Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 438
Alerts This Week
Warning Icon 1 438

SUSE Linux Enterprise 15: SUSE-SU-2018:3250-1 Moderate: DoS Fix for ClamAV

suse
Calendar Grey October 19, 2018
Dist Suse Esm H88
SUSE Security Patch for clamav addresses four vulnerabilities deemed moderate. Discover the details of the update and how to implement it.
An update that fixes four vulnerabilities is now available

Summary

This update for clamav fixes the following issues: clamav was updated to version 0.100.2. Following security issues were fixed: - CVE-2018-15378: Vulnerability in ClamAV's MEW unpacking feature that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. (bsc#1110723) - CVE-2018-14680, CVE-2018-14681, CVE-2018-14682: more fixes for embedded libmspack. (bsc#1103040) Following non-security issues were addressed: - Make freshclam more robust against lagging signature mirrors. - On-Access "Extra Scanning", an opt-in minor feature of OnAccess scanning on Linux systems, has been disabled due to a known issue with resource cleanup OnAccessExtraScanning will be re-enabled in a future release

References

#1103040 #1104457 #1110723

Cross- CVE-2018-14680 CVE-2018-14681 CVE-2018-14682

CVE-2018-15378

Affected Products:

SUSE Linux Enterprise Module for Basesystem 15

https://www.suse.com/security/cve/CVE-2018-14680.html

https://www.suse.com/security/cve/CVE-2018-14681.html

https://www.suse.com/security/cve/CVE-2018-14682.html

https://www.suse.com/security/cve/CVE-2018-15378.html

https://bugzilla.suse.com/1103040

https://bugzilla.suse.com/1104457

https://bugzilla.suse.com/1110723

Announcement ID: SUSE-SU-2018:3250-1
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.