ClamAV 0.105.2 is a critical patch release with the following fixes:
-
CVE-2023-20032:
Fixed a possible remote code execution vulnerability in the HFS+ file parser.
Issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and
earlier.
Thank you to Simon Scannell for reporting this issue. -
CVE-2023-20052:
Fixed a possible remote information leak vulnerability in the DMG file parser.
Issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and
earlier.
Thank you to Simon Scannell for reporting this issue. -
Fixed an issue loading Yara rules containing regex strings with an escaped
forward-slash (\/) followed by a colon (:).- GitHub pull request: #695
-
Moved the ClamAV Docker files for building containers to a new Git repository.
The Docker files are now in https://github.com/Cisco-Talos/clamav-docker.
This change enables us to fix issues with the images and with the supporting
scripts used to publish and update the images without committing changes
directly to files in the ClamAV release branches.- GitHub pull request: #765
-
Update vendored libmspack library to version 0.11alpha.
- GitHub pull request: #829
Special thanks to the following people for code contributions and bug reports:
- Simon Scannell