| Revision Date: | 2018-08-14 | Version: | 1 |
| Title: | Security update for clamav (Moderate) |
| Description: |
This update for clamav to version 0.100.1 fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-0360: HWP integer overflow, infinite loop vulnerability (bsc#1101410) - CVE-2018-0361: PDF object length check, unreasonably long time to parse relatively small file (bsc#1101412) - CVE-2018-1000085: Fixed a out-of-bounds heap read in XAR parser (bsc#1082858) - CVE-2018-14679: Libmspack heap buffer over-read in CHM parser (bsc#1103040) - Buffer over-read in unRAR code due to missing max value checks in table initialization - PDF parser bugs
The following other changes were made:
- Disable YARA support for licensing reasons (bsc#1101654). - Add HTTPS support for clamsubmit - Fix for DNS resolution for users on IPv4-only machines where IPv6 is not available or is link-local only
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | 1082858
1101410
1101412
1101654
1103040
CVE-2018-0360
CVE-2018-0361
CVE-2018-1000085
CVE-2018-14679
SUSE-SU-2018:2323-1
|
| Platform(s): | SUSE Linux Enterprise Server 12 SP3
| Product(s): | |
| Definition Synopsis |
| SUSE Linux Enterprise Server 12 SP3 is installed AND clamav-0.100.1-33.15.2 is installed
|