Updated versions have been published:
Ubuntu 22.10
* clamav - 0.103.8+dfsg-0ubuntu0.22.10.1
Ubuntu 22.04
* clamav - 0.103.8+dfsg-0ubuntu0.22.04.1
Ubuntu 20.04
* clamav - 0.103.8+dfsg-0ubuntu0.20.04.1
Ubuntu 18.04
* clamav - 0.103.8+dfsg-0ubuntu0.18.04.1
More information in:
Hi Keath,
It takes time because it is a newer version update. As you can see in comment
#4 it is currently available for testing on security-proposed ppa. If you could
test it and give us a feedback that it is working properly that would be much
appreciated. Also we are currently having issues
I'm sorry,... but why is this critical bug taking so long?
It's in the wild and effects a large population... (since the 16'th)
This is the type of thing that kills distros (i.e. Gentoo)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the
https://ubuntu.com/security/CVE-2023-20032 lists this CVE as a medium priority.
The Google security-research team rates it as high severity and has a POC zip
file that will crash ClamAV in default configuration when it scans it.
Updated 0.103.8 versions have been pushed to the security-proposed PPA
(https://launchpad.net/~ubuntu-security-
proposed/+archive/ubuntu/ppa/+packages?field.name_filter=clamav_filter=published_filter=)
Feel free to test them and communicate any possible issues.
Thanks for the help!
--
You
We are currently working on updates, and they should be released within
the next few days.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/2007456
Title:
CVE-2023-20032: Fixed a possible
We did a temporary inplace-replacement with the 1.0.1 LTS clamav:
https://blog.werk21.de/en/2023/02/20/update-place-replacement-clamav-ubuntu
We have package-dependencies and were not able to purge the original
packages so we decided to override the bins and libs temporary. Maybe
you want to
Is there anything that I, and/or others, can do to help resolve this
CVE? As its a critical (9.8 CVE) RCE, I'm quite concerned about running
ClamAV right now with any exposure to the internet, and have begun
looking into compiling a drop-in replacement of ClamAV for this existing
package.
If
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-20032
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/2007456
Title:
CVE-2023-20032: Fixed a possible remote code execution
** Information type changed from Private Security to Public Security
** Also affects: clamav (Ubuntu Kinetic)
Importance: Undecided
Status: New
** Also affects: clamav (Ubuntu Bionic)
Importance: Undecided
Status: New
** Also affects: clamav (Ubuntu Lunar)
Importance:
10 matches
Mail list logo