Release date:
2026-07-15 10:12:44 UTC
Description:
* SECURITY UPDATE: Out-of-bounds write in the PE rebuilder via crafted Aspack files
- debian/patches/CVE-2026-20213.patch: sum rebuilt section sizes in a
64-bit accumulator and reject allocations larger than CLI_MAX_ALLOCATION
in libclamav/rebuildpe.c
- CVE-2026-20213
* SECURITY UPDATE: Out-of-bounds write in the FSG unpacker
- debian/patches/CVE-2026-20214.patch: fix the FSG v1.31 section loop
bound so a zero section count no longer underflows in libclamav/pe.c
- CVE-2026-20214
* SECURITY UPDATE: Integer overflow in the DMG mish stripe size checks
- debian/patches/CVE-2026-20244.patch: compute the mish table size in a
64-bit domain and keep the DMG range checks in subtraction form in
libclamav/dmg.c
- CVE-2026-20244
Updated packages:
-
clamav_1.4.3+dfsg-0ubuntu0.18.04.1+tuxcare.els2_amd64.deb
sha:fc46a88d210c2e8c1ad246deb66e0432fe2286bc
-
clamav-base_1.4.3+dfsg-0ubuntu0.18.04.1+tuxcare.els2_all.deb
sha:377d0a9aa2dc405d36408230067ddb33cf156d70
-
clamav-daemon_1.4.3+dfsg-0ubuntu0.18.04.1+tuxcare.els2_amd64.deb
sha:9d5d8e52292567ab6fe49fa4ba99abad4e3ab6a0
-
clamav-doc_1.4.3+dfsg-0ubuntu0.18.04.1+tuxcare.els2_all.deb
sha:8dee99e021dc2630cb1fc8104bd1ddebd4129023
-
clamav-docs_1.4.3+dfsg-0ubuntu0.18.04.1+tuxcare.els2_all.deb
sha:08bea5e590e25e7a17cb9ac8bea850cf921c6f3d
-
clamav-freshclam_1.4.3+dfsg-0ubuntu0.18.04.1+tuxcare.els2_amd64.deb
sha:3266b7e86c8f007dfb56d4538e84a05ae26872b1
-
clamav-milter_1.4.3+dfsg-0ubuntu0.18.04.1+tuxcare.els2_amd64.deb
sha:b3ea0573d698a0250a4c6dc18bdd1e41e3ab6208
-
clamav-testfiles_1.4.3+dfsg-0ubuntu0.18.04.1+tuxcare.els2_all.deb
sha:f10870f79fa63ec79e5fa880462f358ee4150195
-
clamdscan_1.4.3+dfsg-0ubuntu0.18.04.1+tuxcare.els2_amd64.deb
sha:6aef1f11b872991a4e3065e6981d147af54367c6
-
libclamav-dev_1.4.3+dfsg-0ubuntu0.18.04.1+tuxcare.els2_amd64.deb
sha:09512c225b24daae61da3aebc95cfd1173d3091d
-
libclamav12_1.4.3+dfsg-0ubuntu0.18.04.1+tuxcare.els2_amd64.deb
sha:1d58de13d59beb37b85ee227c1dd9c2db0a37b88
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.