Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 543
Alerts This Week
Warning Icon 1 543

openSUSE: 2018:3505-1 Moderate: ClamAV DoS Threat Resolution

opensuse
Calendar Grey October 27, 2018
Dist Opensuse Esm H88
A recent update for clamav on openSUSE addresses several vulnerabilities, most notably a severe Denial of Service (DoS) threat.
An update that fixes four vulnerabilities is now available.

Description

This update for clamav fixes the following issues:

clamav was updated to version 0.100.2:

- CVE-2018-15378: Vulnerability in ClamAV's MEW unpacking feature that

could allow an unauthenticated, remote attacker to cause a denial of

service (DoS) condition on an affected device. (bsc#1110723)

- CVE-2018-14680, CVE-2018-14681, CVE-2018-14682: more fixes for embedded

libmspack. (bsc#1103040)

- Make freshclam more robust against lagging signature mirrors.

- On-Access "Extra Scanning", an opt-in minor feature of OnAccess scanning

on Linux systems, has been disabled due to a known issue with resource

cleanup OnAccessExtraScanning will be re-enabled in a future release

when the issue is resolved. In the mean-time, users who enabled the

feature in clamd.conf will see a warning informing them that the feature

is not active. For details, see:

- Restore exit code compatibility of freshclam with versions before

0.100.0 when...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-1310=1

Package List

- openSUSE Leap 42.3 (x86_64):

clamav-0.100.2-32.1

clamav-debuginfo-0.100.2-32.1

clamav-debugsource-0.100.2-32.1

References

https://www.suse.com/security/cve/CVE-2018-14680.html

https://www.suse.com/security/cve/CVE-2018-14681.html

https://www.suse.com/security/cve/CVE-2018-14682.html

https://www.suse.com/security/cve/CVE-2018-15378.html

https://bugzilla.suse.com/1103040

https://bugzilla.suse.com/1104457

https://bugzilla.suse.com/1110723

--

Announcement ID: openSUSE-SU-2018:3505-1
Rating: moderate
Affected Products: openSUSE Leap 42.3

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.