Explore top 10 tips to secure your open-source projects now. Read More
×
This update for clamav fixes the following issues: - Update to 0.103.0 to implement jsc#ECO-3010 and bsc#1118459 - This update incorporates incompatible changes that were introduced in version 0.101.0. - Accumulated security fixes: * CVE-2020-3350: Fix a vulnerability wherein a malicious user could replace a scan target's directory with a symlink to another path to trick clamscan, clamdscan, or clamonacc into removing or moving a different file (eg. a critical system file). The issue would affect users that use the --move or --remove options for clamscan, clamdscan, and clamonacc. (bsc#1174255) * CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing module in ClamAV 0.102.3 that could cause a Denial-of-Service (DoS) condition. Improper bounds checking results in an
#1118459 #1171981 #1174250 #1174255 ECO-3010
Cross- CVE-2020-3123 CVE-2020-3327 CVE-2020-3341
CVE-2020-3350 CVE-2020-3481
Affected Products:
SUSE Linux Enterprise Server 11-SP4-LTSS
SUSE Linux Enterprise Point of Sale 11-SP3
SUSE Linux Enterprise Debuginfo 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP3
https://www.suse.com/security/cve/CVE-2020-3123.html
https://www.suse.com/security/cve/CVE-2020-3327.html
https://www.suse.com/security/cve/CVE-2020-3341.html
https://www.suse.com/security/cve/CVE-2020-3350.html
https://www.suse.com/security/cve/CVE-2020-3481.html
https://bugzilla.suse.com/1118459
https://bugzilla.suse.com/1171981
https://bugzilla.suse.com/1174250
https://bugzilla.suse.com/1174255
Get the latest Linux and open source security news straight to your inbox.