OVAL Reference oval:org.opensuse.security:def:51098

Oval Definition:

oval:org.opensuse.security:def:51098

Revision Date:	2020-12-22	Version:	1
Title:	Security update for clamav (Important)
Description:	This update for clamav fixes the following issues: clamav was updated to 0.103.0 to implement jsc#ECO-3010 and bsc#1118459. clamd can now reload the signature database without blocking scanning. This multi-threaded database reload improvement was made possible thanks to a community effort. - Non-blocking database reloads are now the default behavior. Some systems that are more constrained on RAM may need to disable non-blocking reloads as it will temporarily consume two times as much memory. We added a new clamd config option ConcurrentDatabaseReload, which may be set to no. * Fix clamav-milter.service (requires clamd.service to run) * bsc#1119353, clamav-fips.patch: Fix freshclam crash in FIPS mode. * Partial sync with SLE15. Update to version 0.102.4 Accumulated security fixes: CVE-2020-3350: Fix a vulnerability wherein a malicious user could replace a scan target's directory with a symlink to another path to trick clamscan, clamdscan, or clamonacc into removing or moving a different file (eg. a critical system file). The issue would affect users that use the --move or --remove options for clamscan, clamdscan, and clamonacc. (bsc#1174255) * CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing module in ClamAV 0.102.3 that could cause a Denial-of-Service (DoS) condition. Improper bounds checking results in an out-of-bounds read which could cause a crash. The previous fix for this CVE in 0.102.3 was incomplete. This fix correctly resolves the issue. * CVE-2020-3481: Fix a vulnerability in the EGG archive module in ClamAV 0.102.0 - 0.102.3 could cause a Denial-of-Service (DoS) condition. Improper error handling may result in a crash due to a NULL pointer dereference. This vulnerability is mitigated for those using the official ClamAV signature databases because the file type signatures in daily.cvd will not enable the EGG archive parser in versions affected by the vulnerability. (bsc#1174250) * CVE-2020-3341: Fix a vulnerability in the PDF parsing module in ClamAV 0.101 - 0.102.2 that could cause a Denial-of-Service (DoS) condition. Improper size checking of a buffer used to initialize AES decryption routines results in an out-of-bounds read which may cause a crash. (bsc#1171981) * CVE-2020-3123: A denial-of-service (DoS) condition may occur when using the optional credit card data-loss-prevention (DLP) feature. Improper bounds checking of an unsigned variable resulted in an out-of-bounds read, which causes a crash. * CVE-2019-15961: A Denial-of-Service (DoS) vulnerability may occur when scanning a specially crafted email file as a result of excessively long scan times. The issue is resolved by implementing several maximums in parsing MIME messages and by optimizing use of memory allocation. (bsc#1157763). * CVE-2019-12900: An out of bounds write in the NSIS bzip2 (bsc#1149458) * CVE-2019-12625: Introduce a configurable time limit to mitigate zip bomb vulnerability completely. Default is 2 minutes, configurable useing the clamscan --max-scantime and for clamd using the MaxScanTime config option (bsc#1144504) Update to version 0.101.3: ZIP bomb causes extreme CPU spikes (bsc#1144504) Update to version 0.101.2 (bsc#1118459): Support for RAR v5 archive extraction. * Incompatible changes to the arguments of cl_scandesc, cl_scandesc_callback, and cl_scanmap_callback. * Scanning options have been converted from a single flag bit-field into a structure of multiple categorized flag bit-fields. * The CL_SCAN_HEURISTIC_ENCRYPTED scan option was replaced by 2 new scan options: CL_SCAN_HEURISTIC_ENCRYPTED_ARCHIVE, and CL_SCAN_HEURISTIC_ENCRYPTED_DOC * Incompatible clamd.conf and command line interface changes. * Heuristic Alerts' (aka 'Algorithmic Detection') options have been changed to make the names more consistent. The original options are deprecated in 0.101, and will be removed in a future feature release. * For details, see https://blog.clamav.net/2018/12/clamav-01010-has-been-released.html
