Amazon Linux 1 Security Advisory: ALAS-2022-1621
Advisory Release Date: 2022-07-28 20:34 Pacific
Advisory Updated Date: 2022-08-04 22:33 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. (CVE-2022-20770)
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. (CVE-2022-20771)
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. (CVE-2022-20785)
On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. (CVE-2022-20796)
Affected Packages:
clamav
Issue Correction:
Run yum update clamav to update your system.
i686:
clamav-0.103.6-1.49.amzn1.i686
clamav-db-0.103.6-1.49.amzn1.i686
clamav-lib-0.103.6-1.49.amzn1.i686
clamav-debuginfo-0.103.6-1.49.amzn1.i686
clamav-devel-0.103.6-1.49.amzn1.i686
clamav-update-0.103.6-1.49.amzn1.i686
clamav-milter-0.103.6-1.49.amzn1.i686
clamd-0.103.6-1.49.amzn1.i686
noarch:
clamav-filesystem-0.103.6-1.49.amzn1.noarch
clamav-data-0.103.6-1.49.amzn1.noarch
src:
clamav-0.103.6-1.49.amzn1.src
x86_64:
clamav-milter-0.103.6-1.49.amzn1.x86_64
clamav-update-0.103.6-1.49.amzn1.x86_64
clamd-0.103.6-1.49.amzn1.x86_64
clamav-0.103.6-1.49.amzn1.x86_64
clamav-db-0.103.6-1.49.amzn1.x86_64
clamav-debuginfo-0.103.6-1.49.amzn1.x86_64
clamav-devel-0.103.6-1.49.amzn1.x86_64
clamav-lib-0.103.6-1.49.amzn1.x86_64