Cisco ya fitar da sabbin abubuwan fakitin riga-kafi na kyauta ClamAV 1.0.1, 0.105.3 da 0.103.8, wanda ke kawar da mummunan rauni (CVE-2023-20032) wanda zai iya haifar da aiwatar da lambar yayin bincika fayiloli tare da faifan faifai na musamman da aka tsara a ciki. ClamAV HFS+.
Rashin lahani yana haifar da rashin ingantaccen bincike na girman buffer, wanda ke ba ku damar rubuta bayanan ku zuwa wani yanki da ke Ζetare iyakokin buffer da tsara aiwatar da lambar tare da haΖΖin tsarin ClamAV, alal misali, bincika fayilolin da aka ciro daga. haruffa akan sabar wasiΖa. Za a iya bin diddigin buguwar sabuntawar fakiti a cikin rabe-rabe akan shafuka: Debian, Ubuntu, Gentoo, RHEL, SUSE, Arch, FreeBSD, NetBSD.
Sabbin fitowar kuma suna gyara wani rauni (CVE-2023-20052) wanda zai iya fitar da abun ciki daga kowane fayiloli akan sabar da tsarin aiwatar da sikanin ya isa. Rashin lahani yana faruwa a lokacin da aka tsara fayiloli na musamman a cikin tsarin DMG kuma ana haifar da shi ta hanyar cewa mai binciken, yayin aikin tantancewa, yana ba da damar musanya abubuwan XML na waje waΙanda aka ambata a cikin fayil Ιin DMG da aka fake.
source: budenet.ru