OVAL Reference oval:org.opensuse.security:def:55134

Oval Definition:

oval:org.opensuse.security:def:55134

Revision Date:	2020-12-22	Version:	1
Title:	Security update for clamav (Important)
Description:	This update for clamav fixes the following issues: clamav was updated to 0.103.0 to implement jsc#ECO-3010 and bsc#1118459. clamd can now reload the signature database without blocking scanning. This multi-threaded database reload improvement was made possible thanks to a community effort. - Non-blocking database reloads are now the default behavior. Some systems that are more constrained on RAM may need to disable non-blocking reloads as it will temporarily consume two times as much memory. We added a new clamd config option ConcurrentDatabaseReload, which may be set to no. * Fix clamav-milter.service (requires clamd.service to run) * bsc#1119353, clamav-fips.patch: Fix freshclam crash in FIPS mode. * Partial sync with SLE15. Update to version 0.102.4 Accumulated security fixes: CVE-2020-3350: Fix a vulnerability wherein a malicious user could replace a scan target's directory with a symlink to another path to trick clamscan, clamdscan, or clamonacc into removing or moving a different file (eg. a critical system file). The issue would affect users that use the --move or --remove options for clamscan, clamdscan, and clamonacc. (bsc#1174255) * CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing module in ClamAV 0.102.3 that could cause a Denial-of-Service (DoS) condition. Improper bounds checking results in an out-of-bounds read which could cause a crash. The previous fix for this CVE in 0.102.3 was incomplete. This fix correctly resolves the issue. * CVE-2020-3481: Fix a vulnerability in the EGG archive module in ClamAV 0.102.0 - 0.102.3 could cause a Denial-of-Service (DoS) condition. Improper error handling may result in a crash due to a NULL pointer dereference. This vulnerability is mitigated for those using the official ClamAV signature databases because the file type signatures in daily.cvd will not enable the EGG archive parser in versions affected by the vulnerability. (bsc#1174250) * CVE-2020-3341: Fix a vulnerability in the PDF parsing module in ClamAV 0.101 - 0.102.2 that could cause a Denial-of-Service (DoS) condition. Improper size checking of a buffer used to initialize AES decryption routines results in an out-of-bounds read which may cause a crash. (bsc#1171981) * CVE-2020-3123: A denial-of-service (DoS) condition may occur when using the optional credit card data-loss-prevention (DLP) feature. Improper bounds checking of an unsigned variable resulted in an out-of-bounds read, which causes a crash. * CVE-2019-15961: A Denial-of-Service (DoS) vulnerability may occur when scanning a specially crafted email file as a result of excessively long scan times. The issue is resolved by implementing several maximums in parsing MIME messages and by optimizing use of memory allocation. (bsc#1157763). * CVE-2019-12900: An out of bounds write in the NSIS bzip2 (bsc#1149458) * CVE-2019-12625: Introduce a configurable time limit to mitigate zip bomb vulnerability completely. Default is 2 minutes, configurable useing the clamscan --max-scantime and for clamd using the MaxScanTime config option (bsc#1144504) Update to version 0.101.3: ZIP bomb causes extreme CPU spikes (bsc#1144504) Update to version 0.101.2 (bsc#1118459): Support for RAR v5 archive extraction. * Incompatible changes to the arguments of cl_scandesc, cl_scandesc_callback, and cl_scanmap_callback. * Scanning options have been converted from a single flag bit-field into a structure of multiple categorized flag bit-fields. * The CL_SCAN_HEURISTIC_ENCRYPTED scan option was replaced by 2 new scan options: CL_SCAN_HEURISTIC_ENCRYPTED_ARCHIVE, and CL_SCAN_HEURISTIC_ENCRYPTED_DOC * Incompatible clamd.conf and command line interface changes. * Heuristic Alerts' (aka 'Algorithmic Detection') options have been changed to make the names more consistent. The original options are deprecated in 0.101, and will be removed in a future feature release. * For details, see https://blog.clamav.net/2018/12/clamav-01010-has-been-released.html
