Text only | Text with Images

OPNsense Forum

Archive => 24.1, 24.4 Legacy Series => Topic started by: spetrillo on May 13, 2024, 08:31:57 PM

Title: ClamAV Vunerability??
Post by: spetrillo on May 13, 2024, 08:31:57 PM
Is this an issue and is there a fix??

***GOT REQUEST TO AUDIT SECURITY***
Currently running OPNsense 24.1.6 at Mon May 13 13:30:44 CDT 2024
vulnxml file up-to-date
clamav-1.3.0_2,1 is vulnerable:
  clamav -- Possible crash in the HTML file parser that could cause a denial-of-service (DoS) condition
  CVE: CVE-2024-20380
  WWW: https://vuxml.FreeBSD.org/freebsd/ecafc4af-fe8a-11ee-890c-08002784c58d.html

1 problem(s) in 1 installed package(s) found.
***DONE***
Title: Re: ClamAV Vunerability??
Post by: franco on May 13, 2024, 08:34:44 PM
Don't know. You want me to click the link to find out? :)


Cheers,
Franco
Title: Re: ClamAV Vunerability??
Post by: spetrillo on May 13, 2024, 08:50:00 PM
Looks like it's a new vulnerability. I was really asking if ppl were aware of the vulnerability.
Title: Re: ClamAV Vunerability??
Post by: franco on May 13, 2024, 10:18:01 PM
Appears to be a hit-and-miss in the ports tree shortly after 24.1.6 was done:

https://github.com/opnsense/ports/commit/1a10ccddb8

But that also means 24.1.7 will fix it by updating to the patched version on Wednesday.


Cheers,
Franco
Text only | Text with Images