SUSE-SU-2019:3177-1

Опубликовано: 05 дек. 2019

Источник: suse-cvrf

Описание

Security update for clamav

This update for clamav fixes the following issues:

CVE-2019-15961: Fixed a denial of service which might occur when scanning a specially crafted email file as (bsc#1157763).

Список пакетов

HPE Helion OpenStack 8

clamav-0.100.3-33.29.1

SUSE Enterprise Storage 5

clamav-0.100.3-33.29.1

SUSE Linux Enterprise Desktop 12 SP4

clamav-0.100.3-33.29.1

SUSE Linux Enterprise Server 12 SP1-LTSS

clamav-0.100.3-33.29.1

SUSE Linux Enterprise Server 12 SP2-BCL

clamav-0.100.3-33.29.1

SUSE Linux Enterprise Server 12 SP2-LTSS

clamav-0.100.3-33.29.1

SUSE Linux Enterprise Server 12 SP3-BCL

clamav-0.100.3-33.29.1

SUSE Linux Enterprise Server 12 SP3-LTSS

clamav-0.100.3-33.29.1

SUSE Linux Enterprise Server 12 SP4

clamav-0.100.3-33.29.1

SUSE Linux Enterprise Server for SAP Applications 12 SP1

clamav-0.100.3-33.29.1

SUSE Linux Enterprise Server for SAP Applications 12 SP2

clamav-0.100.3-33.29.1

SUSE Linux Enterprise Server for SAP Applications 12 SP3

clamav-0.100.3-33.29.1

SUSE Linux Enterprise Server for SAP Applications 12 SP4

clamav-0.100.3-33.29.1

SUSE OpenStack Cloud 7

clamav-0.100.3-33.29.1

SUSE OpenStack Cloud 8

clamav-0.100.3-33.29.1

SUSE OpenStack Cloud Crowbar 8

clamav-0.100.3-33.29.1

Ссылки

https://www.suse.com/support/update/announcement/2019/suse-su-20193177-1/
Link for SUSE-SU-2019:3177-1
https://lists.suse.com/pipermail/sle-security-updates/2019-December/006210.html
E-Mail link for SUSE-SU-2019:3177-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1157763
SUSE Bug 1157763
https://www.suse.com/security/cve/CVE-2019-15961/
SUSE CVE CVE-2019-15961 page

Описание

A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing routines that result in extremely long scan times of specially formatted email files. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to scan the crafted email file indefinitely, resulting in a denial of service condition.

Затронутые продукты

HPE Helion OpenStack 8:clamav-0.100.3-33.29.1

SUSE Enterprise Storage 5:clamav-0.100.3-33.29.1

SUSE Linux Enterprise Desktop 12 SP4:clamav-0.100.3-33.29.1

SUSE Linux Enterprise Server 12 SP1-LTSS:clamav-0.100.3-33.29.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-15961.html
CVE-2019-15961
https://bugzilla.suse.com/1157763
SUSE Bug 1157763
https://bugzilla.suse.com/1180082
SUSE Bug 1180082

SUSE-SU-2019:3177-1

Описание

Список пакетов

HPE Helion OpenStack 8

SUSE Enterprise Storage 5

SUSE Linux Enterprise Desktop 12 SP4

SUSE Linux Enterprise Server 12 SP1-LTSS

SUSE Linux Enterprise Server 12 SP2-BCL

SUSE Linux Enterprise Server 12 SP2-LTSS

SUSE Linux Enterprise Server 12 SP3-BCL

SUSE Linux Enterprise Server 12 SP3-LTSS

SUSE Linux Enterprise Server 12 SP4

SUSE Linux Enterprise Server for SAP Applications 12 SP1

SUSE Linux Enterprise Server for SAP Applications 12 SP2

SUSE Linux Enterprise Server for SAP Applications 12 SP3

SUSE Linux Enterprise Server for SAP Applications 12 SP4

SUSE OpenStack Cloud 7

SUSE OpenStack Cloud 8

SUSE OpenStack Cloud Crowbar 8

Ссылки

Уязвимость: CVE-2019-15961

Описание

Затронутые продукты

Ссылки