Monthly Archives: April 2024

Advisories

et-6.2.1-15.fc38

Read Time:7 Second

FEDORA-2024-29120efcc4

Packages in this update:

et-6.2.1-15.fc38

Update description:

Unbundle cpp-httlib, fixing CVE-2023-26130

Read More

Advisories

clamav-1.0.6-1.fc40

Read Time:55 Second

FEDORA-2024-34474f346b

Packages in this update:

clamav-1.0.6-1.fc40

Update description:

ClamAV 1.0.6 is a critical patch release with the following fixes:

Updated select Rust dependencies to the latest versions. This resolved Cargo audit complaints and included PNG parser bug fixes.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1225

Fixed a bug causing some text to be truncated when converting from UTF-16.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1232

Fixed assorted complaints identified by Coverity static analysis.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1237

Fixed a bug causing CVDs downloaded by the DatabaseCustomURL Freshclam config option to be pruned and then re-downloaded with every update.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1240

Added the new ‘valhalla’ database name to the list of optional databases in preparation for future work.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1240

Silenced a warning “Unexpected early end-of-file” that occured when scanning some PNG files.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1216

Read More

Advisories

clamav-1.0.6-1.fc39

Read Time:55 Second

FEDORA-2024-1a79c2ef63

Packages in this update:

clamav-1.0.6-1.fc39

Update description:

ClamAV 1.0.6 is a critical patch release with the following fixes:

Updated select Rust dependencies to the latest versions. This resolved Cargo audit complaints and included PNG parser bug fixes.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1225

Fixed a bug causing some text to be truncated when converting from UTF-16.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1232

Fixed assorted complaints identified by Coverity static analysis.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1237

Fixed a bug causing CVDs downloaded by the DatabaseCustomURL Freshclam config option to be pruned and then re-downloaded with every update.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1240

Added the new ‘valhalla’ database name to the list of optional databases in preparation for future work.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1240

Silenced a warning “Unexpected early end-of-file” that occured when scanning some PNG files.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1216

Read More

Advisories

clamav-1.0.6-1.el9

Read Time:55 Second

FEDORA-EPEL-2024-25c9732d41

Packages in this update:

clamav-1.0.6-1.el9

Update description:

ClamAV 1.0.6 is a critical patch release with the following fixes:

Updated select Rust dependencies to the latest versions. This resolved Cargo audit complaints and included PNG parser bug fixes.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1225

Fixed a bug causing some text to be truncated when converting from UTF-16.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1232

Fixed assorted complaints identified by Coverity static analysis.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1237

Fixed a bug causing CVDs downloaded by the DatabaseCustomURL Freshclam config option to be pruned and then re-downloaded with every update.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1240

Added the new ‘valhalla’ database name to the list of optional databases in preparation for future work.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1240

Silenced a warning “Unexpected early end-of-file” that occured when scanning some PNG files.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1216

Read More

Advisories

clamav-1.0.6-1.fc38

Read Time:55 Second

FEDORA-2024-92b8ac25a5

Packages in this update:

clamav-1.0.6-1.fc38

Update description:

ClamAV 1.0.6 is a critical patch release with the following fixes:

Updated select Rust dependencies to the latest versions. This resolved Cargo audit complaints and included PNG parser bug fixes.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1225

Fixed a bug causing some text to be truncated when converting from UTF-16.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1232

Fixed assorted complaints identified by Coverity static analysis.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1237

Fixed a bug causing CVDs downloaded by the DatabaseCustomURL Freshclam config option to be pruned and then re-downloaded with every update.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1240

Added the new ‘valhalla’ database name to the list of optional databases in preparation for future work.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1240

Silenced a warning “Unexpected early end-of-file” that occured when scanning some PNG files.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1216

Read More

Advisories

USN-6754-1: nghttp2 vulnerabilities

Read Time:41 Second

It was discovered that nghttp2 incorrectly handled the HTTP/2
implementation. A remote attacker could possibly use this issue to cause
nghttp2 to consume resources, leading to a denial of service. This issue
only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-9511,
CVE-2019-9513)

It was discovered that nghttp2 incorrectly handled request cancellation. A
remote attacker could possibly use this issue to cause nghttp2 to consume
resources, leading to a denial of service. This issue only affected Ubuntu
16.04 LTS and Ubuntu 18.04 LTS. (CVE-2023-44487)

It was discovered that nghttp2 could be made to process an unlimited number
of HTTP/2 CONTINUATION frames. A remote attacker could possibly use this
issue to cause nghttp2 to consume resources, leading to a denial of
service. (CVE-2024-28182)

Read More