On Fri, 2021-04-23 at 08:55 +0200, Sebastian Andrzej Siewior wrote:
> On 2021-04-22 16:58:46 [+0100], Adam D. Barratt wrote:
> > I drafted some text for an SUA; comments / complete rewriting
> > welcome:
> >
> > =========================================================
> > ClamAV is an AntiVirus toolkit for Unix.
> >
> > Upstream published version 0.103.2.
> >
> > This is a bug-fix release.
> >
> > Changes since 0.102.3 currently in buster include the removal of
> > the
> > "safe browsing" signature database, and fixes for security issues.
> This version also introduced non-blocking database reloads in which
> clamd temporary requires twice as much memory. The behaviour is
> controlled by the ConcurrentDatabaseReload option.
Ah, apologies for not spotting that from your earlier mail. An updated
draft:
===================================================================
ClamAV is an AntiVirus toolkit for Unix.
Upstream published version 0.103.2.
This is a bug-fix release. Changes since 0.102.3 currently in buster
include the removal of the "safe browsing" signature database, and
fixes for security issues.
The new version also introduces the ability for the ClamAV daemon to
reload its databases in a non-blocking manner. This means that scanning
can continue to operate while the new databae is made active, but as a
side effect both the old and new databases must be held in memory at the
same time, causing a temporary increase in memory requirements. If this
increase causes an issue for your environment, the previous non-blocking
behaviour may be restored by setting "ConcurrentDatabaseReload no" in
your clamd.conf.
CVE-2021-1405
A vulnerability in the email parsing module could allow an
unauthenticated, remote attacker to cause a denial of service
condition on an affected device
If you use clamav, we recommend that you install this update.
===================================================================
Regards,
Adam
