Описание
Security update for clamav
This update for clamav fixes the following issues:
-
CVE-2018-14679: Fixed off-by-one issue in embedded libmspack that could lead to denial of service (bsc#1103032).
-
Update to 0.103.4 (bsc#1192346).
-
Add documentation about max file size purpose and side effect in the 'clamscan' and 'clamdscan' manpages (bsc#1187509).
-
Update to 0.103.3 (bsc#1188284).
Список пакетов
SUSE Linux Enterprise Point of Sale 11 SP3
clamav-0.103.4-0.20.41.1
SUSE Linux Enterprise Server 11 SP4-LTSS
clamav-0.103.4-0.20.41.1
SUSE Linux Enterprise Server 11-SECURITY
clamav-openssl1-0.103.4-0.20.41.1
Ссылки
- Link for SUSE-SU-2021:14850-1
- E-Mail link for SUSE-SU-2021:14850-1
- SUSE Security Ratings
- SUSE Bug 1103032
- SUSE Bug 1187509
- SUSE Bug 1188284
- SUSE Bug 1192346
- SUSE CVE CVE-2018-14679 page
Описание
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash).
Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:clamav-0.103.4-0.20.41.1
SUSE Linux Enterprise Server 11 SP4-LTSS:clamav-0.103.4-0.20.41.1
SUSE Linux Enterprise Server 11-SECURITY:clamav-openssl1-0.103.4-0.20.41.1
Ссылки
- CVE-2018-14679
- SUSE Bug 1102922
- SUSE Bug 1103032
- SUSE Bug 1103040