Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2015:0298-1

Опубликовано: 28 мая 2014
Источник: suse-cvrf

Описание

Recommended update for clamav

The antivirus scanner ClamAV has been updated to version 0.98.3, which includes the following fixes and enhancements:

* Support for common raw disk image formats using 512 byte sectors, specifically GPT, APM, and MBR partitioning. * All ClamAV sockets (clamd, freshclam, clamav-milter, clamdscan, clamdtop) now support IPV6 addresses and configuration parameters. * Use OpenSSL file hash functions for improved performance. * Improved detection of malware scripts within image files. * Miscellaneous bug fixes and documentation improvements.

Список пакетов

SUSE Linux Enterprise Desktop 11 SP3
clamav-0.98.3-0.11.1
SUSE Linux Enterprise Server 11 SP1-LTSS
clamav-0.98.3-0.11.1
SUSE Linux Enterprise Server 11 SP1-TERADATA
clamav-0.98.3-0.11.1
SUSE Linux Enterprise Server 11 SP2
clamav-0.97.8-0.2.1
SUSE Linux Enterprise Server 11 SP2-LTSS
clamav-0.97.8-0.2.1
SUSE Linux Enterprise Server 11 SP3
clamav-0.98.3-0.11.1
SUSE Linux Enterprise Server 11 SP3-TERADATA
clamav-0.98.3-0.11.1
SUSE Linux Enterprise Server for SAP Applications 11 SP2
clamav-0.97.8-0.2.1
SUSE Linux Enterprise Server for SAP Applications 11 SP3
clamav-0.98.3-0.11.1

Ссылки

Описание

Integer underflow in the cli_scanpe function in pe.c in ClamAV before 0.97.8 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an out-of-bounds read.

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:clamav-0.98.3-0.11.1
SUSE Linux Enterprise Server 11 SP1-LTSS:clamav-0.98.3-0.11.1
SUSE Linux Enterprise Server 11 SP1-TERADATA:clamav-0.98.3-0.11.1
SUSE Linux Enterprise Server 11 SP2-LTSS:clamav-0.97.8-0.2.1
Ссылки

Описание

pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted length value in an encrypted PDF file.

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:clamav-0.98.3-0.11.1
SUSE Linux Enterprise Server 11 SP1-LTSS:clamav-0.98.3-0.11.1
SUSE Linux Enterprise Server 11 SP1-TERADATA:clamav-0.98.3-0.11.1
SUSE Linux Enterprise Server 11 SP2-LTSS:clamav-0.97.8-0.2.1
Ссылки

Описание

clamscan in ClamAV before 0.98.5, when using -a option, allows remote attackers to cause a denial of service (crash) as demonstrated by the jwplayer.js file.

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:clamav-0.98.3-0.11.1
SUSE Linux Enterprise Server 11 SP1-LTSS:clamav-0.98.3-0.11.1
SUSE Linux Enterprise Server 11 SP1-TERADATA:clamav-0.98.3-0.11.1
SUSE Linux Enterprise Server 11 SP2-LTSS:clamav-0.97.8-0.2.1
Ссылки

Описание

Heap-based buffer overflow in the cli_scanpe function in libclamav/pe.c in ClamAV before 0.98.5 allows remote attackers to cause a denial of service (crash) via a crafted y0da Crypter PE file.

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:clamav-0.98.3-0.11.1
SUSE Linux Enterprise Server 11 SP1-LTSS:clamav-0.98.3-0.11.1
SUSE Linux Enterprise Server 11 SP1-TERADATA:clamav-0.98.3-0.11.1
SUSE Linux Enterprise Server 11 SP2-LTSS:clamav-0.97.8-0.2.1
Ссылки

Описание

ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upack packer file, related to a "heap out of bounds condition."

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:clamav-0.98.3-0.11.1
SUSE Linux Enterprise Server 11 SP1-LTSS:clamav-0.98.3-0.11.1
SUSE Linux Enterprise Server 11 SP1-TERADATA:clamav-0.98.3-0.11.1
SUSE Linux Enterprise Server 11 SP2-LTSS:clamav-0.97.8-0.2.1
Ссылки

Описание

ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted (1) Yoda's crypter or (2) mew packer file, related to a "heap out of bounds condition."

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:clamav-0.98.3-0.11.1
SUSE Linux Enterprise Server 11 SP1-LTSS:clamav-0.98.3-0.11.1
SUSE Linux Enterprise Server 11 SP1-TERADATA:clamav-0.98.3-0.11.1
SUSE Linux Enterprise Server 11 SP2-LTSS:clamav-0.97.8-0.2.1
Ссылки

Описание

ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upx packer file, related to a "heap out of bounds condition."

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:clamav-0.98.3-0.11.1
SUSE Linux Enterprise Server 11 SP1-LTSS:clamav-0.98.3-0.11.1
SUSE Linux Enterprise Server 11 SP1-TERADATA:clamav-0.98.3-0.11.1
SUSE Linux Enterprise Server 11 SP2-LTSS:clamav-0.97.8-0.2.1
Ссылки

Описание

ClamAV before 0.98.6 allows remote attackers to cause a denial of service (crash) via a crafted petite packer file, related to an "incorrect compiler optimization."

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:clamav-0.98.3-0.11.1
SUSE Linux Enterprise Server 11 SP1-LTSS:clamav-0.98.3-0.11.1
SUSE Linux Enterprise Server 11 SP1-TERADATA:clamav-0.98.3-0.11.1
SUSE Linux Enterprise Server 11 SP2-LTSS:clamav-0.97.8-0.2.1
Ссылки

Описание

The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted file.

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:clamav-0.98.3-0.11.1
SUSE Linux Enterprise Server 11 SP1-LTSS:clamav-0.98.3-0.11.1
SUSE Linux Enterprise Server 11 SP1-TERADATA:clamav-0.98.3-0.11.1
SUSE Linux Enterprise Server 11 SP2-LTSS:clamav-0.97.8-0.2.1
Ссылки

Описание

ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted y0da cryptor file.

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:clamav-0.98.3-0.11.1
SUSE Linux Enterprise Server 11 SP1-LTSS:clamav-0.98.3-0.11.1
SUSE Linux Enterprise Server 11 SP1-TERADATA:clamav-0.98.3-0.11.1
SUSE Linux Enterprise Server 11 SP2-LTSS:clamav-0.97.8-0.2.1
Ссылки

Описание

ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted petite packed file.

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:clamav-0.98.3-0.11.1
SUSE Linux Enterprise Server 11 SP1-LTSS:clamav-0.98.3-0.11.1
SUSE Linux Enterprise Server 11 SP1-TERADATA:clamav-0.98.3-0.11.1
SUSE Linux Enterprise Server 11 SP2-LTSS:clamav-0.97.8-0.2.1
Ссылки

Описание

Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:clamav-0.98.3-0.11.1
SUSE Linux Enterprise Server 11 SP1-LTSS:clamav-0.98.3-0.11.1
SUSE Linux Enterprise Server 11 SP1-TERADATA:clamav-0.98.3-0.11.1
SUSE Linux Enterprise Server 11 SP2-LTSS:clamav-0.97.8-0.2.1
Ссылки

Описание

ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted xz archive file.

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:clamav-0.98.3-0.11.1
SUSE Linux Enterprise Server 11 SP1-LTSS:clamav-0.98.3-0.11.1
SUSE Linux Enterprise Server 11 SP1-TERADATA:clamav-0.98.3-0.11.1
SUSE Linux Enterprise Server 11 SP2-LTSS:clamav-0.97.8-0.2.1
Ссылки
Уязвимость SUSE-SU-2015:0298-1