| Revision Date: | 2019-11-26 | Version: | 1 |
| Title: | Security update for clamav (Moderate) |
| Description: |
This update for clamav fixes the following issues:
Security issue fixed:
- CVE-2019-12625: Fixed a ZIP bomb issue by adding detection and heuristics for zips with overlapping files (bsc#1144504). - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1149458).
Non-security issues fixed:
- Added the --max-scantime clamscan option and MaxScanTime clamd configuration option (bsc#1144504). - Increased the startup timeout of clamd to 5 minutes to cater for the grown virus database as a workaround until clamd has learned to talk to systemd to extend the timeout as long as needed (bsc#1151839).
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | 1144504
1149458
1151839
CVE-2019-12625
CVE-2019-12900
SUSE-SU-2019:3066-1
|
| Platform(s): | SUSE Linux Enterprise Server 12 SP3-LTSS
| Product(s): | |
| Definition Synopsis |
| SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND clamav-0.100.3-33.26.1 is installed
|