Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2019:0861-1

Опубликовано: 03 апр. 2019
Источник: suse-cvrf

Описание

Security update for clamav

This update for clamav to version 0.100.3 fixes the following issues:

Security issues fixed (bsc#1130721):

  • CVE-2019-1787: Fixed an out-of-bounds heap read condition which may occur when scanning PDF documents.
  • CVE-2019-1789: Fixed an out-of-bounds heap read condition which may occur when scanning PE files (i.e. Windows EXE and DLL files).
  • CVE-2019-1788: Fixed an out-of-bounds heap write condition which may occur when scanning OLE2 files such as Microsoft Office 97-2003 documents.

Список пакетов

SUSE Linux Enterprise Module for Basesystem 15
clamav-0.100.3-3.9.1
clamav-devel-0.100.3-3.9.1
libclamav7-0.100.3-3.9.1
libclammspack0-0.100.3-3.9.1

Ссылки

Описание

A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of proper data handling mechanisms within the device buffer while indexing remaining file data on an affected device. An attacker could exploit this vulnerability by sending crafted PDF files to an affected device. A successful exploit could allow the attacker to cause a heap buffer out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device.

Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15:clamav-0.100.3-3.9.1
SUSE Linux Enterprise Module for Basesystem 15:clamav-devel-0.100.3-3.9.1
SUSE Linux Enterprise Module for Basesystem 15:libclamav7-0.100.3-3.9.1
SUSE Linux Enterprise Module for Basesystem 15:libclammspack0-0.100.3-3.9.1
Ссылки

Описание

A vulnerability in the Object Linking & Embedding (OLE2) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms for OLE2 files sent an affected device. An attacker could exploit this vulnerability by sending malformed OLE2 files to the device running an affected version ClamAV Software. An exploit could allow the attacker to cause an out-of-bounds write condition, resulting in a crash that could result in a denial of service condition on an affected device.

Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15:clamav-0.100.3-3.9.1
SUSE Linux Enterprise Module for Basesystem 15:clamav-devel-0.100.3-3.9.1
SUSE Linux Enterprise Module for Basesystem 15:libclamav7-0.100.3-3.9.1
SUSE Linux Enterprise Module for Basesystem 15:libclammspack0-0.100.3-3.9.1
Ссылки

Описание

ClamAV versions prior to 0.101.2 are susceptible to a denial of service (DoS) vulnerability. An out-of-bounds heap read condition may occur when scanning PE files. An example is Windows EXE and DLL files that have been packed using Aspack as a result of inadequate bound-checking.

Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15:clamav-0.100.3-3.9.1
SUSE Linux Enterprise Module for Basesystem 15:clamav-devel-0.100.3-3.9.1
SUSE Linux Enterprise Module for Basesystem 15:libclamav7-0.100.3-3.9.1
SUSE Linux Enterprise Module for Basesystem 15:libclammspack0-0.100.3-3.9.1
Ссылки