Описание
Security update for clamav
This update for clamav fixes the following issues:
-
CVE-2018-14679: Fixed off-by-one issue in embedded libmspack that could lead to denial of service (bsc#1103032).
-
Update to 0.103.4 (bsc#1192346).
-
Update to 0.103.3 (bsc#1188284).
Список пакетов
HPE Helion OpenStack 8
clamav-0.103.4-33.41.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production
clamav-0.103.4-33.41.1
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production
clamav-0.103.4-33.41.1
SUSE Linux Enterprise Server 12 SP2-BCL
clamav-0.103.4-33.41.1
SUSE Linux Enterprise Server 12 SP3-BCL
clamav-0.103.4-33.41.1
SUSE Linux Enterprise Server 12 SP3-LTSS
clamav-0.103.4-33.41.1
SUSE Linux Enterprise Server 12 SP4-LTSS
clamav-0.103.4-33.41.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
clamav-0.103.4-33.41.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
clamav-0.103.4-33.41.1
SUSE OpenStack Cloud 8
clamav-0.103.4-33.41.1
SUSE OpenStack Cloud 9
clamav-0.103.4-33.41.1
SUSE OpenStack Cloud Crowbar 8
clamav-0.103.4-33.41.1
SUSE OpenStack Cloud Crowbar 9
clamav-0.103.4-33.41.1
Ссылки
- Link for SUSE-SU-2021:3859-1
- E-Mail link for SUSE-SU-2021:3859-1
- SUSE Security Ratings
- SUSE Bug 1103032
- SUSE Bug 1188284
- SUSE Bug 1192346
- SUSE CVE CVE-2018-14679 page
Описание
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash).
Затронутые продукты
HPE Helion OpenStack 8:clamav-0.103.4-33.41.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:clamav-0.103.4-33.41.1
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production:clamav-0.103.4-33.41.1
SUSE Linux Enterprise Server 12 SP2-BCL:clamav-0.103.4-33.41.1
Ссылки
- CVE-2018-14679
- SUSE Bug 1102922
- SUSE Bug 1103032
- SUSE Bug 1103040