Family:	unix	Class:	patch
Status:		Reference(s):	1002573 1020950 1024749 1046637 1047675 1048920 1049578 1050469 1051787 1051788 1052686 1053431 1056126 1056127 1056128 1056129 1056131 1056132 1056136 1065274 1066892 1069925 1070615 1073654 1075419 1092885 1104789 1110018 1113534 1113652 1118459 1119353 1125401 1128525 1144504 1149458 1156015 1157763 1171981 1174250 1174255 859055 861847 880735 880737 880738 953516 953521 983273 CVE-2004-2771 CVE-2013-6487 CVE-2014-1477 CVE-2014-1479 CVE-2014-1480 CVE-2014-1481 CVE-2014-1482 CVE-2014-1483 CVE-2014-1484 CVE-2014-1485 CVE-2014-1486 CVE-2014-1487 CVE-2014-1488 CVE-2014-1489 CVE-2014-1490 CVE-2014-1491 CVE-2014-3467 CVE-2014-3468 CVE-2014-3469 CVE-2014-3775 CVE-2014-7844 CVE-2014-9756 CVE-2015-7805 CVE-2015-8899 CVE-2016-4692 CVE-2016-4743 CVE-2016-7586 CVE-2016-7587 CVE-2016-7589 CVE-2016-7592 CVE-2016-7598 CVE-2016-7599 CVE-2016-7610 CVE-2016-7623 CVE-2016-7632 CVE-2016-7635 CVE-2016-7639 CVE-2016-7641 CVE-2016-7645 CVE-2016-7652 CVE-2016-7654 CVE-2016-7656 CVE-2016-8610 CVE-2016-9811 CVE-2017-10053 CVE-2017-10067 CVE-2017-10074 CVE-2017-10081 CVE-2017-10087 CVE-2017-10089 CVE-2017-10090 CVE-2017-10096 CVE-2017-10101 CVE-2017-10102 CVE-2017-10105 CVE-2017-10107 CVE-2017-10108 CVE-2017-10109 CVE-2017-10110 CVE-2017-10111 CVE-2017-10115 CVE-2017-10116 CVE-2017-10125 CVE-2017-10243 CVE-2017-10664 CVE-2017-10806 CVE-2017-11334 CVE-2017-11434 CVE-2017-12135 CVE-2017-12137 CVE-2017-13728 CVE-2017-13729 CVE-2017-13730 CVE-2017-13731 CVE-2017-13732 CVE-2017-13733 CVE-2017-13734 CVE-2017-13788 CVE-2017-13798 CVE-2017-13803 CVE-2017-13856 CVE-2017-13866 CVE-2017-13870 CVE-2017-15088 CVE-2017-2350 CVE-2017-2354 CVE-2017-2355 CVE-2017-2356 CVE-2017-2362 CVE-2017-2363 CVE-2017-2364 CVE-2017-2365 CVE-2017-2366 CVE-2017-2369 CVE-2017-2371 CVE-2017-2373 CVE-2017-2496 CVE-2017-2510 CVE-2017-2539 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2017-5837 CVE-2017-5844 CVE-2017-7006 CVE-2017-7011 CVE-2017-7012 CVE-2017-7018 CVE-2017-7019 CVE-2017-7020 CVE-2017-7030 CVE-2017-7034 CVE-2017-7037 CVE-2017-7038 CVE-2017-7039 CVE-2017-7040 CVE-2017-7041 CVE-2017-7042 CVE-2017-7043 CVE-2017-7046 CVE-2017-7048 CVE-2017-7049 CVE-2017-7052 CVE-2017-7055 CVE-2017-7056 CVE-2017-7059 CVE-2017-7061 CVE-2017-7064 CVE-2017-7081 CVE-2017-7087 CVE-2017-7089 CVE-2017-7090 CVE-2017-7091 CVE-2017-7092 CVE-2017-7093 CVE-2017-7094 CVE-2017-7095 CVE-2017-7096 CVE-2017-7098 CVE-2017-7099 CVE-2017-7100 CVE-2017-7102 CVE-2017-7104 CVE-2017-7107 CVE-2017-7109 CVE-2017-7111 CVE-2017-7117 CVE-2017-7120 CVE-2017-7142 CVE-2017-7156 CVE-2017-7157 CVE-2018-0734 CVE-2018-3639 CVE-2018-5407 CVE-2019-12900 CVE-2019-15961 CVE-2019-5068 CVE-2019-8936 CVE-2020-3123 CVE-2020-3327 CVE-2020-3341 CVE-2020-3350 CVE-2020-3481 SUSE-SU-2015:0901-1 SUSE-SU-2015:1979-1 SUSE-SU-2016:3269-1 SUSE-SU-2017:2280-1 SUSE-SU-2017:2319-1 SUSE-SU-2017:2948-1 SUSE-SU-2018:0219-1 SUSE-SU-2018:0284-1 SUSE-SU-2018:1378-1 SUSE-SU-2018:4068-1 SUSE-SU-2019:0789-1 SUSE-SU-2020:0145-1 SUSE-SU-2020:3918-1
Platform(s):	openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9	Product(s):
Definition Synopsis
openSUSE Leap 15.0 is installed AND Package Information dhcp-4.3.5-lp150.4 is installed OR dhcp-client-4.3.5-lp150.4 is installed
