[Bug 2007456] Re: CVE-2023-20032: Fixed a possible remote code execution vulnerability in the HFS+ file parser.
We are currently working on updates, and they should be released within the next few days. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/2007456 Title: CVE-2023-20032: Fixed a possible remote code execution vulnerability in the HFS+ file parser. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/2007456/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2007456] Re: CVE-2023-20032: Fixed a possible remote code execution vulnerability in the HFS+ file parser.
We did a temporary inplace-replacement with the 1.0.1 LTS clamav: https://blog.werk21.de/en/2023/02/20/update-place-replacement-clamav-ubuntu We have package-dependencies and were not able to purge the original packages so we decided to override the bins and libs temporary. Maybe you want to switch to the LTS-deb from https://www.clamav.net/downloads -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/2007456 Title: CVE-2023-20032: Fixed a possible remote code execution vulnerability in the HFS+ file parser. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/2007456/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2007456] Re: CVE-2023-20032: Fixed a possible remote code execution vulnerability in the HFS+ file parser.
Is there anything that I, and/or others, can do to help resolve this CVE? As its a critical (9.8 CVE) RCE, I'm quite concerned about running ClamAV right now with any exposure to the internet, and have begun looking into compiling a drop-in replacement of ClamAV for this existing package. If there's anything I can do to help test or compile the upstream code with different options, please let me know. I'm happy to help, as I want to see this resolved as quickly as possible. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/2007456 Title: CVE-2023-20032: Fixed a possible remote code execution vulnerability in the HFS+ file parser. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/2007456/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
