OPNsense Forum
Archive => 17.7 Legacy Series => Topic started by: fabian on January 26, 2018, 05:45:40 pm
-
There are several vulnerabilities:
http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html (http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html)
Heise (german) has an article about it: https://www.heise.de/security/meldung/Jetzt-patchen-Angriffe-auf-Viren-Scanner-ClamAV-3951801.html (https://www.heise.de/security/meldung/Jetzt-patchen-Angriffe-auf-Viren-Scanner-ClamAV-3951801.html)
-
I'm not seeing an update available through the 'Check for Updates'
-
There won't be an update this week. Impossible timing. At work the secondary ClamAV signature fail caused worldwide issues so there was no time do deal with any of the actual updates yet...
http://lists.clamav.net/pipermail/clamav-users/2018-January/005722.html
Also note that ClamAV is not part of our core distribution.
The update hit the ports tree now: https://github.com/opnsense/ports/commit/46134d255
If anyone cares to upgrade *if* they use the os-clamav plugin:
# opnsense-code tools ports
# cd /usr/ports/security/clamav
# make
# make deinstall
# make install
Cheers,
Franco
-
Thanks Franco.
It required gmake to be installed but, once done, it installed.
-
Keep in mind that because the OPNsense Core Team has intelligently put security first by incorporating ASLR and SafeStack from HardenedBSD that attackers will likely have an extremely difficult time exploiting these vulnerabilities. Patching is still important (I'd say critical), but HardenedBSD's enhancements drive up the economic cost for attackers and help prevent successful exploitation.
-
@lattera: sure but DoS is still an issue...