pkgsrc/security/clamav
taca b54e9cd017 security/clamav: update to 0.102.4
Update clamav to 0.102.4.


## 0.102.4

ClamAV 0.102.4 is a bug patch release to address the following issues.

- [CVE-2020-3350](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3350):
  Fix a vulnerability wherein a malicious user could replace a scan target's
  directory with a symlink to another path to trick clamscan, clamdscan, or
  clamonacc into removing or moving a different file (eg. a critical system
  file). The issue would affect users that use the --move or --remove options
  for clamscan, clamdscan, and clamonacc.

  For more information about AV quarantine attacks using links, see the
  [RACK911 Lab's report](https://www.rack911labs.com/research/exploiting-almost-every-antivirus-software).

- [CVE-2020-3327](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3327):
  Fix a vulnerability in the ARJ archive parsing module in ClamAV 0.102.3 that
  could cause a Denial-of-Service (DoS) condition. Improper bounds checking
  results in an out-of-bounds read which could cause a crash.
  The previous fix for this CVE in 0.102.3 was incomplete. This fix correctly
  resolves the issue.

- [CVE-2020-3481](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3481):
  Fix a vulnerability in the EGG archive module in ClamAV 0.102.0 - 0.102.3
  could cause a Denial-of-Service (DoS) condition. Improper error handling
  may result in a crash due to a NULL pointer dereference.
  This vulnerability is mitigated for those using the official ClamAV
  signature databases because the file type signatures in daily.cvd
  will not enable the EGG archive parser in versions affected by the
  vulnerability.
2020-07-17 04:48:32 +00:00
..
files
patches security/clamav: update to 0.102.1 2019-12-03 12:55:16 +00:00
buildlink3.mk Revbump for icu 2020-06-02 08:22:31 +00:00
DEINSTALL
DESCR
distinfo security/clamav: update to 0.102.4 2020-07-17 04:48:32 +00:00
Makefile security/clamav: update to 0.102.4 2020-07-17 04:48:32 +00:00
Makefile.common security/clamav: update to 0.102.4 2020-07-17 04:48:32 +00:00
MESSAGE
options.mk Update clamav to 0.101.2 2019-08-05 14:44:20 +00:00
PLIST Update clamav to 0.102.0 2019-10-10 15:41:29 +00:00