2374017 – ClamAV Remote Code Execution

Bug 2374017 - ClamAV Remote Code Execution

Summary: ClamAV Remote Code Execution

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora EPEL
Classification:	Fedora
Component:	clamav
Sub Component:
Version:	epel8
Hardware:	Unspecified
OS:	Linux
Priority:	unspecified
Severity:	urgent
Target Milestone:	---
Assignee:	Orion Poplawski
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-06-20 13:13 UTC by Dave B
Modified:	2025-06-27 01:34 UTC (History)
CC List:	12 users (show)
Fixed In Version:	clamav-1.0.9-1.el8
Clone Of:
Environment:
Last Closed:	2025-06-27 01:34:32 UTC
Type:	Bug
Embargoed:

Attachments	(Terms of Use)

Description Dave B 2025-06-20 13:13:56 UTC

Description of problem:
Multiple high-severity vulnerabilities, including a dangerous buffer overflow capable of remote code execution, have been fixed in critical security updates released by the ClamAV team for versions 1.4.3 and 1.0.9.



Version-Release number of selected component (if applicable):
1.0.8

Additional info:
ClamAV is available for RHEL8 via EPEL. Please prioritize building and distributing updated packages for EPEL8.

Comment 1 Fedora Update System 2025-06-20 14:15:53 UTC

FEDORA-EPEL-2025-7afd2b91ab (clamav-1.0.9-1.el8) has been submitted as an update to Fedora EPEL 8.
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-7afd2b91ab

Comment 2 Fedora Admin user for bugzilla script actions 2025-06-21 03:41:13 UTC

This package has changed maintainer in Fedora. Reassigning to the new maintainer of this component.

Comment 3 Fedora Update System 2025-06-27 01:34:32 UTC

FEDORA-EPEL-2025-7afd2b91ab (clamav-1.0.9-1.el8) has been pushed to the Fedora EPEL 8 stable repository.
If problem still persists, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.