Oval Definition:	oval:org.opensuse.security:def:60153
Revision Date: 2020-12-09 Version: 1 Title: Security update for clamav (Important) Description: This update for clamav fixes the following issues: clamav was updated to 0.103.0 to implement jsc#ECO-3010 and bsc#1118459. clamd can now reload the signature database without blocking scanning. This multi-threaded database reload improvement was made possible thanks to a community effort. - Non-blocking database reloads are now the default behavior. Some systems that are more constrained on RAM may need to disable non-blocking reloads as it will temporarily consume two times as much memory. We added a new clamd config option ConcurrentDatabaseReload, which may be set to no. * Fix clamav-milter.service (requires clamd.service to run) * Fix freshclam crash in FIPS mode. (bsc#1119353) Update to version 0.102.4: Accumulated security fixes: CVE-2020-3350: Fix a vulnerability wherein a malicious user could replace a scan target's directory with a symlink to another path to trick clamscan, clamdscan, or clamonacc into removing or moving a different file (eg. a critical system file). The issue would affect users that use the --move or --remove options for clamscan, clamdscan, and clamonacc. (bsc#1174255) * CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing module in ClamAV 0.102.3 that could cause a Denial-of-Service (DoS) condition. Improper bounds checking results in an out-of-bounds read which could cause a crash. The previous fix for this CVE in 0.102.3 was incomplete. This fix correctly resolves the issue. * CVE-2020-3481: Fix a vulnerability in the EGG archive module in ClamAV 0.102.0 - 0.102.3 could cause a Denial-of-Service (DoS) condition. Improper error handling may result in a crash due to a NULL pointer dereference. This vulnerability is mitigated for those using the official ClamAV signature databases because the file type signatures in daily.cvd will not enable the EGG archive parser in versions affected by the vulnerability. (bsc#1174250) * CVE-2020-3341: Fix a vulnerability in the PDF parsing module in ClamAV 0.101 - 0.102.2 that could cause a Denial-of-Service (DoS) condition. Improper size checking of a buffer used to initialize AES decryption routines results in an out-of-bounds read which may cause a crash. (bsc#1171981) * CVE-2020-3123: A denial-of-service (DoS) condition may occur when using the optional credit card data-loss-prevention (DLP) feature. Improper bounds checking of an unsigned variable resulted in an out-of-bounds read, which causes a crash. * CVE-2019-15961: A Denial-of-Service (DoS) vulnerability may occur when scanning a specially crafted email file as a result of excessively long scan times. The issue is resolved by implementing several maximums in parsing MIME messages and by optimizing use of memory allocation. (bsc#1157763). * CVE-2019-12900: An out of bounds write in the NSIS bzip2 (bsc#1149458) * CVE-2019-12625: Introduce a configurable time limit to mitigate zip bomb vulnerability completely. Default is 2 minutes, configurable useing the clamscan --max-scantime and for clamd using the MaxScanTime config option (bsc#1144504) - Increase the startup timeout of clamd to 5 minutes to cater for the grown virus database as a workaround until clamd has learned to talk to systemd to extend the timeout as long as needed. (bsc#1151839) Family: unix Class: patch Status: Reference(s): 1013721 1013877 1023616 1026652 1043055 1043886 1048576 1053043 1057342 1066223 1093414 1094555 1108382 1109137 1111188 1118459 1119086 1119353 1120902 1121263 1125580 1126961 1127155 1129770 1131335 1131336 1131645 1132390 1133140 1133190 1133191 1133738 1134395 1135642 1136598 1136889 1136922 1136935 