Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#54730 - [clamav] clamav affected by unrar vulnerability
Attached to Project:
Arch Linux
Opened by alex (kabolt) - Friday, 07 July 2017, 06:31 GMT
Last edited by Levente Polyak (anthraxx) - Monday, 22 October 2018, 19:39 GMT
Opened by alex (kabolt) - Friday, 07 July 2017, 06:31 GMT
Last edited by Levente Polyak (anthraxx) - Monday, 22 October 2018, 19:39 GMT
|
DetailsDescription:
clamav uses an own rar library for decompressing and the last update was in may. So most probably the hole is in archlinux present. In SUSE they fixed the vulnerability yesterday. German: https://www.pro-linux.de/sicherheit/2/39454/ausf%C3%BChren-beliebiger-kommandos-in-clam-antivirus.html English: https://bugzilla.suse.com/show_bug.cgi?id=1045490 |
This task depends upon
Closed by Levente Polyak (anthraxx)
Monday, 22 October 2018, 19:39 GMT
Reason for closing: Fixed
Additional comments about closing: fix present in 0.100.2
Monday, 22 October 2018, 19:39 GMT
Reason for closing: Fixed
Additional comments about closing: fix present in 0.100.2