soon as possible to patch for two remote code execution vulnerabilities that we recently discovered and patched.
The release files are available for download on ClamAV.net<https://www.clamav.net/downloads>, on the Github Release page<https://github.com/Cisco-Talos/clamav/releases>, and through Docker Hub<https://hub.docker.com/r/clamav/clamav/>.
1.0.1
ClamAV 1.0.1 is a critical patch release with the following fixes:
* CVE-2023-20032<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20032>: Fixed a possible remote code execution vulnerability in the HFS+ file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue.
* CVE-2023-20052<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20052>: Fixed a possible remote information leak vulnerability in the DMG file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue.
* Fix an allmatch detection issue with the preclass bytecode hook.
* GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/825
* Update the vendored libmspack library to version 0.11alpha.
* GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/828
0.105.2
ClamAV 0.105.2 is a critical patch release with the following fixes:
* CVE-2023-20032<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20032>: Fixed a possible remote code execution vulnerability in the HFS+ file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue.
* CVE-2023-20052<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20052>: Fixed a possible remote information leak vulnerability in the DMG file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue.
* Fixed an issue loading Yara rules containing regex strings with an escaped forward-slash (\/) followed by a colon (:).
* GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/695
* Moved the ClamAV Docker files for building containers to a new Git repository. The Docker files are now in https://github.com/Cisco-Talos/clamav-docker. This change enables us to fix issues with the images and with the supporting scripts used to publish and update the images without committing changes directly to files in the ClamAV release branches.
* GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/765
* Update the vendored libmspack library to version 0.11alpha.
* GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/829
0.103.8
ClamAV 0.103.8 is a critical patch release with the following fixes:
* CVE-2023-20032<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20032>: Fixed a possible remote code execution vulnerability in the HFS+ file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue.
* CVE-2023-20052<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20052>: Fixed a possible remote information leak vulnerability in the DMG file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue.
* Update the vendored libmspack library to version 0.11alpha.
* GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/830
Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.
