Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2015:0882-1

Опубликовано: 11 мая 2015
Источник: suse-cvrf

Описание

Security update for clamav

The ClamAV antivirus engine was updated to version 0.98.7 to fix several security and non security issues.

The following vulnerabilities were fixed (bsc#929192):

  • CVE-2015-2170: Fix crash in upx decoder with crafted file. Discovered and patch supplied by Sebastian Andrzej Siewior.
  • CVE-2015-2221: Fix infinite loop condition on crafted y0da cryptor file. Identified and patch suggested by Sebastian Andrzej Siewior.
  • CVE-2015-2222: Fix crash on crafted petite packed file. Reported and patch supplied by Sebastian Andrzej Siewior.
  • CVE-2015-2668: Fix an infinite loop condition on a crafted 'xz' archive file. This was reported by Dimitri Kirchner and Goulven Guiheux.
  • CVE-2015-2305: Apply upstream patch for possible heap overflow in Henry Spencer's regex library.

Список пакетов

SUSE Linux Enterprise Server 12
clamav-0.98.7-13.1
SUSE Linux Enterprise Server for SAP Applications 12
clamav-0.98.7-13.1

Ссылки

Описание

The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted file.

Затронутые продукты
SUSE Linux Enterprise Server 12:clamav-0.98.7-13.1
SUSE Linux Enterprise Server for SAP Applications 12:clamav-0.98.7-13.1
Ссылки

Описание

ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted y0da cryptor file.

Затронутые продукты
SUSE Linux Enterprise Server 12:clamav-0.98.7-13.1
SUSE Linux Enterprise Server for SAP Applications 12:clamav-0.98.7-13.1
Ссылки

Описание

ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted petite packed file.

Затронутые продукты
SUSE Linux Enterprise Server 12:clamav-0.98.7-13.1
SUSE Linux Enterprise Server for SAP Applications 12:clamav-0.98.7-13.1
Ссылки

Описание

Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.

Затронутые продукты
SUSE Linux Enterprise Server 12:clamav-0.98.7-13.1
SUSE Linux Enterprise Server for SAP Applications 12:clamav-0.98.7-13.1
Ссылки

Описание

ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted xz archive file.

Затронутые продукты
SUSE Linux Enterprise Server 12:clamav-0.98.7-13.1
SUSE Linux Enterprise Server for SAP Applications 12:clamav-0.98.7-13.1
Ссылки
Уязвимость SUSE-SU-2015:0882-1