Описание
Security update for clamav
This update for clamav fixes the following issues:
clamav was updated to version 0.100.2:
-
CVE-2018-15378: Vulnerability in ClamAV's MEW unpacking feature that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. (bsc#1110723)
-
CVE-2018-14680, CVE-2018-14681, CVE-2018-14682: more fixes for embedded libmspack. (bsc#1103040)
-
Make freshclam more robust against lagging signature mirrors.
-
On-Access 'Extra Scanning', an opt-in minor feature of OnAccess scanning on Linux systems, has been disabled due to a known issue with resource cleanup OnAccessExtraScanning will be re-enabled in a future release when the issue is resolved. In the mean-time, users who enabled the feature in clamd.conf will see a warning informing them that the feature is not active. For details, see: https://bugzilla.clamav.net/show_bug.cgi?id=12048
-
Restore exit code compatibility of freshclam with versions before 0.100.0 when the virus database is already up to date (bsc#1104457).
Список пакетов
SUSE Linux Enterprise Server for SAP Applications 12 SP1
Ссылки
- Link for SUSE-SU-2018:3436-2
- E-Mail link for SUSE-SU-2018:3436-2
- SUSE Security Ratings
- SUSE Bug 1103040
- SUSE Bug 1104457
- SUSE Bug 1110723
- SUSE CVE CVE-2018-14680 page
- SUSE CVE CVE-2018-14681 page
- SUSE CVE CVE-2018-14682 page
- SUSE CVE CVE-2018-15378 page
Описание
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.
Затронутые продукты
Ссылки
- CVE-2018-14680
- SUSE Bug 1102922
- SUSE Bug 1103032
- SUSE Bug 1103040
Описание
An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.
Затронутые продукты
Ссылки
- CVE-2018-14681
- SUSE Bug 1102922
- SUSE Bug 1103032
- SUSE Bug 1103040
Описание
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.
Затронутые продукты
Ссылки
- CVE-2018-14682
- SUSE Bug 1102922
- SUSE Bug 1103032
- SUSE Bug 1103040
Описание
A vulnerability in ClamAV versions prior to 0.100.2 could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to an error related to the MEW unpacker within the "unmew11()" function (libclamav/mew.c), which can be exploited to trigger an invalid read memory access via a specially crafted EXE file.
Затронутые продукты
Ссылки
- CVE-2018-15378
- SUSE Bug 1110723