Red Hat has released security updates to address vulnerabilities in Red Hat multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system.

Users and Administrators are encouraged to review Red Hat Security Advisories dated 17^th February 2023 and apply necessary updates.

Advisory No: TZCERT/SA/2023/02/17

Date of First Release: 17^th February 2023

Source: CISCO

Software Affected:  ClamAV: 0.103.8,0.105.2 and 1.0.1

Overview:

Cisco has rolled out security updates to address a critical flaw reported in the ClamAV open source antivirus engine that could lead to remote code execution on susceptible devices. This vulnerability could allow attackers to take control of a affected system.

Description:

The vulnerability, tracked as CVE-2023-20032 (CVSS score: 9.8), is caused by a buffer overflow in the HFS+ file parser. An attacker could exploit this vulnerability by submitting a crafted DMG file to be scanned by ClamAV on an affected device. 

A successful exploit could allow the attacker to execute arbitrary code with the privileges of the ClamAV scanning process, or else crash the process, resulting in a denial of service (DoS) condition.

This vulnerability is vulnerability affects the following products:-

• Secure Endpoint, formerly Advanced Malware Protection (AMP) for Endpoints (Windows, macOS, and Linux)
• Secure Endpoint Private Cloud, and
• Secure Web Appliance, formerly Web Security Appliance

Impact:

Successful exploitation of this vulnerability may allow the attacker to control of the affected system.

Solution:

CISCO has released a patch for this vulnerability. Users and administrators are encouraged to apply necessary updates.

References:

1. https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html
2. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-q8DThCy

Microsoft has released security updates to address vulnerabilities in its multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of affected system.

Users and administrators are encouraged to review Microsoft Security Advisory and apply necessary updates.

SUSE has released security updates to address vulnerabilities in multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of affected system.

Users and administrators are encouraged to review SUSE Security Advisories suse-su-20230419-1, suse-su-20230431-1, suse-su-20230430-1, suse-su-20230429-1, suse-su-20230428-1 and suse-su-20230420-1 and apply necessary updates.

Insyde has released security updates to address vulnerabilities in its multiple products. Exploitation of these vulnerabilities may allow an attacker to gain escalated privilege.

Users and administrators are encouraged to review Insyde Security Advisories and apply necessary updates.