Family:	unix	Class:	patch
Status:		Reference(s):	1013712 1018371 1046299 1046303 1046305 1050244 1050536 1050545 1051510 1055186 1061840 1064802 1065600 1065697 1066129 1073513 1082635 1083647 1085240 1086323 1087092 1089644 1090631 1093205 1095508 1096254 1097583 1097584 1097585 1097586 1097587 1097588 1098291 1101674 1108630 1108631 1108632 1109158 1109465 1114279 1117473 1117665 1118459 1119353 1119461 1119465 1123034 1123080 1123304 1123482 1124525 1125401 1127820 1127821 1127822 1133140 1133810 1134303 1135642 1135854 1135873 1135967 1136446 1137040 1137597 1137799 1138190 1138688 1140090 1140709 1140729 1140747 1140845 1140868 1140883 1141322 1141600 1142635 1142667 1143706 1144338 1144375 1144449 1144504 1144903 1145099 1145665 1146612 1148410 1149119 1149292 1149293 1149294 1149295 1149296 1149297 1149298 1149299 1149302 1149303 1149304 1149323 1149458 1150452 1150457 1150465 1150875 1151508 1152624 1152685 1152782 1152788 1152791 1153112 1153158 1153236 1153263 1153476 1153509 1153646 1153681 1153713 1153717 1153718 1153719 1153811 1153969 1154108 1154189 1154354 1154372 1154578 1154607 1154608 1154610 1154611 1154651 1154737 1154747 1154848 1154858 1154905 1154956 1155178 1155179 1155184 1155186 1155671 1155692 1155784 1155836 1155982 1156187 1157763 1158709 1158798 1159692 1163985 1169740 1171355 1171981 1172651 1173334 1174154 1174250 1174255 1174662 1177513 1177729 1178003 1178264 1178611 992038 CVE-2008-4316 CVE-2009-1892 CVE-2010-2156 CVE-2010-3611 CVE-2010-3616 CVE-2010-4540 CVE-2010-4541 CVE-2010-4542 CVE-2010-4543 CVE-2011-0413 CVE-2011-0997 CVE-2011-2748 CVE-2011-2749 CVE-2011-2896 CVE-2011-4539 CVE-2011-4868 CVE-2012-3236 CVE-2012-3524 CVE-2012-3570 CVE-2012-3571 CVE-2012-3954 CVE-2012-3955 CVE-2012-5576 CVE-2013-2266 CVE-2016-10030 CVE-2016-9798 CVE-2017-1000405 CVE-2017-15566 CVE-2018-10995 CVE-2018-12178 CVE-2018-12180 CVE-2018-12207 CVE-2018-17096 CVE-2018-17097 CVE-2018-17098 CVE-2018-3630 CVE-2018-7033 CVE-2018-8956 CVE-2019-10220 CVE-2019-11135 CVE-2019-11477 CVE-2019-11478 CVE-2019-11710 CVE-2019-11714 CVE-2019-11716 CVE-2019-11718 CVE-2019-11720 CVE-2019-11721 CVE-2019-11723 CVE-2019-11724 CVE-2019-11725 CVE-2019-11727 CVE-2019-11728 CVE-2019-11733 CVE-2019-11735 CVE-2019-11736 CVE-2019-11738 CVE-2019-11740 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746 CVE-2019-11747 CVE-2019-11748 CVE-2019-11749 CVE-2019-11750 CVE-2019-11751 CVE-2019-11752 CVE-2019-11753 CVE-2019-12838 CVE-2019-12900 CVE-2019-15961 CVE-2019-16232 CVE-2019-16233 CVE-2019-16234 CVE-2019-16995 CVE-2019-17055 CVE-2019-17056 CVE-2019-17133 CVE-2019-17666 CVE-2019-18805 CVE-2019-19727 CVE-2019-19728 CVE-2019-3846 CVE-2019-6438 CVE-2019-9811 CVE-2019-9812 CVE-2020-0430 CVE-2020-11868 CVE-2020-12351 CVE-2020-13817 CVE-2020-15025 CVE-2020-15719 CVE-2020-1720 CVE-2020-25645 CVE-2020-26950 CVE-2020-3123 CVE-2020-3327 CVE-2020-3341 CVE-2020-3350 CVE-2020-3481 CVE-2020-9862 CVE-2020-9893 CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 CVE-2020-9925 SUSE-SU-2018:3610-1 SUSE-SU-2019:0580-1 SUSE-SU-2019:2545-1 SUSE-SU-2019:2951-1 SUSE-SU-2019:3046-1 SUSE-SU-2020:0443-1 SUSE-SU-2020:0752-1 SUSE-SU-2020:1823-1 SUSE-SU-2020:2198-1 SUSE-SU-2020:3449-1 SUSE-SU-2020:3918-1
Platform(s):	SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for High Performance Computing 15 SP1 SUSE Linux Enterprise Module for Legacy Software 15 SP1 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 SUSE Linux Enterprise Module for Public Cloud 15 SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Server Applications 15 SP1 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP Applications 12 SP2 SUSE Linux Enterprise Workstation Extension 15 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8	Product(s):
Definition Synopsis
