I think some may be fixed already. I've opened ticket 11961 in the ClamAV bugzilla for followup and tracking.
Steve On Mon, Nov 20, 2017 at 2:54 PM, Zetan Drableg <[email protected]> wrote: > Hi, > Anyone know when these CVEs will be fixed? Does clamav provide a 0.99.2 > security fix branch or I need to consume 0.99.3 devel? Does EPEL backport > fixes? > > CVE-2017-6418 > CVE-2017-6419 > CVE-2017-6420 > > It was discovered that ClamAV incorrectly handled parsing certain e-mail > messages. A remote attacker could possibly use this issue to cause ClamAV > to crash, resulting in a denial of service. (CVE-2017-6418 > <http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6418>) > > It was discovered that ClamAV incorrectly handled certain malformed CHM > files. A remote attacker could use this issue to cause ClamAV to crash, > resulting in a denial of service, or possibly execute arbitrary code. This > issue only affected Ubuntu 14.04 LTS. In the default installation, > attackers would be isolated by the ClamAV AppArmor profile. (CVE-2017-6419 > <http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6419>) > It was discovered that ClamAV incorrectly handled parsing certain PE files > with WWPack compression. A remote attacker could possibly use this issue to > cause ClamAV to crash, resulting in a denial of service. (CVE-2017-6420 > <http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6420>) > > Thank you > _______________________________________________ > clamav-users mailing list > [email protected] > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > _______________________________________________ clamav-users mailing list [email protected] http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
