Cisco ya fitar da sabbin abubuwan fakitin riga-kafi na kyauta ClamAV 1.0.1, 0.105.3 da 0.103.8, wanda ke kawar da mummunan rauni (CVE-2023-20032) wanda zai iya haifar da aiwatar da lambar yayin bincika fayiloli tare da faifan faifai na musamman da aka tsara a ciki. ClamAV HFS+.
Rashin lafiyar yana faruwa ne sakamakon rashin ingantaccen ingancin girman buffer, wanda ke bawa maharan damar rubuta bayanai fiye da iyakokin buffer ɗin da kuma aiwatar da lambar tare da damar tsarin ClamAV, misali, duba fayilolin da aka cire daga imel akan sabar wasiƙa. Ana iya bin diddigin wallafa sabuntawar fakiti a cikin rarrabawa a shafuka masu zuwa: Debian, Ubuntu, Gentoo, RHEL, SUSE, Arch, FreeBSD, NetBSD.
Sabbin fitowar sun kuma gyara wani rauni (CVE-2023-20052) wanda zai iya haifar da ɓullar abun ciki daga kowane fayiloli akan uwar garke, waɗanda ake iya samun damarsu ta hanyar tsarin duba bayanai. Rashin lafiyar yana faruwa ne lokacin da ake yin nazarin fayilolin DMG na musamman kuma yana faruwa ne ta hanyar mai nazarin bayanai wanda ke ba da damar maye gurbin abubuwan XML na waje da aka ambata a cikin fayil ɗin DMG da ake nazarinsu.
source: budenet.ru
