Potential security issue fixed in 1.1.2, 1.0.3 and 0.103.10
Bug #2046372 reported by
Tevz Murkovic
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| clamav (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
| Focal |
Triaged
|
Undecided
|
Unassigned | ||
| Jammy |
Triaged
|
Undecided
|
Unassigned | ||
| Lunar |
Triaged
|
Undecided
|
Unassigned | ||
| Mantic |
Triaged
|
Undecided
|
Unassigned | ||
| Noble |
Fix Released
|
Undecided
|
Unassigned | ||
| libclamunrar (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
| Focal |
New
|
Undecided
|
Unassigned | ||
| Jammy |
New
|
Undecided
|
Unassigned | ||
| Lunar |
New
|
Undecided
|
Unassigned | ||
| Mantic |
New
|
Undecided
|
Unassigned | ||
| Noble |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
ClamAV uses the UnRAR library, which had a vulnerability CVE-2023-40477 (buffer overflow).
Due to concerns that the vulnerability also affects ClamAV, it has been updated to 1.1.2, 1.0.3 and 0.103.10.
Please consider updating the package to the versions mentioned above.
More information: https:/
Thank you in advance,
Tevz
CVE References
| information type: | Private Security → Public Security |
Revision history for this message
| Lena Voytek (lvoytek) wrote | #1 |
| Changed in clamav (Ubuntu Noble): | |
| status: | New → Fix Released |
| Changed in libclamunrar (Ubuntu Noble): | |
| status: | New → Fix Released |
| Changed in clamav (Ubuntu Focal): | |
| status: | New → Triaged |
| Changed in clamav (Ubuntu Jammy): | |
| status: | New → Triaged |
| Changed in clamav (Ubuntu Lunar): | |
| status: | New → Triaged |
| Changed in clamav (Ubuntu Mantic): | |
| status: | New → Triaged |
To post a comment you must log in.
Thank you for the bug report. Looks like the devel release was updated to fix this on 2023-12-12. Focal, Jammy, Lunar, and Mantic still need the fix. Marking as such.