openSUSE Leap 15.1: 2020:2268-1 Moderate: ClamAV DoS Problems
opensuse
December 17, 2020
An update that fixes 14 vulnerabilities is now available
Description
This update for clamav fixes the following issues:
clamav was updated to the new major release 0.103.0.
(jsc#ECO-3010,bsc#1118459)
Note that libclamav was changed incompatible, if you have a 3rd party
application that uses libclamav, it needs to be rebuilt.
Update to 0.103.0
* clamd can now reload the signature database without blocking scanning.
This multi-threaded database reload improvement was made possible thanks
to a community effort.
- Non-blocking database reloads are now the default behavior. Some
systems that are more constrained on RAM may need to disable
non-blocking reloads as it will temporarily consume two times as much
memory. We added a new clamd config option ConcurrentDatabaseReload,
which may be set to no.
* Fix clamav-milter.service (requires clamd.service to run)
Update to 0.102.4
* CVE-2020-3350: Fix a vulnerability wherein a malicious user could
...
Read the Full Advisory
Topics Covered
Patch
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.1:
zypper in -t patch openSUSE-2020-2268=1
Package List
- openSUSE Leap 15.1 (x86_64):
clamav-0.103.0-lp151.2.12.1
clamav-debuginfo-0.103.0-lp151.2.12.1
clamav-debugsource-0.103.0-lp151.2.12.1
clamav-devel-0.103.0-lp151.2.12.1
libclamav9-0.103.0-lp151.2.12.1
libclamav9-debuginfo-0.103.0-lp151.2.12.1
libfreshclam2-0.103.0-lp151.2.12.1
libfreshclam2-debuginfo-0.103.0-lp151.2.12.1
References
https://www.suse.com/security/cve/CVE-2019-12625.html
https://www.suse.com/security/cve/CVE-2019-12900.html
https://www.suse.com/security/cve/CVE-2019-15961.html
https://www.suse.com/security/cve/CVE-2019-1785.html
https://www.suse.com/security/cve/CVE-2019-1786.html
https://www.suse.com/security/cve/CVE-2019-1787.html
https://www.suse.com/security/cve/CVE-2019-1788.html
https://www.suse.com/security/cve/CVE-2019-1789.html
https://www.suse.com/security/cve/CVE-2019-1798.html
https://www.suse.com/security/cve/CVE-2020-3123.html
https://www.suse.com/security/cve/CVE-2020-3327.html
https://www.suse.com/security/cve/CVE-2020-3341.html
https://www.suse.com/security/cve/CVE-2020-3350.html
https://www.suse.com/security/cve/CVE-2020-3481.html
https://bugzilla.suse.com/1104457
https://bugzilla.suse.com/1118459
https://bugzilla.suse.com/1130721
https://bugzilla.suse.com/1144504
https://bugzilla.suse.com/1149458
https://bugzilla.suse.com/1157763
openSUSE Security Announce mailing list --...
Read the Full Advisory
PREVIOUS
NEXT
Announcement ID: openSUSE-SU-2020:2268-1
Rating: moderate
Affected Products:
openSUSE Leap 15.1
.
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!