Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 591
Alerts This Week
Warning Icon 1 591

openSUSE Leap 15.0 Advisory 2018:3315-1 Moderate: clamav DoS Fixes

opensuse
Calendar Grey October 23, 2018
Dist Opensuse Esm H88
Updates addressing four security flaws in ClamAV have been released for openSUSE. Safeguard your system by applying this important security patch.
An update that fixes four vulnerabilities is now available.

Description

This update for clamav fixes the following issues:

clamav was updated to version 0.100.2.

Following security issues were fixed:

- CVE-2018-15378: Vulnerability in ClamAV's MEW unpacking feature that

could allow an unauthenticated, remote attacker to cause a denial of

service (DoS) condition on an affected device. (bsc#1110723)

- CVE-2018-14680, CVE-2018-14681, CVE-2018-14682: more fixes for embedded

libmspack. (bsc#1103040)

Following non-security issues were addressed:

- Make freshclam more robust against lagging signature mirrors.

- On-Access "Extra Scanning", an opt-in minor feature of OnAccess scanning

on Linux systems, has been disabled due to a known issue with resource

cleanup OnAccessExtraScanning will be re-enabled in a future release

when the issue is resolved. In the mean-time, users who enabled the

feature in clamd.conf will see a warning informing them that the feature

is not active. For details, see:

...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2018-1227=1

Package List

- openSUSE Leap 15.0 (x86_64):

clamav-0.100.2-lp150.2.6.1

clamav-debuginfo-0.100.2-lp150.2.6.1

clamav-debugsource-0.100.2-lp150.2.6.1

clamav-devel-0.100.2-lp150.2.6.1

libclamav7-0.100.2-lp150.2.6.1

libclamav7-debuginfo-0.100.2-lp150.2.6.1

libclammspack0-0.100.2-lp150.2.6.1

libclammspack0-debuginfo-0.100.2-lp150.2.6.1

References

https://www.suse.com/security/cve/CVE-2018-14680.html

https://www.suse.com/security/cve/CVE-2018-14681.html

https://www.suse.com/security/cve/CVE-2018-14682.html

https://www.suse.com/security/cve/CVE-2018-15378.html

https://bugzilla.suse.com/1103040

https://bugzilla.suse.com/1104457

https://bugzilla.suse.com/1110723

--

Announcement ID: openSUSE-SU-2018:3315-1
Rating: moderate
Affected Products: openSUSE Leap 15.0

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.