Oval Definition:oval:org.opensuse.security:def:57392
Revision Date:2020-12-22Version:1
Title:Security update for clamav (Important)
Description:

This update for clamav fixes the following issues:

clamav was updated to 0.103.0 to implement jsc#ECO-3010 and bsc#1118459.

clamd can now reload the signature database without blocking scanning. This multi-threaded database reload improvement was made possible thanks to a community effort. - Non-blocking database reloads are now the default behavior. Some systems that are more constrained on RAM may need to disable non-blocking reloads as it will temporarily consume two times as much memory. We added a new clamd config option ConcurrentDatabaseReload, which may be set to no. * Fix clamav-milter.service (requires clamd.service to run) * bsc#1119353, clamav-fips.patch: Fix freshclam crash in FIPS mode. * Partial sync with SLE15.

Update to version 0.102.4

Accumulated security fixes:

CVE-2020-3350: Fix a vulnerability wherein a malicious user could replace a scan target's directory with a symlink to another path to trick clamscan, clamdscan, or clamonacc into removing or moving a different file (eg. a critical system file). The issue would affect users that use the --move or --remove options for clamscan, clamdscan, and clamonacc. (bsc#1174255) * CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing module in ClamAV 0.102.3 that could cause a Denial-of-Service (DoS) condition. Improper bounds checking results in an out-of-bounds read which could cause a crash. The previous fix for this CVE in 0.102.3 was incomplete. This fix correctly resolves the issue. * CVE-2020-3481: Fix a vulnerability in the EGG archive module in ClamAV 0.102.0 - 0.102.3 could cause a Denial-of-Service (DoS) condition. Improper error handling may result in a crash due to a NULL pointer dereference. This vulnerability is mitigated for those using the official ClamAV signature databases because the file type signatures in daily.cvd will not enable the EGG archive parser in versions affected by the vulnerability. (bsc#1174250) * CVE-2020-3341: Fix a vulnerability in the PDF parsing module in ClamAV 0.101 - 0.102.2 that could cause a Denial-of-Service (DoS) condition. Improper size checking of a buffer used to initialize AES decryption routines results in an out-of-bounds read which may cause a crash. (bsc#1171981) * CVE-2020-3123: A denial-of-service (DoS) condition may occur when using the optional credit card data-loss-prevention (DLP) feature. Improper bounds checking of an unsigned variable resulted in an out-of-bounds read, which causes a crash. * CVE-2019-15961: A Denial-of-Service (DoS) vulnerability may occur when scanning a specially crafted email file as a result of excessively long scan times. The issue is resolved by implementing several maximums in parsing MIME messages and by optimizing use of memory allocation. (bsc#1157763). * CVE-2019-12900: An out of bounds write in the NSIS bzip2 (bsc#1149458) * CVE-2019-12625: Introduce a configurable time limit to mitigate zip bomb vulnerability completely. Default is 2 minutes, configurable useing the clamscan --max-scantime and for clamd using the MaxScanTime config option (bsc#1144504)

Update to version 0.101.3:

ZIP bomb causes extreme CPU spikes (bsc#1144504)

Update to version 0.101.2 (bsc#1118459):

