Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2018:3315-1

Опубликовано: 23 окт. 2018
Источник: suse-cvrf

Описание

Security update for clamav

This update for clamav fixes the following issues:

clamav was updated to version 0.100.2.

Following security issues were fixed:

  • CVE-2018-15378: Vulnerability in ClamAV's MEW unpacking feature that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. (bsc#1110723)
  • CVE-2018-14680, CVE-2018-14681, CVE-2018-14682: more fixes for embedded libmspack. (bsc#1103040)

Following non-security issues were addressed:

  • Make freshclam more robust against lagging signature mirrors.
  • On-Access "Extra Scanning", an opt-in minor feature of OnAccess scanning on Linux systems, has been disabled due to a known issue with resource cleanup OnAccessExtraScanning will be re-enabled in a future release when the issue is resolved. In the mean-time, users who enabled the feature in clamd.conf will see a warning informing them that the feature is not active. For details, see: https://bugzilla.clamav.net/show_bug.cgi?id=12048
  • Restore exit code compatibility of freshclam with versions before 0.100.0 when the virus database is already up to date (bsc#1104457)

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.0
clamav-0.100.2-lp150.2.6.1
clamav-devel-0.100.2-lp150.2.6.1
libclamav7-0.100.2-lp150.2.6.1
libclammspack0-0.100.2-lp150.2.6.1

Ссылки

Описание

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.

Затронутые продукты
openSUSE Leap 15.0:clamav-0.100.2-lp150.2.6.1
openSUSE Leap 15.0:clamav-devel-0.100.2-lp150.2.6.1
openSUSE Leap 15.0:libclamav7-0.100.2-lp150.2.6.1
openSUSE Leap 15.0:libclammspack0-0.100.2-lp150.2.6.1
Ссылки

Описание

An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.

Затронутые продукты
openSUSE Leap 15.0:clamav-0.100.2-lp150.2.6.1
openSUSE Leap 15.0:clamav-devel-0.100.2-lp150.2.6.1
openSUSE Leap 15.0:libclamav7-0.100.2-lp150.2.6.1
openSUSE Leap 15.0:libclammspack0-0.100.2-lp150.2.6.1
Ссылки

Описание

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.

Затронутые продукты
openSUSE Leap 15.0:clamav-0.100.2-lp150.2.6.1
openSUSE Leap 15.0:clamav-devel-0.100.2-lp150.2.6.1
openSUSE Leap 15.0:libclamav7-0.100.2-lp150.2.6.1
openSUSE Leap 15.0:libclammspack0-0.100.2-lp150.2.6.1
Ссылки

Описание

A vulnerability in ClamAV versions prior to 0.100.2 could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to an error related to the MEW unpacker within the "unmew11()" function (libclamav/mew.c), which can be exploited to trigger an invalid read memory access via a specially crafted EXE file.

Затронутые продукты
openSUSE Leap 15.0:clamav-0.100.2-lp150.2.6.1
openSUSE Leap 15.0:clamav-devel-0.100.2-lp150.2.6.1
openSUSE Leap 15.0:libclamav7-0.100.2-lp150.2.6.1
openSUSE Leap 15.0:libclammspack0-0.100.2-lp150.2.6.1
Ссылки
Уязвимость openSUSE-SU-2018:3315-1