Описание
Security update for clamav
This update for clamav fixes the following issues:
- CVE-2019-15961: Fixed a denial of service which might occur when scanning a specially crafted email file as (bsc#1157763).
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15
clamav-0.100.3-3.17.2
clamav-devel-0.100.3-3.17.2
libclamav7-0.100.3-3.17.2
libclammspack0-0.100.3-3.17.2
SUSE Linux Enterprise Module for Basesystem 15 SP1
clamav-0.100.3-3.17.2
clamav-devel-0.100.3-3.17.2
libclamav7-0.100.3-3.17.2
libclammspack0-0.100.3-3.17.2
Ссылки
- Link for SUSE-SU-2019:3176-1
- E-Mail link for SUSE-SU-2019:3176-1
- SUSE Security Ratings
- SUSE Bug 1157763
- SUSE CVE CVE-2019-15961 page
Описание
A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing routines that result in extremely long scan times of specially formatted email files. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to scan the crafted email file indefinitely, resulting in a denial of service condition.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-0.100.3-3.17.2
SUSE Linux Enterprise Module for Basesystem 15 SP1:clamav-devel-0.100.3-3.17.2
SUSE Linux Enterprise Module for Basesystem 15 SP1:libclamav7-0.100.3-3.17.2
SUSE Linux Enterprise Module for Basesystem 15 SP1:libclammspack0-0.100.3-3.17.2
Ссылки
- CVE-2019-15961
- SUSE Bug 1157763
- SUSE Bug 1180082