Описание
Security update for clamav
This update for clamav fixes the following issues:
New version 1.4.2:
- CVE-2025-20128, bsc#1236307: Fixed a possible buffer overflow read bug in the OLE2 file parser that could cause a denial-of-service (DoS) condition.
-
Start clamonacc with --fdpass to avoid errors due to clamd not being able to access user files. (bsc#1232242)
-
New version 1.4.1:
-
New version 1.4.0:
- Added support for extracting ALZ archives.
- Added support for extracting LHA/LZH archives.
- Added the ability to disable image fuzzy hashing, if needed. For context, image fuzzy hashing is a detection mechanism useful for identifying malware by matching images included with the malware or phishing email/document.
- https://blog.clamav.net/2024/08/clamav-140-feature-release-and-clamav.html
-
New version 1.3.2:
- CVE-2024-20506: Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the 'clamd' or 'freshclam' services from using a symlink to corrupt system files.
- CVE-2024-20505: Fixed a possible out-of-bounds read bug in the PDF file parser that could cause a denial-of-service condition.
- Removed unused Python modules from freshclam tests including deprecated 'cgi' module that is expected to cause test failures in Python 3.13.
- Fix unit test caused by expiring signing certificate.
- Fixed a build issue on Windows with newer versions of Rust. Also upgraded GitHub Actions imports to fix CI failures.
- Fixed an unaligned pointer dereference issue on select architectures.
- Fixes to Jenkins CI pipeline.
-
New Version: 1.3.1:
- CVE-2024-20380: Fixed a possible crash in the HTML file parser that could cause a denial-of-service (DoS) condition.
- Updated select Rust dependencies to the latest versions.
- Fixed a bug causing some text to be truncated when converting from UTF-16.
- Fixed assorted complaints identified by Coverity static analysis.
- Fixed a bug causing CVDs downloaded by the DatabaseCustomURL
- Added the new 'valhalla' database name to the list of optional databases in preparation for future work.
-
New version: 1.3.0:
- Added support for extracting and scanning attachments found in Microsoft OneNote section files. OneNote parsing will be enabled by default, but may be optionally disabled.
- Added file type recognition for compiled Python ('.pyc') files.
- Improved support for decrypting PDFs with empty passwords.
- Fixed a warning when scanning some HTML files.
- ClamOnAcc: Fixed an infinite loop when a watched directory does not exist.
- ClamOnAcc: Fixed an infinite loop when a file has been deleted before a scan.
-
New version: 1.2.0:
- Added support for extracting Universal Disk Format (UDF) partitions.
- Added an option to customize the size of ClamAV's clean file cache.
- Raised the MaxScanSize limit so the total amount of data scanned when scanning a file or archive may exceed 4 gigabytes.
- Added ability for Freshclam to use a client certificate PEM file and a private key PEM file for authentication to a private mirror.
- Fix an issue extracting files from ISO9660 partitions where the files are listed in the plain ISO tree and there also exists an empty Joliet tree.
- PID and socket are now located under /run/clamav/clamd.pid and /run/clamav/clamd.sock .
- bsc#1211594: Fixed an issue where ClamAV does not abort the signature load process after partially loading an invalid signature.
-
New version 1.1.0:
- https://blog.clamav.net/2023/05/clamav-110-released.html
- Added the ability to extract images embedded in HTML CSS blocks.
- Updated to Sigtool so that the '--vba' option will extract VBA code from Microsoft Office documents the same way that libclamav extracts VBA.
- Added a new option --fail-if-cvd-older-than=days to clamscan and clamd, and FailIfCvdOlderThan to clamd.conf
- Added a new function 'cl_cvdgetage()' to the libclamav API.
- Added a new function 'cl_engine_set_clcb_vba()' to the libclamav API.
-
bsc#1180296: Integrate clamonacc as a service.
-
New version 1.0.1 LTS (including changes in 0.104 and 0.105):
- As of ClamAV 0.104, CMake is required to build ClamAV.
- As of ClamAV 0.105, Rust is now required to compile ClamAV.
- Increased the default limits for file and scan size:
- MaxScanSize: 100M to 400M
- MaxFileSize: 25M to 100M
- StreamMaxLength: 25M to 100M
- PCREMaxFileSize: 25M to 100M
- MaxEmbeddedPE: 10M to 40M
- MaxHTMLNormalize: 10M to 40M
- MaxScriptNormalize: 5M to 20M
- MaxHTMLNoTags: 2M to 8M
- Added image fuzzy hash subsignatures for logical signatures.
