NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

Retired_Member's avatar
Retired_Member
Oct 12, 2018
Solved

ClamAV < 0.100.2 is reported vulnerable against denial-of-service attacks

I want to share an alert with you I got from BSI in Germany, that ClamAV < 0.100.2 is vulnerable against denial-of-service attacks.

Their source is the official ClamAV website https://blog.clamav.net/2018/10/clamav-01002-has-been-released.html

As ClamAv is an integrated part of the ReadyNas OS I wonder how and when Netgear is going to update to the most recent ClamAV release to address this threat.

 

I don't want to use ssh for a manual update, just for the records.

  • OOM-9's avatar
    OOM-9
    Oct 25, 2018
    The hotfix option would cause service interruption, and will need a little more work than the smaller fixes that go into hotfixes.

    We are investigating getting this package updated in the coming firmware 6.9.5 and 6.10.0 (depending on if you are on the LTS or Stable path).

3 Replies

Replies have been turned off for this discussion
  • JohnCM_S's avatar
    JohnCM_S
    NETGEAR Employee Retired

    Hi RolandWausE,

     

    We still have no information on when it will be updated to that version. Debian is only currently hosting 0.100.0. We are on Debian 8. Debian 9 had 0.100.1 available last time it was checked, which was about 2 weeks ago.

     

    We will inform our Engineering regarding this but the update probably won't be until December or January.

     

    Regards,

    • Retired_Member's avatar
      Retired_Member

      Thanks for the answer. Are you talking about a hotfix or a standard OS update?

      If hotfix, December sounds a bit late for calling that fix a hot one.

      If not hotfix, could you consider to create one and distribute to the community?

      • OOM-9's avatar
        OOM-9
        NETGEAR Expert
        The hotfix option would cause service interruption, and will need a little more work than the smaller fixes that go into hotfixes.

        We are investigating getting this package updated in the coming firmware 6.9.5 and 6.10.0 (depending on if you are on the LTS or Stable path).

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More