Skip to main content

[CPANEL-29016] ClamAV patch for non-recursive zip bombs

Comments

13 comments

  • cPanelMichael
    Hello :) Internal case CPANEL-28735 is open to publish an updated ClamAV version with cPanel & WHM. I'll monitor this case and update this thread with more information as it becomes available. In the meantime, you can temporarily disable ClamAV by uninstalling it via the WHM >> Manage Plugins interface. Once it's uninstalled, you'll need to execute the following command to avoid the issue described on Thank you.
    0
  • Trane Francks
    Hi, Michael. It is unnecessary to remove ClamAV. To mitigate the issue pending the new version being rolled out, users can disable scanning archives: * Use your favourite editor to open /usr/local/cpanel/3rdparty/etc/clamd.conf; * Find the "ScanArchive" option in the file and create an entry: ScanArchive no; * Save the configuration file; * Restart ClamAV - /scripts/restartsrv_clamd. Once the new version is rolled out, users can visit the clamd.conf file again and undo their changes to enable scanning archives again. I hope this helps, trane
    0
  • cPanelLauren
    Hello, CPANEL-28735 was marked as resolved in v82 of cPanel/WHM which is now in RELEASE. You can check this in our changelogs here:
    0
  • Trane Francks
    Lauren, Respectfully, this should be backported to all supported versions. This particular vulnerability is not widely being discussed and there are going to be many, many servers out there with admins who will simply be unaware of their servers' vulnerability to this exploit.
    0
  • cPanelMichael
    Hello Everyone, To update, an additional ClamAV security update was recently published to mitigate this issue:
    0
  • cPanelMichael
    Respectfully, this should be backported to all supported versions. This particular vulnerability is not widely being discussed and there are going to be many, many servers out there with admins who will simply be unaware of their servers' vulnerability to this exploit.

    Hello @Trane Francks, I've reported cPanel & WHM versions 78 and 82 as affected versions in the new case referenced in my last response (CPANEL-29016). I'll let you know any planned updates to version 78 (the supported LTS version) as soon as that information is available. Thank you.
    0
  • cPanelMichael
    Hello, To update, this is fixed in cPanel & WHM version 82.0.13: Fixed case CPANEL-29016: Update rpm.versions for cpanel-clamav 0.101.4-1.cp1180. The full change log is available at:
    0
  • Varial
    Is there a reason why 78 isn't getting this patch? I know it's trivial to mitigate against, but shouldn't your LTS build receive all security fixes?
    0
  • cPanelMichael
    Is there a reason why 78 isn't getting this patch? I know it's trivial to mitigate against, but shouldn't your LTS build receive all security fixes?

    Internal case CPANEL-29016 is now tentatively marked for backport to version 78. I don't have a firm time frame to share, but I'll update this thread with new information as soon as it's available. Thank you. Update: There are no plans to backport this update to cPanel & WHM version 78.
    0
  • garconcn
    sorry, wrong thread
    0
  • cPanelMichael
    Why 80 doesn't get patched?

    Version 80 is EOL:
    0
  • cPanelMichael
    @garconcn, See also:
    0
  • cPanelMichael
    Hello :) This was solved several months ago so we're going to go ahead and archive this. Please open a new thread if you have any additional questions. Thanks!
    0

Please sign in to leave a comment.