I muri i nga marama e ono o te whanaketanga, kua whakaputaina e Cisco te tukunga o te huinga wheori koreutu ClamAV 1.3.0. I tukuna te kaupapa ki nga ringaringa o Cisco i te tau 2013 i muri i te hokonga o Sourcefire, te kamupene e whakawhanake ana i a ClamAV me Snort. Ka tohatohahia te waehere kaupapa i raro i te raihana GPLv2. Ko te peka 1.3.0 ka whakarōpūtia hei auau (ehara i te LTS), ko nga whakahoutanga ka whakaputaina i te iti rawa 4 marama i muri i te tukunga tuatahi o te peka e whai ake nei. Ko te kaha ki te tango i te paataka waitohu mo nga peka kore-LTS ka tukuna ano mo etahi atu marama 4 i muri i te tukunga o te peka e whai ake nei.
Nga whakapainga matua i ClamAV 1.3:
- Kua tāpirihia te tautoko mō te tango me te manatoko i ngā āpitihanga e whakamahia ana i roto i ngā kōnae Microsoft OneNote. Kua whakahohea te wetewete i te hōputu OneNote mā te taunoa, engari ka taea te whakakore mā te whakatakoto i te "ScanOneNote no" i roto i te clamd.conf, te tohu i te kōwhiringa raina-whakahau "--scan-onenote=no" i te wā e whakahaere ana i te clamscan, te tāpiri rānei i te haki CL_SCAN_PARSE_ONENOTE ki te tawhā options.parse i te wā e whakamahi ana i te libclamav.
- Kua tautokona inaianei te hanganga ClamAV i runga i te pūnaha whakahaere Haiku rite ki te BeOS.
- Mā te whakahau TemporaryDirectory ka tirohia e Clamd te noho o te whaiaronga rangitahi kua tohua ki te kōnae clamd.conf. Mēnā kāore tēnei whaiaronga e tīariari ana, ka mutu te tukanga me te hapa.
- I te whirihoranga o te hanganga o ngā whare pukapuka tūmau i roto i te CMake, ka tāutahia ngā whare pukapuka tūmau libclamav_rust, libclammspack, libclamunrar_iface me te libclamunrar, e whakamahia ana i roto i te libclamav.
- Kua whakatinanahia te kimi momo kōnae mō ngā tuhinga Python kua whakahiatohia (.pyc). Ka tukuna te momo kōnae hei tawhā aho CL_TYPE_PYTHON_COMPILED, e tautokona ana i roto i ngā mahi clcb_pre_cache, clcb_pre_scan, me te clcb_file_inspection.
- Tautoko whakapai ake mō te wetemuna i ngā tuhinga PDF me te kupuhipa kau.
I tukuna ngātahitia ngā whakahoutanga ClamAV 1.2.2 me 1.0.5, ā, i whakatikahia ngā ngoikoretanga e rua e pā ana ki ngā peka 0.104, 0.105, 1.0, 1.1, me 1.2:
- CVE-2024-20328 – Ka taea te whakakapi i ngā whakahau i te wā e matawai ana i ngā kōnae i roto i te clamd nā te hapa i roto i te whakatinanatanga o te tohutohu "VirusEvent", e whakamahia ana hei whakahaere i tētahi whakahau tūpono i te kitenga o tētahi huaketo. Kāore anō kia wātea ngā taipitopito whakamahi, engari e mōhiotia ana i whakatikahia te take mā te whakakore i te tautoko mō te tawhā hōputu aho '%f' i roto i te VirusEvent, i whakakapia ki te ingoa o te kōnae i pangia.
Te āhua nei, ko te whakaekenga he tuku i tētahi ingoa motuhake o tētahi kōnae pangia kei roto ngā pūāhua motuhake kāore i mawhiti i te wā e whakahaere ana i te whakahau kua tohua i roto i te VirusEvent. He mea nui kia mōhiotia i whakatikatikaina tētahi ngoikoretanga ōrite i te tau 2004, mā te tango atu i te tautoko mō te whakakapinga '%f', i whakahokia mai i muri mai ki ClamAV 0.104, ā, i puta anō te ngoikoretanga tawhito. I roto i te ngoikoretanga tawhito, ko te whakahaere i tētahi whakahau i te wā e matawaihia ana he huaketo me hanga noa i tētahi kōnae ko "; mkdir owned" te ingoa, me te tuhi i tētahi waitohu huaketo whakamātautau ki reira.
- CVE-2024-20290 — Ka taea te whakamahi i te putunga parepare i roto i te waehere wetewete mō ngā kōnae me ngā ihirangi OLE2 e tētahi kaiwhakaeke mamao, kāore i whakamanahia, hei whakakāhore i te ratonga (ka pakaru i te wā matawai). Ko te take o te raruraru he tirotiro mutunga-o-te-rārangi hē i te wā matawai ihirangi, ka hua ake he pānui i waho o ngā rohe.
Source: opennet.ru
