Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

SUSE: 2019:3066-1 Moderate: Clamav Decompress Issue Fix

suse
Calendar Grey November 26, 2019
Dist Suse Esm H88
SUSE Security Update for clamav addresses two vulnerabilities related to ZIP file handling and decompression issues.
An update that solves two vulnerabilities and has one errata is now available

Summary

This update for clamav fixes the following issues: Security issue fixed: - CVE-2019-12625: Fixed a ZIP bomb issue by adding detection and heuristics for zips with overlapping files (bsc#1144504). - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1149458). Non-security issues fixed: - Added the --max-scantime clamscan option and MaxScanTime clamd configuration option (bsc#1144504). - Increased the startup timeout of clamd to 5 minutes to cater for the grown virus database as a workaround until clamd has learned to talk to systemd to extend the timeout as long as needed (bsc#1151839). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

Topics%20covered

Topics Covered

security advisory moderate clamav SUSE Linux Enterprise SUSE OpenStack SAP decompress issue

References

#1144504 #1149458 #1151839

Cross- CVE-2019-12625 CVE-2019-12900

Affected Products:

SUSE OpenStack Cloud Crowbar 8

SUSE OpenStack Cloud 8

SUSE OpenStack Cloud 7

SUSE Linux Enterprise Server for SAP 12-SP3

SUSE Linux Enterprise Server for SAP 12-SP2

SUSE Linux Enterprise Server for SAP 12-SP1

SUSE Linux Enterprise Server 12-SP4

SUSE Linux Enterprise Server 12-SP3-LTSS

SUSE Linux Enterprise Server 12-SP3-BCL

SUSE Linux Enterprise Server 12-SP2-LTSS

SUSE Linux Enterprise Server 12-SP2-BCL

SUSE Linux Enterprise Server 12-SP1-LTSS

SUSE Linux Enterprise Desktop 12-SP4

SUSE Enterprise Storage 5

HPE Helion Openstack 8

https://www.suse.com/security/cve/CVE-2019-12625.html

https://www.suse.com/securi...

Read the Full Advisory

Announcement ID: SUSE-SU-2019:3066-1
Rating: moderate

Topics%20covered

Topics Covered

security advisory moderate clamav SUSE Linux Enterprise SUSE OpenStack SAP decompress issue

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here