kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
pkgsrc/security/clamav
History
prlw1 2bbaa92ff0 Update clamav to 0.101.2 
Remove rar support to workaround PR pkg/54420

  This release includes 3 extra security related bug fixes that do not
   apply to prior versions. In addition, it includes a number of minor bug
   fixes and improvements.
     * Fixes for the following vulnerabilities affecting 0.101.1 and
       prior:
          + CVE-2019-1787: An out-of-bounds heap read condition may occur
            when scanning PDF documents. The defect is a failure to
            correctly keep track of the number of bytes remaining in a
            buffer when indexing file data.
          + CVE-2019-1789: An out-of-bounds heap read condition may occur
            when scanning PE files (i.e. Windows EXE and DLL files) that
            have been packed using Aspack as a result of inadequate
            bound-checking.
          + CVE-2019-1788: An out-of-bounds heap write condition may occur
            when scanning OLE2 files such as Microsoft Office 97-2003
            documents. The invalid write happens when an invalid pointer
            is mistakenly used to initialize a 32bit integer to zero. This
            is likely to crash the application.
     * Fixes for the following ClamAV vulnerabilities:
          + CVE-2018-15378: Vulnerability in ClamAV's MEW unpacking
            feature that could allow an unauthenticated, remote attacker
            to cause a denial of service (DoS) condition on an affected
            device. Reported by Secunia Research at Flexera.
          + Fix for a 2-byte buffer over-read bug in ClamAV's PDF parsing
            code. Reported by Alex Gaynor.
     * Fixes for the following vulnerabilities in bundled third-party
       libraries:
          + CVE-2018-14680: An issue was discovered in mspack/chmd.c in
            libmspack before 0.7alpha. It does not reject blank CHM
            filenames.
          + CVE-2018-14681: An issue was discovered in kwajd_read_headers
            in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file
            header extensions could cause a one or two byte overwrite.
          + CVE-2018-14682: An issue was discovered in mspack/chmd.c in
            libmspack before 0.7alpha. There is an off-by-one error in the
            TOLOWER() macro for CHM decompression.
          + Additionally, 0.100.2 reverted 0.100.1's patch for
            CVE-2018-14679, and applied libmspack's version of the fix in
            its place.
     * Fixes for the following CVE's:
          + CVE-2017-16932: Vulnerability in libxml2 dependency (affects
            ClamAV on Windows only).
          + CVE-2018-0360: HWP integer overflow, infinite loop
            vulnerability. Reported by Secunia Research at Flexera.
          + CVE-2018-0361: ClamAV PDF object length check, unreasonably
            long time to parse relatively small file. Reported by aCaB.

For the full release notes, see:
https://github.com/Cisco-Talos/clamav-devel/blob/clamav-0.101.2/NEWS.md
2019-08-05 14:44:20 +00:00
..
files Remove the stability entity, it has no meaning outside of an official context. 2016-06-08 10:16:50 +00:00
patches Update clamav to 0.101.2 2019-08-05 14:44:20 +00:00
buildlink3.mk Update clamav to 0.101.2 2019-08-05 14:44:20 +00:00
DEINSTALL
DESCR
distinfo Update clamav to 0.101.2 2019-08-05 14:44:20 +00:00
Makefile Update clamav to 0.101.2 2019-08-05 14:44:20 +00:00
Makefile.common Update clamav to 0.101.2 2019-08-05 14:44:20 +00:00
MESSAGE
options.mk Update clamav to 0.101.2 2019-08-05 14:44:20 +00:00
PLIST Update clamav to 0.101.2 2019-08-05 14:44:20 +00:00