1137004 1137194 1137739 1137749 1137752 1137915 1138291 1138293 1138374 1138681 1139751 1140575 1140577 1144504 1144902 1149332 1149458 1150734 1151839 1157198 1157763 1165784 1168630 1171878 1171924 1171981 1172085 1172515 1173100 1173659 1173661 1173663 1173867 1173869 1173942 1173963 1174247 1174250 1174255 1176013 1176315 1177914 CVE-2010-2522 CVE-2010-2523 CVE-2012-3466 CVE-2014-7204 CVE-2016-1521 CVE-2016-1523 CVE-2016-1526 CVE-2016-7837 CVE-2016-9800 CVE-2016-9804 CVE-2017-1000250 CVE-2017-5436 CVE-2017-9788 CVE-2018-20836 CVE-2019-0155 CVE-2019-10126 CVE-2019-10218 CVE-2019-10638 CVE-2019-10639 CVE-2019-11487 CVE-2019-11599 CVE-2019-12380 CVE-2019-12456 CVE-2019-12614 CVE-2019-12625 CVE-2019-12818 CVE-2019-12819 CVE-2019-12900 CVE-2019-14895 CVE-2019-14901 CVE-2019-15961 CVE-2019-16746 CVE-2019-18680 CVE-2019-19447 CVE-2019-3688 CVE-2019-3690 CVE-2019-9458 CVE-2020-10029 CVE-2020-11668 CVE-2020-14331 CVE-2020-15999 CVE-2020-17507 CVE-2020-3123 CVE-2020-3327 CVE-2020-3341 CVE-2020-3350 CVE-2020-3481 CVE-2020-6819 CVE-2020-6820 SUSE-SU-2017:1961-1 SUSE-SU-2018:0510-1 SUSE-SU-2018:1778-1 SUSE-SU-2019:1852-1 SUSE-SU-2019:2890-1 SUSE-SU-2019:3180-1 SUSE-SU-2020:2497-1 SUSE-SU-2020:2998-1 SUSE-SU-2020:3024-1 SUSE-SU-2020:3729-1 Platform(s): openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND Package Information ldb-1.2.3-lp150.7 is installed OR ldb-tools-1.2.3-lp150.7 is installed OR libldb-devel-1.2.3-lp150.7 is installed OR libldb1-1.2.3-lp150.7 is installed OR libldb1-32bit-1.2.3-lp150.7 is installed OR python-ldb-1.2.3-lp150.7 is installed OR python-ldb-32bit-1.2.3-lp150.7 is installed OR python-ldb-devel-1.2.3-lp150.7 is installed OR python3-ldb-1.2.3-lp150.7 is installed OR python3-ldb-32bit-1.2.3-lp150.7 is installed OR python3-ldb-devel-1.2.3-lp150.7 is installed Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information MozillaThunderbird-60.7.2-lp151.2.7 is installed OR MozillaThunderbird-buildsymbols-60.7.2-lp151.2.7 is installed OR MozillaThunderbird-translations-common-60.7.2-lp151.2.7 is installed OR MozillaThunderbird-translations-other-60.7.2-lp151.2.7 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information libQt5Concurrent5-5.6.1-17.16 is installed OR libQt5Core5-5.6.1-17.16 is installed OR libQt5DBus5-5.6.1-17.16 is installed OR libQt5Gui5-5.6.1-17.16 is installed OR libQt5Network5-5.6.1-17.16 is installed OR libQt5OpenGL5-5.6.1-17.16 is installed OR libQt5PrintSupport5-5.6.1-17.16 is installed OR libQt5Sql5-5.6.1-17.16 is installed OR libQt5Sql5-mysql-5.6.1-17.16 is installed OR libQt5Sql5-postgresql-5.6.1-17.16 is installed OR libQt5Sql5-sqlite-5.6.1-17.16 is installed OR libQt5Sql5-unixODBC-5.6.1-17.16 is installed OR libQt5Test5-5.6.1-17.16 is installed OR libQt5Widgets5-5.6.1-17.16 is installed OR libQt5Xml5-5.6.1-17.16 is installed OR libqt5-qtbase-5.6.1-17.16 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND ctags-5.8-7 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information dpdk-16.11.9-8.15 is installed OR dpdk-kmp-default-16.11.9_k4.4.180_94.127-8.15 is installed OR dpdk-tools-16.11.9-8.15 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND permissions-2015.09.28.1626-17.20 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND permissions-2015.09.28.1626-17.20 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information libgcrypt-1.6.1-16.58 is installed OR libgcrypt20-1.6.1-16.58 is installed OR libgcrypt20-32bit-1.6.1-16.58 is installed OR libgcrypt20-hmac-1.6.1-16.58 is installed OR libgcrypt20-hmac-32bit-1.6.1-16.58 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information dbus-1-glib-0.100.2-3 is installed OR dbus-1-glib-32bit-0.100.2-3 is installed Definition Synopsis Release