| Revision Date: | 2015-02-23 | Version: | 3 |
| Title: | SUSE-SU-2014:1574-1 -- Security update for clamav (important) |
| Description: | clamav was updated to version 0.98.5 to fix three security issues andseveral non-security issues.These security issues have been fixed: * Crash when scanning maliciously crafted yoda's crypter files (CVE-2013-6497). * Heap-based buffer overflow when scanning crypted PE files (CVE-2014-9050). * Crash when using 'clamscan -a'.These non-security issues have been fixed: * Support for the XDP file format and extracting, decoding, and scanning PDF files within XDP files. * Addition of shared library support for LLVM versions 3.1 - 3.5 for the purpose of just-in-time(JIT) compilation of ClamAV bytecode signatures. * Enhancements to the clambc command line utility to assist ClamAV bytecode signature authors by providing introspection into compiled bytecode programs. * Resolution of many of the warning messages from ClamAV compilation. * Improved detection of malicious PE files. * ClamAV 0.98.5 now works with OpenSSL in FIPS compliant mode (bnc#904207). * Fix server socket setup code in clamd (bnc#903489). * Change updateclamconf to prefer the state of the old config file even for commented-out options (bnc#903719). * Fix infinite loop in clamdscan when clamd is not running. * Fix buffer underruns when handling multi-part MIME email attachments. * Fix configuration of OpenSSL on various platforms. * Fix linking issues with libclamunrar.Security Issues: * CVE-2013-6497 * CVE-2014-9050 |
| Family: | unix | Class: | patch |
| Status: | ACCEPTED | Reference(s): | CVE-2013-6497
CVE-2014-9050
SUSE-SU-2014:1574-1
|
| Platform(s): | SUSE Linux Enterprise Desktop 11
SUSE Linux Enterprise Server 10
SUSE Linux Enterprise Server 11
| Product(s): | clamav
|
| Definition Synopsis |
| SUSE Linux Enterprise Server 11 and SUSE Linux Enterprise Desktop 11 release section Operation system section
SUSE Linux Enterprise Server 11.x is installed
OR SUSE Linux Enterprise Desktop 11.x is installed
AND clamav is earlier than 0:0.98.5-0.5.1
SUSE Linux Enterprise Server 10 release section
SUSE Linux Enterprise Server 10 is installed
AND clamav is earlier than 0:0.98.5-0.7.1
|