[Buildroot] [git commit branch/2023.02.x] package/clamav: security bump to version 0.103.9
Peter Korsgaard
peter at korsgaard.com
Wed Sep 13 13:09:22 UTC 2023
commit: https://git.buildroot.net/buildroot/commit/?id=70c694ef492f7d816c12a6c1d2418c4b0e94095e
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2023.02.x
Fixes the following security issue:
- CVE-2023-20197: A vulnerability in the filesystem image parser for
Hierarchical File System Plus (HFS+) of ClamAV could allow an
unauthenticated, remote attacker to cause a denial of service (DoS)
condition on an affected device. This vulnerability is due to an
incorrect check for completion when a file is decompressed, which may
result in a loop condition that could cause the affected software to stop
responding.
For details, see the announcement:
https://blog.clamav.net/2023/07/2023-08-16-releases.html
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
---
package/clamav/clamav.hash | 2 +-
package/clamav/clamav.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/clamav/clamav.hash b/package/clamav/clamav.hash
index 27f9b16a39..e8173cd0f9 100644
--- a/package/clamav/clamav.hash
+++ b/package/clamav/clamav.hash
@@ -1,5 +1,5 @@
# Locally calculated
-sha256 6f49da6ee927936de13d359e559d3944248e3a257d40b80b6c99ebe6fe8c8c3f clamav-0.103.8.tar.gz
+sha256 bd9345671c8089b2bbbd8c34be3bca04cffa3142cf7a3afc12527037dfd3aa88 clamav-0.103.9.tar.gz
sha256 0c4fd2fa9733fc9122503797648710851e4ee6d9e4969dd33fcbd8c63cd2f584 COPYING
sha256 d72a145c90918184a05ef65a04c9e6f7466faa59bc1b82c8f6a8ddc7ddcb9bed COPYING.bzip2
sha256 dfb818a0d41411c6fb1c193c68b73018ceadd1994bda41ad541cbff292894bc6 COPYING.file
diff --git a/package/clamav/clamav.mk b/package/clamav/clamav.mk
index 0f0491bf0d..c4ef395cec 100644
--- a/package/clamav/clamav.mk
+++ b/package/clamav/clamav.mk
@@ -4,7 +4,7 @@
#
################################################################################
-CLAMAV_VERSION = 0.103.8
+CLAMAV_VERSION = 0.103.9
CLAMAV_SITE = https://www.clamav.net/downloads/production
CLAMAV_LICENSE = GPL-2.0
CLAMAV_LICENSE_FILES = COPYING COPYING.bzip2 COPYING.file COPYING.getopt \
More information about the buildroot
mailing list