[manjaro-security] ClamAV outdated and susceptible to DOS attack
Dirk Räder
dirk at raeder.cc
Mon Aug 21 20:58:29 CEST 2023
Hi,
I'm not sure whether this is right mailing list. If not, please point me to
the right one.
ClamAV has released patched versions 1.1.1 and 1.0.2 almost a week ago
deploying critical patches. Both address CVE-2023-20197 which has a CVSS 3.x
score of 7.5. The latter also tackles CVE-2023-20212, also having CVSS 3.x
score of 7.5.
Seeing that ClamAV has been flagged out-of-date in the package repo on
2023-05-02, I'm wondering when this will be updated - or if there's anything I
could do to update the ClamAV package myself.
Kind regards,
Dirk Räder
dirk at raeder.cc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.manjaro.org/pipermail/manjaro-security/attachments/20230821/59285bb3/attachment.sig>
More information about the manjaro-security
mailing list