ClamAV Vunerability??

spetrillo · May 13, 2024, 08:31:57 PM

Is this an issue and is there a fix??

***GOT REQUEST TO AUDIT SECURITY***
Currently running OPNsense 24.1.6 at Mon May 13 13:30:44 CDT 2024
vulnxml file up-to-date
clamav-1.3.0_2,1 is vulnerable:
clamav -- Possible crash in the HTML file parser that could cause a denial-of-service (DoS) condition
CVE: CVE-2024-20380
WWW: https://vuxml.freebsd.org/freebsd/ecafc4af-fe8a-11ee-890c-08002784c58d.html

1 problem(s) in 1 installed package(s) found.
***DONE***

franco · May 13, 2024, 08:34:44 PM

Don't know. You want me to click the link to find out? :)

Cheers,
Franco

spetrillo · May 13, 2024, 08:50:00 PM

Looks like it's a new vulnerability. I was really asking if ppl were aware of the vulnerability.

franco · May 13, 2024, 10:18:01 PM

Appears to be a hit-and-miss in the ports tree shortly after 24.1.6 was done:

https://github.com/opnsense/ports/commit/1a10ccddb8

But that also means 24.1.7 will fix it by updating to the patched version on Wednesday.

Cheers,
Franco

ClamAV Vunerability??

spetrillo

May 13, 2024, 08:31:57 PM

franco

May 13, 2024, 08:34:44 PM #1

spetrillo

May 13, 2024, 08:50:00 PM #2

franco

May 13, 2024, 10:18:01 PM #3