- Support for decrypting read-only OLE2-based XLS files that are encrypted with the default password.
- Overhauled the implementation of the all-match feature.
- Added a new callback to the public API for inspecting file content during a scan at each layer of archive extraction.
- Added a new function to the public API for unpacking CVD signature archives.
- The option to build with an external TomsFastMath library has been removed. ClamAV requires non-default build options for TomsFastMath to support bigger floating point numbers.
- For a full list of changes see the release announcements:
-
Build clamd with systemd support.
- CVE-2023-20197: Fixed a possible denial of service vulnerability in the HFS+ file parser. (bsc#1214342)
- CVE-2018-14679: Fixed that an issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There isan off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized da (bsc#1103032)
-
Package huge .html documentation in a separate subpackage.
-
Update to 0.103.7 (bsc#1202986)
- Zip parser: tolerate 2-byte overlap in file entries
- Fix bug with logical signature Intermediates feature
- Update to UnRAR v6.1.7
- Patch UnRAR: allow skipping files in solid archives
- Patch UnRAR: limit dict winsize to 1GB
-
Use a split-provides for clamav-milter instead of recommending it.
-
Package clamav-milter in a subpackage
-
Remove virus signatures upon uninstall
-
Check for database existence before starting clamd
-
Restart clamd when it exits
-
Don't daemonize freshclam, but use a systemd timer instead to trigger updates
Список пакетов
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
SUSE Linux Enterprise Server 12 SP5-LTSS
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
Ссылки
- Link for SUSE-SU-2025:0328-1
- E-Mail link for SUSE-SU-2025:0328-1
- SUSE Security Ratings
- SUSE Bug 1102840
- SUSE Bug 1103032
- SUSE Bug 1180296
- SUSE Bug 1202986
- SUSE Bug 1211594
- SUSE Bug 1214342
- SUSE Bug 1232242
- SUSE Bug 1236307
- SUSE CVE CVE-2018-14679 page
- SUSE CVE CVE-2023-20197 page
- SUSE CVE CVE-2024-20380 page
- SUSE CVE CVE-2024-20505 page
- SUSE CVE CVE-2024-20506 page
- SUSE CVE CVE-2025-20128 page
Описание
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash).
Затронутые продукты
Ссылки
- CVE-2018-14679
- SUSE Bug 1102922
- SUSE Bug 1103032
- SUSE Bug 1103040
Описание
A vulnerability in the filesystem image parser for Hierarchical File System Plus (HFS+) of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for completion when a file is decompressed, which may result in a loop condition that could cause the affected software to stop responding. An attacker could exploit this vulnerability by submitting a crafted HFS+ filesystem image to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to stop responding, resulting in a DoS condition on the affected software and consuming available system resources. For a description of this vulnerability, see the ClamAV blog .
Затронутые продукты
Ссылки
- CVE-2023-20197
- SUSE Bug 1214342
Описание
A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this vulnerability by submitting a crafted file containing HTML content to be scanned by ClamAV on an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.
Затронутые продукты
Ссылки
- CVE-2024-20380
- SUSE Bug 1223132
Описание
A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an out of bounds read. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device. An exploit could allow the attacker to terminate the scanning process.
Затронутые продукты
Ссылки
- CVE-2024-20505
- SUSE Bug 1230161
Описание
A vulnerability in the ClamD service module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an authenticated, local attacker to corrupt critical system files. The vulnerability is due to allowing the ClamD process to write to its log file while privileged without checking if the logfile has been replaced with a symbolic link. An attacker could exploit this vulnerability if they replace the ClamD log file with a symlink to a critical system file and then find a way to restart the ClamD process. An exploit could allow the attacker to corrupt a critical system file by appending ClamD log messages after restart.
Затронутые продукты
Ссылки
- CVE-2024-20506
- SUSE Bug 1230162
Описание
A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an integer underflow in a bounds check that allows for a heap buffer overflow read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software. For a description of this vulnerability, see the . Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Затронутые продукты
Ссылки
- CVE-2025-20128
- SUSE Bug 1236307