Version:
2023-03-01
Released:
March 6, 2023
This SMG appliance update includes a critical patch release to Clam AV that addresses a remote code execution vulnerability and a remote information leak vulnerability as described at https://blog.clamav.net The two CVE's addressed in the Clam AV patch release are described here: nvd.nist.gov/.../CVE-2023-20032 and nvd.nist.gov/.../CVE-2023-20052
Release notes
Smg rpm package version is smg-1.0.1-376.1
Enhancements
- OCT80258 - Add last chance warning to admin UI if all servers will be removed
- OCT80185 - Add CIDR format support in policy qualification IP address match
- OCT633095 - Add domain option to enable anti-spoof prevention when AUTH is disabled at the interface
- OCT630118,OCT630119,OCT632044 - Add additional information to Message Tracker and SMTP Interface logs to match up message information
Bug fixes
- OCT625083 - Monitoring dashboard order is now preserved
- OCT629064 - Update ClamAv package to version 0.103.8 to resolve recently identified security vulnerabilities: CVE-2023-20032, CVE-2023-20052
__________
Kevin Boyle, Knowledge Partner
Calgary, Alberta, Canada