SUSE Linux Enterprise Desktop 11 SP3 is installed AND Package Information MozillaFirefox-38.5.0esr-28 is installed OR MozillaFirefox-translations-38.5.0esr-28 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 11 SP4 is installed AND Package Information flash-player-11.2.202.577-0.38 is installed OR flash-player-gnome-11.2.202.577-0.38 is installed OR flash-player-kde4-11.2.202.577-0.38 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 is installed AND Package Information dhcp-4.2.6-7 is installed OR dhcp-client-4.2.6-7 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP1 is installed AND dracut-037-66 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP2 is installed AND Package Information MozillaFirefox-45.4.0esr-81 is installed OR MozillaFirefox-translations-45.4.0esr-81 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP3 is installed AND Package Information bind-libs-9.9.9P1-62 is installed OR bind-libs-32bit-9.9.9P1-62 is installed OR bind-utils-9.9.9P1-62 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP4 is installed AND Package Information apparmor-docs-2.8.2-49 is installed OR apparmor-parser-2.8.2-49 is installed OR apparmor-profiles-2.8.2-49 is installed OR apparmor-utils-2.8.2-49 is installed OR libapparmor1-2.8.2-49 is installed OR libapparmor1-32bit-2.8.2-49 is installed OR pam_apparmor-2.8.2-49 is installed OR pam_apparmor-32bit-2.8.2-49 is installed OR perl-apparmor-2.8.2-49 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Desktop Applications 15 is installed AND Package Information libSoundTouch0-1.8.0-3.6 is installed OR soundtouch-1.8.0-3.6 is installed OR soundtouch-devel-1.8.0-3.6 is installed
Definition Synopsis
SUSE Linux Enterprise Module for High Performance Computing 15 SP1 is installed AND Package Information pdsh-2.33-7.6 is installed OR pdsh-dshgroup-2.33-7.6 is installed OR pdsh-genders-2.33-7.6 is installed OR pdsh-machines-2.33-7.6 is installed OR pdsh-netgroup-2.33-7.6 is installed OR pdsh-slurm-2.33-7.6 is installed OR pdsh-slurm_18_08-2.33-7.6 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Legacy Software 15 SP1 is installed AND ntp-4.2.8p15-4.10 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Live Patching 15 is installed AND Package Information kernel-livepatch-4_12_14-25_16-default-7-2 is installed OR kernel-livepatch-SLE15_Update_4-7-2 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 is installed AND Package Information openldap2-2.4.46-9.34 is installed OR openldap2-back-sock-2.4.46-9.34 is installed OR openldap2-back-sql-2.4.46-9.34 is installed OR openldap2-contrib-2.4.46-9.34 is installed OR openldap2-doc-2.4.46-9.34 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Public Cloud 15 is installed AND Package Information kernel-azure-4.12.14-5.44 is installed OR kernel-azure-base-4.12.14-5.44 is installed OR kernel-azure-devel-4.12.14-5.44 is installed OR kernel-devel-azure-4.12.14-5.44 is installed OR kernel-source-azure-4.12.14-5.44 is installed OR kernel-syms-azure-4.12.14-5.44 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Server Applications 15 is installed AND Package Information ovmf-2017+git1510945757.b2662641d5-5.14 is installed OR ovmf-tools-2017+git1510945757.b2662641d5-5.14 is installed OR qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-5.14 is installed OR qemu-uefi-aarch64-2017+git1510945757.b2662641d5-5.14 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Server Applications 15 SP1 is installed AND Package Information libecpg6-10.12-8.9 is installed OR postgresql10-10.12-8.9 is installed OR postgresql10-contrib-10.12-8.9 is installed OR postgresql10-devel-10.12-8.9 is installed OR postgresql10-docs-10.12-8.9 is installed OR postgresql10-plperl-10.12-8.9 is installed OR postgresql10-plpython-10.12-8.9 is installed OR postgresql10-pltcl-10.12-8.9 is installed OR postgresql10-server-10.12-8.9 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information perl-5.18.2-11 is installed OR perl-32bit-5.18.2-11 is installed OR perl-base-5.18.2-11 is installed OR perl-doc-5.18.2-11 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information kgraft-patch-3_12_74-60_64_88-default-3-2 is installed OR kgraft-patch-3_12_74-60_64_88-xen-3-2 is installed OR kgraft-patch-SLE12-SP1_Update_27-3-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information evince-3.20.1-5 is installed OR evince-browser-plugin-3.20.1-5 is installed OR evince-lang-3.20.1-5 is installed OR evince-plugin-djvudocument-3.20.1-5 is installed OR evince-plugin-dvidocument-3.20.1-5 