Описание
Security update for clamav
This update for clamav to version 0.100.1 fixes the following issues:
The following security vulnerabilities were addressed:
- CVE-2018-0360: HWP integer overflow, infinite loop vulnerability (bsc#1101410)
- CVE-2018-0361: PDF object length check, unreasonably long time to parse relatively small file (bsc#1101412)
- Buffer over-read in unRAR code due to missing max value checks in table initialization
- Libmspack heap buffer over-read in CHM parser (bsc#1103040)
- PDF parser bugs
The following other changes were made:
- Disable YARA support for licensing reasons (bsc#1101654).
- Add HTTPS support for clamsubmit
- Fix for DNS resolution for users on IPv4-only machines where IPv6 is not available or is link-local only
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.0
clamav-0.100.1-lp150.2.3.1
clamav-devel-0.100.1-lp150.2.3.1
libclamav7-0.100.1-lp150.2.3.1
libclammspack0-0.100.1-lp150.2.3.1
Ссылки
- E-Mail link for openSUSE-SU-2018:2259-1
- SUSE Security Ratings
Описание
ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. This is in parsehwp3_paragraph() in libclamav/hwp.c.
Затронутые продукты
openSUSE Leap 15.0:clamav-0.100.1-lp150.2.3.1
openSUSE Leap 15.0:clamav-devel-0.100.1-lp150.2.3.1
openSUSE Leap 15.0:libclamav7-0.100.1-lp150.2.3.1
openSUSE Leap 15.0:libclammspack0-0.100.1-lp150.2.3.1
Ссылки
- CVE-2018-0360
- SUSE Bug 1101410
- SUSE Bug 1103091
- SUSE Bug 1103092
- SUSE Bug 1103099
Описание
ClamAV before 0.100.1 lacks a PDF object length check, resulting in an unreasonably long time to parse a relatively small file.
Затронутые продукты
openSUSE Leap 15.0:clamav-0.100.1-lp150.2.3.1
openSUSE Leap 15.0:clamav-devel-0.100.1-lp150.2.3.1
openSUSE Leap 15.0:libclamav7-0.100.1-lp150.2.3.1
openSUSE Leap 15.0:libclammspack0-0.100.1-lp150.2.3.1
Ссылки
- CVE-2018-0361
- SUSE Bug 1101410
- SUSE Bug 1101412
- SUSE Bug 1103091
- SUSE Bug 1103092
- SUSE Bug 1103099