Описание
Security update for clamav
This update for clamav to version 0.100.1 fixes the following issues:
The following security vulnerabilities were addressed:
- CVE-2018-0360: HWP integer overflow, infinite loop vulnerability (bsc#1101410)
- CVE-2018-0361: PDF object length check, unreasonably long time to parse relatively small file (bsc#1101412)
- CVE-2018-1000085: Fixed a out-of-bounds heap read in XAR parser (bsc#1082858)
- CVE-2018-14679: Libmspack heap buffer over-read in CHM parser (bsc#1103040)
- Buffer over-read in unRAR code due to missing max value checks in table initialization
- PDF parser bugs
The following other changes were made:
- Disable YARA support for licensing reasons (bsc#1101654).
- Add HTTPS support for clamsubmit
- Fix for DNS resolution for users on IPv4-only machines where IPv6 is not available or is link-local only
Список пакетов
SUSE Enterprise Storage 4
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12-LTSS
SUSE Linux Enterprise Server for SAP Applications 12 SP1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP3
SUSE OpenStack Cloud 7
Ссылки
- Link for SUSE-SU-2018:2323-1
- E-Mail link for SUSE-SU-2018:2323-1
- SUSE Security Ratings
- SUSE Bug 1082858
- SUSE Bug 1101410
- SUSE Bug 1101412
- SUSE Bug 1101654
- SUSE Bug 1103040
- SUSE CVE CVE-2018-0360 page
- SUSE CVE CVE-2018-0361 page
- SUSE CVE CVE-2018-1000085 page
- SUSE CVE CVE-2018-14679 page
Описание
ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. This is in parsehwp3_paragraph() in libclamav/hwp.c.
Затронутые продукты
Ссылки
- CVE-2018-0360
- SUSE Bug 1101410
- SUSE Bug 1103091
- SUSE Bug 1103092
- SUSE Bug 1103099
Описание
ClamAV before 0.100.1 lacks a PDF object length check, resulting in an unreasonably long time to parse a relatively small file.
Затронутые продукты
Ссылки
- CVE-2018-0361
- SUSE Bug 1101410
- SUSE Bug 1101412
- SUSE Bug 1103091
- SUSE Bug 1103092
- SUSE Bug 1103099
Описание
ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can result in Leaking of memory, may help in developing exploit chains.. This attack appear to be exploitable via The victim must scan a crafted XAR file. This vulnerability appears to have been fixed in after commit d96a6b8bcc7439fa7e3876207aa0a8e79c8451b6.
Затронутые продукты
Ссылки
- CVE-2018-1000085
- SUSE Bug 1082858
- SUSE Bug 1083915
Описание
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash).
Затронутые продукты
Ссылки
- CVE-2018-14679
- SUSE Bug 1102922
- SUSE Bug 1103032
- SUSE Bug 1103040