Definition Synopsis
openSUSE Leap 15.1 is installed AND Package Information GraphicsMagick-1.3.29-lp151.4.6 is installed OR GraphicsMagick-devel-1.3.29-lp151.4.6 is installed OR libGraphicsMagick++-Q16-12-1.3.29-lp151.4.6 is installed OR libGraphicsMagick++-devel-1.3.29-lp151.4.6 is installed OR libGraphicsMagick-Q16-3-1.3.29-lp151.4.6 is installed OR libGraphicsMagick3-config-1.3.29-lp151.4.6 is installed OR libGraphicsMagickWand-Q16-2-1.3.29-lp151.4.6 is installed OR perl-GraphicsMagick-1.3.29-lp151.4.6 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 11 SP3 is installed AND Package Information MozillaFirefox-24.3.0esr-0.8 is installed OR MozillaFirefox-branding-SLED-24-0.7 is installed OR MozillaFirefox-translations-24.3.0esr-0.8 is installed OR libfreebl3-3.15.4-0.7 is installed OR libfreebl3-32bit-3.15.4-0.7 is installed OR libsoftokn3-3.15.4-0.7 is installed OR libsoftokn3-32bit-3.15.4-0.7 is installed OR mozilla-nss-3.15.4-0.7 is installed OR mozilla-nss-32bit-3.15.4-0.7 is installed OR mozilla-nss-tools-3.15.4-0.7 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 11 SP4 is installed AND Package Information libsndfile-1.0.20-2.10 is installed OR libsndfile-32bit-1.0.20-2.10 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP3 is installed AND Package Information krb5-1.12.5-40.16 is installed OR krb5-32bit-1.12.5-40.16 is installed OR krb5-client-1.12.5-40.16 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP4 is installed AND Package Information gstreamer-0_10-plugins-base-0.10.36-17 is installed OR gstreamer-0_10-plugins-base-32bit-0.10.36-17 is installed OR gstreamer-0_10-plugins-base-lang-0.10.36-17 is installed OR libgstapp-0_10-0-0.10.36-17 is installed OR libgstapp-0_10-0-32bit-0.10.36-17 is installed OR libgstinterfaces-0_10-0-0.10.36-17 is installed OR libgstinterfaces-0_10-0-32bit-0.10.36-17 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1 is installed AND mailx-12.5-25 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information kernel-default-3.12.74-60.64.45 is installed OR kernel-default-base-3.12.74-60.64.45 is installed OR kernel-default-devel-3.12.74-60.64.45 is installed OR kernel-default-man-3.12.74-60.64.45 is installed OR kernel-devel-3.12.74-60.64.45 is installed OR kernel-macros-3.12.74-60.64.45 is installed OR kernel-source-3.12.74-60.64.45 is installed OR kernel-syms-3.12.74-60.64.45 is installed OR kernel-xen-3.12.74-60.64.45 is installed OR kernel-xen-base-3.12.74-60.64.45 is installed OR kernel-xen-devel-3.12.74-60.64.45 is installed OR kgraft-patch-3_12_74-60_64_45-default-1-4 is installed OR kgraft-patch-3_12_74-60_64_45-xen-1-4 is installed OR kgraft-patch-SLE12-SP1_Update_16-1-4 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information colord-gtk-lang-0.1.26-6 is installed OR libcolord-gtk1-0.1.26-6 is installed OR libcolord2-1.3.3-10 is installed OR libcolord2-32bit-1.3.3-10 is installed OR libcolorhug2-1.3.3-10 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-BCL is installed AND clamav-0.103.0-33.32.1 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information libdcerpc-binding0-4.4.2-38.25 is installed OR libdcerpc-binding0-32bit-4.4.2-38.25 is installed OR libdcerpc0-4.4.2-38.25 is installed OR libdcerpc0-32bit-4.4.2-38.25 is installed OR libndr-krb5pac0-4.4.2-38.25 is installed OR libndr-krb5pac0-32bit-4.4.2-38.25 is installed OR libndr-nbt0-4.4.2-38.25 is installed OR libndr-nbt0-32bit-4.4.2-38.25 is installed OR libndr-standard0-4.4.2-38.25 is installed OR libndr-standard0-32bit-4.4.2-38.25 is installed OR libndr0-4.4.2-38.25 is installed OR libndr0-32bit-4.4.2-38.25 is installed OR libnetapi0-4.4.2-38.25 is installed