Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 495
Alerts This Week
Warning Icon 1 495

SUSE: 2018:3441-1 Moderate: clamav Denial of Service Fix

suse
Calendar Grey October 25, 2018
Dist Suse Esm H88
SUSE Security Update for postgresql: Addresses three vulnerabilities of moderate concern. Implement advised fixes for enhanced security.
An update that fixes four vulnerabilities is now available

Summary

This update for clamav fixes the following issues: Clamav was updated to version 0.100.2: - CVE-2018-15378: Vulnerability in ClamAV's MEW unpacking feature that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. (bsc#1110723) - CVE-2018-14680, CVE-2018-14681, CVE-2018-14682: more fixes for embedded libmspack. (bsc#1103040) * Make freshclam more robust against lagging signature mirrors. * On-Access "Extra Scanning", an opt-in minor feature of OnAccess scanning on Linux systems, has been disabled due to a known issue with resource cleanup OnAccessExtraScanning will be re-enabled in a future release when the issue is resolved. In the mean-time, users who enabled the feature in clamd.conf will see a warning informing them that the feature

References

#1103040 #1104457 #1110723

Cross- CVE-2018-14680 CVE-2018-14681 CVE-2018-14682

CVE-2018-15378

Affected Products:

SUSE Linux Enterprise Server 11-SP4

SUSE Linux Enterprise Server 11-SP3-LTSS

SUSE Linux Enterprise Point of Sale 11-SP3

SUSE Linux Enterprise Debuginfo 11-SP4

SUSE Linux Enterprise Debuginfo 11-SP3

https://www.suse.com/security/cve/CVE-2018-14680.html

https://www.suse.com/security/cve/CVE-2018-14681.html

https://www.suse.com/security/cve/CVE-2018-14682.html

https://www.suse.com/security/cve/CVE-2018-15378.html

https://bugzilla.suse.com/1103040

https://bugzilla.suse.com/1104457

https://bugzilla.suse.com/1110723

Announcement ID: SUSE-SU-2018:3441-1
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.