Описание
Security update for clamav
This update for clamav to version 0.100.1 fixes the following issues:
The following security vulnerabilities were addressed:
- CVE-2018-0360: HWP integer overflow, infinite loop vulnerability (bsc#1101410)
- CVE-2018-0361: PDF object length check, unreasonably long time to parse relatively small file (bsc#1101412)
- Buffer over-read in unRAR code due to missing max value checks in table initialization
- Libmspack heap buffer over-read in CHM parser (bsc#1103040)
- PDF parser bugs
The following other changes were made:
- Disable YARA support for licensing reasons (bsc#1101654).
- Add HTTPS support for clamsubmit
- Fix for DNS resolution for users on IPv4-only machines where IPv6 is not available or is link-local only
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15
clamav-0.100.1-3.3.1
clamav-devel-0.100.1-3.3.1
libclamav7-0.100.1-3.3.1
libclammspack0-0.100.1-3.3.1
Ссылки
- Link for SUSE-SU-2018:2230-1
- E-Mail link for SUSE-SU-2018:2230-1
- SUSE Security Ratings
- SUSE Bug 1101410
- SUSE Bug 1101412
- SUSE Bug 1101654
- SUSE Bug 1103040
- SUSE CVE CVE-2018-0360 page
- SUSE CVE CVE-2018-0361 page
Описание
ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. This is in parsehwp3_paragraph() in libclamav/hwp.c.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15:clamav-0.100.1-3.3.1
SUSE Linux Enterprise Module for Basesystem 15:clamav-devel-0.100.1-3.3.1
SUSE Linux Enterprise Module for Basesystem 15:libclamav7-0.100.1-3.3.1
SUSE Linux Enterprise Module for Basesystem 15:libclammspack0-0.100.1-3.3.1
Ссылки
- CVE-2018-0360
- SUSE Bug 1101410
- SUSE Bug 1103091
- SUSE Bug 1103092
- SUSE Bug 1103099
Описание
ClamAV before 0.100.1 lacks a PDF object length check, resulting in an unreasonably long time to parse a relatively small file.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15:clamav-0.100.1-3.3.1
SUSE Linux Enterprise Module for Basesystem 15:clamav-devel-0.100.1-3.3.1
SUSE Linux Enterprise Module for Basesystem 15:libclamav7-0.100.1-3.3.1
SUSE Linux Enterprise Module for Basesystem 15:libclammspack0-0.100.1-3.3.1
Ссылки
- CVE-2018-0361
- SUSE Bug 1101410
- SUSE Bug 1101412
- SUSE Bug 1103091
- SUSE Bug 1103092
- SUSE Bug 1103099