Potential security issue fixed in 1.1.2, 1.0.3 and 0.103.10
Bug #2046372 reported by
Tevz Murkovic
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
clamav (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Triaged
|
Undecided
|
Unassigned | ||
Jammy |
Triaged
|
Undecided
|
Unassigned | ||
Lunar |
Won't Fix
|
Undecided
|
Unassigned | ||
Mantic |
Won't Fix
|
Undecided
|
Unassigned | ||
Noble |
Fix Released
|
Undecided
|
Unassigned | ||
libclamunrar (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
New
|
Undecided
|
Unassigned | ||
Jammy |
New
|
Undecided
|
Unassigned | ||
Lunar |
Won't Fix
|
Undecided
|
Unassigned | ||
Mantic |
Won't Fix
|
Undecided
|
Unassigned | ||
Noble |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
ClamAV uses the UnRAR library, which had a vulnerability CVE-2023-40477 (buffer overflow).
Due to concerns that the vulnerability also affects ClamAV, it has been updated to 1.1.2, 1.0.3 and 0.103.10.
Please consider updating the package to the versions mentioned above.
More information: https:/
Thank you in advance,
Tevz
CVE References
information type: | Private Security → Public Security |
Changed in clamav (Ubuntu Mantic): | |
status: | Triaged → Won't Fix |
Changed in libclamunrar (Ubuntu Mantic): | |
status: | New → Won't Fix |
To post a comment you must log in.
Thank you for the bug report. Looks like the devel release was updated to fix this on 2023-12-12. Focal, Jammy, Lunar, and Mantic still need the fix. Marking as such.