Oval Definition:oval:org.opensuse.security:def:56343
Revision Date:2020-12-01Version:1
Title:Security update for clamav (Important)
Description:

This update for clamav fixes the following issues:

- Update to security release 0.99.3 (bsc#1077732) * CVE-2017-12376 (ClamAV Buffer Overflow in handle_pdfname Vulnerability) * CVE-2017-12377 (ClamAV Mew Packet Heap Overflow Vulnerability) * CVE-2017-12379 (ClamAV Buffer Overflow in messageAddArgument Vulnerability) - these vulnerabilities could have allowed an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. * CVE-2017-12374 (ClamAV use-after-free Vulnerabilities) * CVE-2017-12375 (ClamAV Buffer Overflow Vulnerability) * CVE-2017-12378 (ClamAV Buffer Over Read Vulnerability) * CVE-2017-12380 (ClamAV Null Dereference Vulnerability) - these vulnerabilities could have allowed an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. * CVE-2017-6420 (bsc#1052448) - this vulnerability could have allowed remote attackers to cause a denial of service (use-after-free) via a crafted PE file with WWPack compression. * CVE-2017-6419 (bsc#1052449) - ClamAV could have allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file. * CVE-2017-11423 (bsc#1049423) - ClamAV could have allowed remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file. * CVE-2017-6418 (bsc#1052466) - ClamAV could have allowed remote attackers to cause a denial of service (out-of-bounds read) via a crafted e-mail message. - update upstream keys in the keyring

- provide and obsolete clamav-nodb to trigger it's removal in Leap bsc#1040662
Family:unixClass:patch
Status:Reference(s):1013669
1031702
1037396
1040311
1040312
1040313
1040662
1041764
1049423
1050577
1050578
1050579
1050581
1052311
1052368
1052448
1052449
1052466
1055960
1065083
1069222
1069226
1073313
1077732
1145092
CVE-2009-0799
CVE-2009-0800
CVE-2009-1179
CVE-2009-1180
CVE-2009-1181
CVE-2009-1182
CVE-2009-1183
CVE-2009-1187
CVE-2009-1188
CVE-2009-3607
CVE-2009-3608
CVE-2010-3430
CVE-2010-3431
CVE-2010-3853
CVE-2011-3148
CVE-2011-3149
CVE-2011-3602
CVE-2012-3466
CVE-2013-1788
CVE-2013-1789
CVE-2013-1790
CVE-2013-4473
CVE-2013-4474
CVE-2014-2583
CVE-2014-4362
CVE-2014-6051
CVE-2014-6052
CVE-2014-6053
CVE-2014-6054
CVE-2014-6055
CVE-2014-6272
CVE-2014-7819
CVE-2015-1038
CVE-2016-2335
CVE-2016-9811
CVE-2017-1000112
CVE-2017-11423
CVE-2017-11624
CVE-2017-11625
CVE-2017-11626
CVE-2017-11627
CVE-2017-12374
CVE-2017-12375
CVE-2017-12376
CVE-2017-12377
CVE-2017-12378
CVE-2017-12379
CVE-2017-12380
CVE-2017-12595
CVE-2017-17740
CVE-2017-6418
CVE-2017-6419
CVE-2017-6420
CVE-2017-8816
CVE-2017-8817
CVE-2017-9208
CVE-2017-9209
CVE-2017-9210
CVE-2017-9287
CVE-2019-10208
SUSE-SU-2017:0189-1
SUSE-SU-2017:2437-1
SUSE-SU-2018:0122-1
SUSE-SU-2018:0255-1
SUSE-SU-2018:3066-1
SUSE-SU-2019:2159-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE OpenStack Cloud 6
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud Crowbar 9
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • cron-4.2-lp150.2 is installed
  • OR cronie-1.5.1-lp150.2 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • expat-2.2.5-lp151.3.3 is installed
  • OR libexpat-devel-2.2.5-lp151.3.3 is installed
  • OR libexpat-devel-32bit-2.2.5-lp151.3.3 is installed
  • OR libexpat1-2.2.5-lp151.3.3 is installed
  • OR libexpat1-32bit-2.2.5-lp151.3.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP2 is installed
  • AND clamav-0.99.3-33.5 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1 is installed
  • AND davfs2-1.5.2-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1-LTSS is installed
  • AND Package Information
  • kgraft-patch-3_12_69-60_64_29-default-7-2 is installed
  • OR kgraft-patch-3_12_69-60_64_29-xen-7-2 is installed
  • OR kgraft-patch-SLE12-SP1_Update_12-7-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND Package Information
  • gnome-keyring-3.20.0-27 is installed
  • OR gnome-keyring-32bit-3.20.0-27 is installed
  • OR gnome-keyring-lang-3.20.0-27 is installed
  • OR gnome-keyring-pam-3.20.0-27 is installed
  • OR gnome-keyring-pam-32bit-3.20.0-27 is installed
  • OR libgck-modules-gnome-keyring-3.20.0-27 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • java-1_7_1-ibm-1.7.1_sr4.30-38.26 is installed
  • OR java-1_7_1-ibm-alsa-1.7.1_sr4.30-38.26 is installed
  • OR java-1_7_1-ibm-devel-1.7.1_sr4.30-38.26 is installed
  • OR java-1_7_1-ibm-jdbc-1.7.1_sr4.30-38.26 is installed
  • OR java-1_7_1-ibm-plugin-1.7.1_sr4.30-38.26 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • kgraft-patch-4_4_103-92_56-default-12-2 is installed
  • OR kgraft-patch-SLE12-SP2_Update_17-12-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND ucode-intel-20180703-13.25 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • apache2-mod_apparmor-2.8.2-49 is installed
  • OR apparmor-docs-2.8.2-49 is installed
  • OR apparmor-parser-2.8.2-49 is installed
  • OR apparmor-profiles-2.8.2-49 is installed
  • OR apparmor-utils-2.8.2-49 is installed
  • OR libapparmor1-2.8.2-49 is installed
  • OR libapparmor1-32bit-2.8.2-49 is installed
  • OR pam_apparmor-2.8.2-49 is installed
  • OR pam_apparmor-32bit-2.8.2-49 is installed
  • OR perl-apparmor-2.8.2-49 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • kgraft-patch-4_4_178-94_91-default-5-2 is installed
  • OR kgraft-patch-SLE12-SP3_Update_25-5-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • libwireshark9-2.4.16-48.51 is installed
  • OR libwiretap7-2.4.16-48.51 is installed
  • OR libwscodecs1-2.4.16-48.51 is installed
  • OR libwsutil8-2.4.16-48.51 is installed
  • OR wireshark-2.4.16-48.51 is installed
  • OR wireshark-gtk-2.4.16-48.51 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • dracut-044.1-9 is installed
  • OR dracut-fips-044.1-9 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 6 is installed
  • AND ruby2.1-rubygem-sprockets-2_11-2.11.3-1 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND clamav-0.100.2-33.18 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 9 is installed
  • AND python-urllib3-1.23-3.6 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND nodejs6-6.17.0-11.27 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 9 is installed
  • AND Package Information
  • mariadb-10.2.25-3.19 is installed
  • OR mariadb-galera-10.2.25-3.19 is installed
    • BACK