OR libnetapi0-32bit-4.4.2-38.25 is installed OR libsamba-credentials0-4.4.2-38.25 is installed OR libsamba-credentials0-32bit-4.4.2-38.25 is installed OR libsamba-errors0-4.4.2-38.25 is installed OR libsamba-errors0-32bit-4.4.2-38.25 is installed OR libsamba-hostconfig0-4.4.2-38.25 is installed OR libsamba-hostconfig0-32bit-4.4.2-38.25 is installed OR libsamba-passdb0-4.4.2-38.25 is installed OR libsamba-passdb0-32bit-4.4.2-38.25 is installed OR libsamba-util0-4.4.2-38.25 is installed OR libsamba-util0-32bit-4.4.2-38.25 is installed OR libsamdb0-4.4.2-38.25 is installed OR libsamdb0-32bit-4.4.2-38.25 is installed OR libsmbclient0-4.4.2-38.25 is installed OR libsmbclient0-32bit-4.4.2-38.25 is installed OR libsmbconf0-4.4.2-38.25 is installed OR libsmbconf0-32bit-4.4.2-38.25 is installed OR libsmbldap0-4.4.2-38.25 is installed OR libsmbldap0-32bit-4.4.2-38.25 is installed OR libtevent-util0-4.4.2-38.25 is installed OR libtevent-util0-32bit-4.4.2-38.25 is installed OR libwbclient0-4.4.2-38.25 is installed OR libwbclient0-32bit-4.4.2-38.25 is installed OR samba-4.4.2-38.25 is installed OR samba-client-4.4.2-38.25 is installed OR samba-client-32bit-4.4.2-38.25 is installed OR samba-doc-4.4.2-38.25 is installed OR samba-libs-4.4.2-38.25 is installed OR samba-libs-32bit-4.4.2-38.25 is installed OR samba-winbind-4.4.2-38.25 is installed OR samba-winbind-32bit-4.4.2-38.25 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information perl-5.18.2-12.14 is installed OR perl-32bit-5.18.2-12.14 is installed OR perl-base-5.18.2-12.14 is installed OR perl-doc-5.18.2-12.14 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3 is installed AND ft2demos-2.6.3-7.10 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information dovecot22-2.2.31-19.17 is installed OR dovecot22-backend-mysql-2.2.31-19.17 is installed OR dovecot22-backend-pgsql-2.2.31-19.17 is installed OR dovecot22-backend-sqlite-2.2.31-19.17 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information ibus-1.5.13-15.11 is installed OR ibus-gtk-1.5.13-15.11 is installed OR ibus-gtk3-1.5.13-15.11 is installed OR ibus-lang-1.5.13-15.11 is installed OR libibus-1_0-5-1.5.13-15.11 is installed OR typelib-1_0-IBus-1_0-1.5.13-15.11 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information krb5-appl-1.0.3-3.3 is installed OR krb5-appl-clients-1.0.3-3.3 is installed OR krb5-appl-servers-1.0.3-3.3 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information libopenssl-devel-1.0.2j-60.46 is installed OR libopenssl1_0_0-1.0.2j-60.46 is installed OR libopenssl1_0_0-32bit-1.0.2j-60.46 is installed OR libopenssl1_0_0-hmac-1.0.2j-60.46 is installed OR libopenssl1_0_0-hmac-32bit-1.0.2j-60.46 is installed OR openssl-1.0.2j-60.46 is installed OR openssl-doc-1.0.2j-60.46 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information libXxf86vm1-1.1.3-3 is installed OR libXxf86vm1-32bit-1.1.3-3 is installed
Definition Synopsis
SUSE OpenStack Cloud 6 is installed AND Package Information dnsmasq-2.71-13 is installed OR dnsmasq-utils-2.71-13 is installed
Definition Synopsis
SUSE OpenStack Cloud 7 is installed AND mailman-2.1.17-3.3 is installed
Definition Synopsis
SUSE OpenStack Cloud 8 is installed AND Package Information ardana-monasca-8.0+git.1535031421.9262a47-3.12 is installed OR ardana-spark-8.0+git.1534267176.a5f3a22-3.6 is installed OR kafka-0.10.2.2-5.6 is installed OR openstack-monasca-api-2.2.1~dev24-3.6 is installed OR python-monasca-api-2.2.1~dev24-3.6 is installed
Definition Synopsis
SUSE OpenStack Cloud 9 is installed AND python-Twisted-15.2.1-9.8 is installed
Definition Synopsis
SUSE OpenStack Cloud Crowbar 9 is installed AND python-urllib3-1.23-3.6 is installed

BACK