is installed OR evince-plugin-pdfdocument-3.20.1-5 is installed OR evince-plugin-psdocument-3.20.1-5 is installed OR evince-plugin-tiffdocument-3.20.1-5 is installed OR evince-plugin-xpsdocument-3.20.1-5 is installed OR libevdocument3-4-3.20.1-5 is installed OR libevview3-3-3.20.1-5 is installed OR nautilus-evince-3.20.1-5 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information openslp-2.0.0-18.15 is installed OR openslp-32bit-2.0.0-18.15 is installed OR openslp-server-2.0.0-18.15 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information libopenssl-devel-1.0.2j-60.30 is installed OR libopenssl1_0_0-1.0.2j-60.30 is installed OR libopenssl1_0_0-32bit-1.0.2j-60.30 is installed OR libopenssl1_0_0-hmac-1.0.2j-60.30 is installed OR libopenssl1_0_0-hmac-32bit-1.0.2j-60.30 is installed OR openssl-1.0.2j-60.30 is installed OR openssl-doc-1.0.2j-60.30 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information java-1_8_0-openjdk-1.8.0.171-27.19 is installed OR java-1_8_0-openjdk-demo-1.8.0.171-27.19 is installed OR java-1_8_0-openjdk-devel-1.8.0.171-27.19 is installed OR java-1_8_0-openjdk-headless-1.8.0.171-27.19 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information bind-9.9.9P1-62 is installed OR bind-chrootenv-9.9.9P1-62 is installed OR bind-doc-9.9.9P1-62 is installed OR bind-libs-9.9.9P1-62 is installed OR bind-libs-32bit-9.9.9P1-62 is installed OR bind-utils-9.9.9P1-62 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information libpython3_4m1_0-3.4.6-25.29 is installed OR python3-3.4.6-25.29 is installed OR python3-base-3.4.6-25.29 is installed OR python3-curses-3.4.6-25.29 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information kgraft-patch-4_4_156-94_64-default-7-2 is installed OR kgraft-patch-SLE12-SP3_Update_20-7-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information kgraft-patch-4_4_162-94_69-default-6-2 is installed OR kgraft-patch-SLE12-SP3_Update_21-6-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND libcares2-1.9.1-9.4 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information expat-2.1.0-21.3 is installed OR libexpat1-2.1.0-21.3 is installed OR libexpat1-32bit-2.1.0-21.3 is installed
Definition Synopsis
SUSE Linux Enterprise Server 15-LTSS is installed AND Package Information libjavascriptcoregtk-4_0-18-2.28.4-3.60 is installed OR libwebkit2gtk-4_0-37-2.28.4-3.60 is installed OR libwebkit2gtk3-lang-2.28.4-3.60 is installed OR webkit2gtk-4_0-injected-bundles-2.28.4-3.60 is installed OR webkit2gtk3-2.28.4-3.60 is installed OR webkit2gtk3-devel-2.28.4-3.60 is installed
Definition Synopsis
SUSE Linux Enterprise Server for SAP Applications 12 SP2 is installed AND clamav-0.103.0-33.32.1 is installed
Definition Synopsis
SUSE Linux Enterprise Workstation Extension 15 is installed AND Package Information bluez-5.48-5.19 is installed OR bluez-cups-5.48-5.19 is installed
Definition Synopsis
SUSE OpenStack Cloud 6 is installed AND Package Information ruby2.1-rubygem-chef-10.32.2-3 is installed OR ruby2.1-rubygem-chef-expander-10.32.2-1 is installed OR ruby2.1-rubygem-chef-server-10.32.2-1 is installed OR ruby2.1-rubygem-chef-server-api-10.32.2-4 is installed OR ruby2.1-rubygem-chef-solr-10.32.2-1 is installed OR rubygem-chef-10.32.2-3 is installed OR rubygem-chef-expander-10.32.2-1 is installed OR rubygem-chef-server-api-10.32.2-4 is installed OR rubygem-chef-solr-10.32.2-1 is installed
Definition Synopsis
SUSE OpenStack Cloud 7 is installed AND python-oslo.middleware-3.19.0-3 is installed
Definition Synopsis
SUSE OpenStack Cloud 8 is installed AND Package Information ardana-monasca-8.0+git.1535031421.9262a47-3.12 is installed OR ardana-spark-8.0+git.1534267176.a5f3a22-3.6 is installed OR kafka-0.10.2.2-5.6 is installed OR openstack-monasca-api-2.2.1~dev24-3.6 is installed OR python-monasca-api-2.2.1~dev24-3.6 is installed
Definition Synopsis
SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information mariadb-10.2.22-4.11 is installed OR mariadb-client-10.2.22-4.11 is installed OR mariadb-errormessages-10.2.22-4.11 is installed OR mariadb-galera-10.2.22-4.11 is installed OR mariadb-tools-10.2.22-4.11 is installed

BACK