Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Debian LTS Advisory ([SECURITY] [DLA 1953-1] clamav security update)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The remote host is missing an update for the 'clamav' package(s) announced via the DSA-1953-1 advisory.
Insight
Insight
It was discovered that clamav, the open source antivirus engine, is affected by the following security vulnerabilities: CVE-2019-12625 Denial of Service (DoS) vulnerability, resulting from excessively long scan times caused by non-recursive zip bombs. Among others, this issue was mitigated by introducing a scan time limit. CVE-2019-12900 Out-of-bounds write in ClamAV's NSIS bzip2 library when attempting decompression in cases where the number of selectors exceeded the max limit set by the library. This update triggers a transition from libclamav7 to libclama9. As a result, several other packages will be recompiled against the fixed package after the release of this update: dansguardian, havp, python-pyclamav, c-icap-modules.
Affected Software
Affected Software
'clamav' package(s) on Debian Linux.
Detection Method
Detection Method
Checks if a vulnerable package version is present on the target host.
Solution
Solution
For Debian 8 'Jessie', these problems have been fixed in version 0.101.4+dfsg-0+deb8u1. We recommend that you upgrade your clamav packages.