openSUSE 11.4: 2014:1680-2 Critical: New Vulnerability in OpenSSH
opensuse
December 21, 2014
An update that solves one vulnerability and has two fixes An update that solves one vulnerability and has two fixes An update that solves one vulnerability and has two fixes is now...
Description
clamav was updated to version 0.98.5 to fix two security issues.
These security issues were fixed:
- Segmentation fault when processing certain files (CVE-2013-6497).
- Heap-based buffer overflow when scanning crypted PE files
(CVE-2014-9050).
The following non-security issues were fixed:
- Support for the XDP file format and extracting, decoding, and scanning
PDF files within XDP files.
- Addition of shared library support for LLVM versions 3.1 - 3.5 for the
purpose of just-in-time(JIT) compilation of ClamAV bytecode signatures.
- Enhancements to the clambc command line utility to assist ClamAV
bytecode signature authors by providing introspection into compiled
bytecode programs.
- Resolution of many of the warning messages from ClamAV compilation.
- Improved detection of malicious PE files.
- ClamAV 0.98.5 now works with OpenSSL in FIPS compliant mode (bnc#904207).
- Fix server socket setup code in clamd (bnc#903489).
Read the Full Advisory
Topics Covered
Patch
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE Evergreen 11.4:
zypper in -t patch 2014-94
To bring your system up-to-date, use "zypper patch".
Package List
- openSUSE Evergreen 11.4 (i586 x86_64):
clamav-0.98.5-37.1
clamav-debuginfo-0.98.5-37.1
clamav-debugsource-0.98.5-37.1
- openSUSE Evergreen 11.4 (noarch):
clamav-db-0.98.5-37.1
References
https://www.suse.com/security/cve/CVE-2013-6497.html
https://bugzilla.suse.com/show_bug.cgi?id=903489
https://bugzilla.suse.com/show_bug.cgi?id=904207
https://bugzilla.suse.com/show_bug.cgi?id=906077
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2014:1679-1
Rating: important
Affected Products:
openSUSE Evergreen 11.4
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!