ClamAV update versions 0.103.8, 0.105.2 and 1.0.1 fix vulnerabilities
Systems running the antivirus solution ClamAV are vulnerable andt the updates protect against possible attacks.
ClamAV open-source anti-virus developers have fixed two security gaps in three versions of the virus scanner. One is considered critical. Systems running the antivirus solution ClamAV are vulnerable. After successful attacks, attackers could execute malicious code. The new security updates solve the security problem.
As can be seen from the according blog post, the developers have released ClamAV versions 0.103.8, 0.105.2 and 1.0.1, which are protected against possible attacks. Support for ClamAV 0.104 has ended, there are no more security patches for this release.
A vulnerability classified as critical is considered to be particularly dangerous (CVE-2023-20032). This affects the HFS+ file parser. In a way that is not described in detail, attackers could trigger a memory error due to insufficient checks and thereby push malicious code onto systems and execute it.
The second vulnerability CVE-2023-20052 classified as medium risk is found in the DMG file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier.
Anyone who uses the open source virus scanner should get an update.