Support for RAR v5 archive extraction. * Incompatible changes to the arguments of cl_scandesc, cl_scandesc_callback, and cl_scanmap_callback. * Scanning options have been converted from a single flag bit-field into a structure of multiple categorized flag bit-fields. * The CL_SCAN_HEURISTIC_ENCRYPTED scan option was replaced by 2 new scan options: CL_SCAN_HEURISTIC_ENCRYPTED_ARCHIVE, and CL_SCAN_HEURISTIC_ENCRYPTED_DOC * Incompatible clamd.conf and command line interface changes. * Heuristic Alerts' (aka 'Algorithmic Detection') options have been changed to make the names more consistent. The original options are deprecated in 0.101, and will be removed in a future feature release. * For details, see https://blog.clamav.net/2018/12/clamav-01010-has-been-released.html
Family:unixClass:patch
Status:Reference(s):1061041
1073230
1076017
1076957
1083302
1083303
1083488
1085114
1085447
1088268
1090036
1118459
1119353
1123156
1128829
1128963
1144504
1146873
1149458
1149496
1149811
1152856
1154212
1155419
1157763
1160471
1161066
1162202
1163018
1166240
1170441
1170940
1171981
1174250
1174255
875647
881241
890623
897874
CVE-2014-5351
CVE-2014-8137
CVE-2014-8138
CVE-2014-8157
CVE-2014-8158
CVE-2014-9029
CVE-2015-3294
CVE-2016-1000031
CVE-2016-10708
CVE-2017-0861
CVE-2017-13166
CVE-2017-14867
CVE-2018-1000004
CVE-2018-1000199
CVE-2018-1068
CVE-2018-5732
CVE-2018-5733
CVE-2018-7566
CVE-2019-12068
CVE-2019-12900
CVE-2019-15681
CVE-2019-15690
CVE-2019-15890
CVE-2019-15961
CVE-2019-18634
CVE-2019-20788
CVE-2019-2894
CVE-2019-2933
CVE-2019-2945
CVE-2019-2949
CVE-2019-2958
CVE-2019-2962
CVE-2019-2964
CVE-2019-2973
CVE-2019-2978
CVE-2019-2981
CVE-2019-2983
CVE-2019-2987
CVE-2019-2988
CVE-2019-2989
CVE-2019-2992
CVE-2019-2999
CVE-2019-5482
CVE-2019-6778
CVE-2020-1711
CVE-2020-1983
CVE-2020-3123
CVE-2020-3327
CVE-2020-3341
CVE-2020-3350
CVE-2020-3481
CVE-2020-7039
CVE-2020-8608
SUSE-SU-2017:2747-1
SUSE-SU-2018:0812-1
SUSE-SU-2018:1012-1
SUSE-SU-2018:1021-1
SUSE-SU-2018:1266-1
SUSE-SU-2018:2530-1
SUSE-SU-2019:1214-1
SUSE-SU-2019:2339-2
SUSE-SU-2019:3084-1
SUSE-SU-2020:0407-1
SUSE-SU-2020:1165-1
SUSE-SU-2020:1514-1
SUSE-SU-2020:3918-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • kio-extras5-17.12.3-lp150.1 is installed
  • OR kio-extras5-lang-17.12.3-lp150.1 is installed
  • OR libkioarchive5-17.12.3-lp150.1 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • MozillaThunderbird-60.7.2-lp151.2.7 is installed
  • OR MozillaThunderbird-buildsymbols-60.7.2-lp151.2.7 is installed
  • OR MozillaThunderbird-translations-common-60.7.2-lp151.2.7 is installed
  • OR MozillaThunderbird-translations-other-60.7.2-lp151.2.7 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP3 is installed
  • AND Package Information
  • krb5-1.6.3-133.49.64 is installed
  • OR krb5-32bit-1.6.3-133.49.64 is installed
  • OR krb5-client-1.6.3-133.49.64 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1-LTSS is installed
  • AND Package Information
  • kgraft-patch-3_12_74-60_64_40-default-10-2 is installed
  • OR kgraft-patch-3_12_74-60_64_40-xen-10-2 is installed
  • OR kgraft-patch-SLE12-SP1_Update_15-10-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND dnsmasq-2.71-10 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • java-1_7_1-ibm-1.7.1_sr4.35-38.29 is installed
  • OR java-1_7_1-ibm-alsa-1.7.1_sr4.35-38.29 is installed
  • OR java-1_7_1-ibm-devel-1.7.1_sr4.35-38.29 is installed
  • OR java-1_7_1-ibm-jdbc-1.7.1_sr4.35-38.29 is installed
  • OR java-1_7_1-ibm-plugin-1.7.1_sr4.35-38.29 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • perl-5.18.2-12.14 is installed
  • OR perl-32bit-5.18.2-12.14 is installed
  • OR perl-base-5.18.2-12.14 is installed
  • OR perl-doc-5.18.2-12.14 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND Package Information
  • openssh-7.2p2-74.25 is installed
  • OR openssh-askpass-gnome-7.2p2-74.25 is installed
  • OR openssh-fips-7.2p2-74.25 is installed
  • OR openssh-helpers-7.2p2-74.25 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • gdm-3.10.0.1-52 is installed
  • OR gdm-lang-3.10.0.1-52 is installed
  • OR gdmflexiserver-3.10.0.1-52 is installed
  • OR libgdm1-3.10.0.1-52 is installed
  • OR typelib-1_0-Gdm-1_0-3.10.0.1-52 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND clamav-0.103.0-33.32.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND atftp-0.7.0-160.8 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • coreutils-8.25-13.7 is installed
  • OR coreutils-lang-8.25-13.7 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND Package Information
  • jakarta-commons-fileupload-1.1.1-122.3 is installed
  • OR jakarta-commons-fileupload-javadoc-1.1.1-122.3 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND Package Information
  • libsolv-0.6.36-2.16 is installed
  • OR libsolv-tools-0.6.36-2.16 is installed
  • OR libzypp-16.20.0-2.39 is installed
  • OR perl-solv-0.6.36-2.16 is installed
  • OR python-solv-0.6.36-2.16 is installed
  • OR zypper-1.13.51-21.26 is installed
  • OR zypper-log-1.13.51-21.26 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND Package Information
  • MozillaFirefox-78.0.1-112.3 is installed
  • OR MozillaFirefox-branding-SLE-78-35.3 is installed
  • OR MozillaFirefox-devel-78.0.1-112.3 is installed
  • OR MozillaFirefox-translations-common-78.0.1-112.3 is installed
    • BACK