Merge pull request #13 from cisco-sbg/CLAM-2638-0.103.12-news

News: updates prior to 0.103.12
Cisco-Talos · Sep 3, 2024 · 93d9e73 · 93d9e73
2 parents 6d0496c + d1eb5ad
commit 93d9e73
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 20 deletions.
diff --git a/Jenkinsfile b/Jenkinsfile
@@ -42,9 +42,6 @@ properties(
                 string(name: 'FUZZ_CORPUS_BRANCH',
                        defaultValue: '0.103',
                        description: 'private-fuzz-corpus branch'),
-                string(name: 'APPCHECK_PIPELINE',
-                       defaultValue: 'appcheck-0.103',
-                       description: 'test-pipelines branch for appcheck'),
                 string(name: 'SHARED_LIB_BRANCH',
                        defaultValue: '0.103',
                        description: 'tests-jenkins-shared-libraries branch')
@@ -199,23 +196,6 @@ node('docker') {
             }
         }
 
-        tasks["appcheck"] = {
-            stage("AppCheck") {
-                final appcheckResult = build(job: "test-pipelines/${params.APPCHECK_PIPELINE}",
-                    propagate: true,
-                    wait: true,
-                    parameters: [
-                        [$class: 'StringParameterValue', name: 'CLAMAV_JOB_NAME', value: "${JOB_NAME}"],
-                        [$class: 'StringParameterValue', name: 'CLAMAV_JOB_NUMBER', value: "${BUILD_NUMBER}"],
-                        [$class: 'StringParameterValue', name: 'BUILD_JOB_NAME', value: "test-pipelines/${params.BUILD_PIPELINE}"],
-                        [$class: 'StringParameterValue', name: 'BUILD_JOB_NUMBER', value: "${buildResult.number}"],
-                        [$class: 'StringParameterValue', name: 'VERSION', value: "${params.VERSION}"]
-                    ]
-                )
-                echo "test-pipelines/${params.APPCHECK_PIPELINE} #${appcheckResult.number} succeeded."
-            }
-        }
-
         parallel tasks
     }
 }
diff --git a/NEWS.md b/NEWS.md
@@ -7,6 +7,44 @@ Note: This file refers to the source tarball. Things described here may differ
 
 ClamAV 0.103.12 is a patch release with the following fixes:
 
+- [CVE-2024-20506](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20506):
+  Changed the logging module to disable following symlinks on Linux and Unix
+  systems so as to prevent an attacker with existing access to the 'clamd' or
+  'freshclam' services from using a symlink to corrupt system files.
+
+  This issue affects all currently supported versions. It will be fixed in:
+  - 1.4.1
+  - 1.3.2
+  - 1.0.7
+  - 0.103.12
+
+  Thank you to Detlef for identifying this issue.
+
+- [CVE-2024-20505](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20505):
+  Fixed a possible out-of-bounds read bug in the PDF file parser that could
+  cause a denial-of-service (DoS) condition.
+
+  This issue affects all currently supported versions. It will be fixed in:
+  - 1.4.1
+  - 1.3.2
+  - 1.0.7
+  - 0.103.12
+
+  Thank you to OSS-Fuzz for identifying this issue.
+
+- ClamOnAcc: Fixed an infinite loop when a watched directory does not exist.
+  - [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1198)
+
+- Fixed a bug causing CVDs downloaded by the `DatabaseCustomURL` Freshclam
+  config option to be pruned and then re-downloaded with every update.
+  Also added the new 'valhalla' database name to the list of optional databases
+  in preparation for future work.
+  - Backport of [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1233)
+
+- Fixed an unaligned pointer dereference issue on select architectures.
+  Fix courtesy of Sebastian Andrzej Siewior.
+  - Backport of [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1293)
+
 ## 0.103.11
 
 ClamAV 0.103.11 is a patch release with the following fixes: