CLAM-2216-ClamOnAccLoop Applied the fix that was not included in 0.103 version#1198
Conversation
|
Oh and also some background story: Ubuntu 22 LTS release uses the version 0.103 as the latest package available. If this was not the case I would just upgrade ClamAV packages and that would fix this issue. |
|
Thanks for the PR. Ubuntu 22 LTS is certainly behind with 0.103. The 0.103 LTS release will reach end-of-life in September this year in terms of our team providing any fixes for the release: https://docs.clamav.net/faq/faq-eol.html#version-support-matrix At this point we've only been publishing patch versions for 0.103 LTS when there is a major bug or security issue. I don't know of any other bugs at this time that would necessitate another 0.103 patch version. To me, this change alone isn't compelling enough to do so. I think we will leave this PR open until then, or until 0.103 end-of-life. If you want to upgrade to a newer release that already has the ClamOnAcc loop fix, you have two options:
|
val-ms
force-pushed
the
bugfix/CLAM-2216-ClamOnAccLoop
branch
from
4ef7573 to
f936f9d
Compare
|
Rebased with |
0.103.12 (2024-09-04) ClamAV 0.103.12 is a patch release with the following fixes: - [CVE-2024-20506](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20506): Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the 'clamd' or 'freshclam' services from using a symlink to corrupt system files. This issue affects all currently supported versions. It will be fixed in: - 1.4.1 - 1.3.2 - 1.0.7 - 0.103.12 Thank you to Detlef for identifying this issue. - [CVE-2024-20505](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20505): Fixed a possible out-of-bounds read bug in the PDF file parser that could cause a denial-of-service (DoS) condition. This issue affects all currently supported versions. It will be fixed in: - 1.4.1 - 1.3.2 - 1.0.7 - 0.103.12 Thank you to OSS-Fuzz for identifying this issue. - ClamOnAcc: Fixed an infinite loop when a watched directory does not exist. - [GitHub pull request](Cisco-Talos/clamav#1198) - Fixed a bug causing CVDs downloaded by the `DatabaseCustomURL` Freshclam config option to be pruned and then re-downloaded with every update. Also added the new 'valhalla' database name to the list of optional databases in preparation for future work. - Backport of [GitHub pull request](Cisco-Talos/clamav#1233) - Fixed an unaligned pointer dereference issue on select architectures. Fix courtesy of Sebastian Andrzej Siewior. - Backport of [GitHub pull request](Cisco-Talos/clamav#1293)
2 participants
Applied the fix that was already done here: #1047
This fix was originally aimed to fix the issue where a wrong configuration would lead to clamonacc process just running in a infinite loop and using 100% of the available cpu time that was allocated to the process.
Example of the incorrect configuration that triggers this bug:
´OnAccessIncludePath /var/lib/this_path_does_not_exist´
After this is changed to a correct path, clamonacc will not be stuck in the loop and will work as intended.
Sorry if I did not follow good practises when creating this PR. This is my first time creating a PR to a public project.
I did not test this as this was already accepted in the original PR.