Information SUSE Linux Enterprise Server 12 SP5 is installed AND clamav-0.103.0-3.3.1 is installed OR Package Information SUSE Linux Enterprise Server for SAP Applications 12 SP5 is installed AND clamav-0.103.0-3.3.1 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND Package Information kernel-default-4.4.180-94.100 is installed OR kernel-default-base-4.4.180-94.100 is installed OR kernel-default-devel-4.4.180-94.100 is installed OR kernel-devel-4.4.180-94.100 is installed OR kernel-macros-4.4.180-94.100 is installed OR kernel-source-4.4.180-94.100 is installed OR kernel-syms-4.4.180-94.100 is installed OR kgraft-patch-4_4_180-94_100-default-1-4.3 is installed OR kgraft-patch-SLE12-SP3_Update_27-1-4.3 is installed Definition Synopsis SUSE OpenStack Cloud 9 is installed AND python-Django1-1.11.20-3.6 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information libdcerpc-binding0-4.6.16+git.169.064abe062be-3.46 is installed OR libdcerpc-binding0-32bit-4.6.16+git.169.064abe062be-3.46 is installed OR libdcerpc0-4.6.16+git.169.064abe062be-3.46 is installed OR libdcerpc0-32bit-4.6.16+git.169.064abe062be-3.46 is installed OR libndr-krb5pac0-4.6.16+git.169.064abe062be-3.46 is installed OR libndr-krb5pac0-32bit-4.6.16+git.169.064abe062be-3.46 is installed OR libndr-nbt0-4.6.16+git.169.064abe062be-3.46 is installed OR libndr-nbt0-32bit-4.6.16+git.169.064abe062be-3.46 is installed OR libndr-standard0-4.6.16+git.169.064abe062be-3.46 is installed OR libndr-standard0-32bit-4.6.16+git.169.064abe062be-3.46 is installed OR libndr0-4.6.16+git.169.064abe062be-3.46 is installed OR libndr0-32bit-4.6.16+git.169.064abe062be-3.46 is installed OR libnetapi0-4.6.16+git.169.064abe062be-3.46 is installed OR libnetapi0-32bit-4.6.16+git.169.064abe062be-3.46 is installed OR libsamba-credentials0-4.6.16+git.169.064abe062be-3.46 is installed OR libsamba-credentials0-32bit-4.6.16+git.169.064abe062be-3.46 is installed OR libsamba-errors0-4.6.16+git.169.064abe062be-3.46 is installed OR libsamba-errors0-32bit-4.6.16+git.169.064abe062be-3.46 is installed OR libsamba-hostconfig0-4.6.16+git.169.064abe062be-3.46 is installed OR libsamba-hostconfig0-32bit-4.6.16+git.169.064abe062be-3.46 is installed OR libsamba-passdb0-4.6.16+git.169.064abe062be-3.46 is installed OR libsamba-passdb0-32bit-4.6.16+git.169.064abe062be-3.46 is installed OR libsamba-util0-4.6.16+git.169.064abe062be-3.46 is installed OR libsamba-util0-32bit-4.6.16+git.169.064abe062be-3.46 is installed OR libsamdb0-4.6.16+git.169.064abe062be-3.46 is installed OR libsamdb0-32bit-4.6.16+git.169.064abe062be-3.46 is installed OR libsmbclient0-4.6.16+git.169.064abe062be-3.46 is installed OR libsmbclient0-32bit-4.6.16+git.169.064abe062be-3.46 is installed OR libsmbconf0-4.6.16+git.169.064abe062be-3.46 is installed OR libsmbconf0-32bit-4.6.16+git.169.064abe062be-3.46 is installed OR libsmbldap0-4.6.16+git.169.064abe062be-3.46 is installed OR libsmbldap0-32bit-4.6.16+git.169.064abe062be-3.46 is installed OR libtevent-util0-4.6.16+git.169.064abe062be-3.46 is installed OR libtevent-util0-32bit-4.6.16+git.169.064abe062be-3.46 is installed OR libwbclient0-4.6.16+git.169.064abe062be-3.46 is installed OR libwbclient0-32bit-4.6.16+git.169.064abe062be-3.46 is installed OR samba-4.6.16+git.169.064abe062be-3.46 is installed OR samba-client-4.6.16+git.169.064abe062be-3.46 is installed OR samba-client-32bit-4.6.16+git.169.064abe062be-3.46 is installed OR samba-doc-4.6.16+git.169.064abe062be-3.46 is installed OR samba-libs-4.6.16+git.169.064abe062be-3.46 is installed OR samba-libs-32bit-4.6.16+git.169.064abe062be-3.46 is installed OR samba-winbind-4.6.16+git.169.064abe062be-3.46 is installed OR samba-winbind-32bit-4.6.16+git.169.064abe062be-3.46 is installed
BACK