Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 584
Alerts This Week
Warning Icon 1 584

SUSE: 2021:14592-1 Moderate: ClamAV DoS Threats Resolution

suse
Calendar Grey January 5, 2021
Scroller Suse
A new release for ClamAV addressing multiple bugs has been issued for SUSE distributions. Discover more details about the improvements.
An update that fixes 5 vulnerabilities, contains one feature is now available

Summary

This update for clamav fixes the following issues: - Update to 0.103.0 to implement jsc#ECO-3010 and bsc#1118459 - This update incorporates incompatible changes that were introduced in version 0.101.0. - Accumulated security fixes: * CVE-2020-3350: Fix a vulnerability wherein a malicious user could replace a scan target's directory with a symlink to another path to trick clamscan, clamdscan, or clamonacc into removing or moving a different file (eg. a critical system file). The issue would affect users that use the --move or --remove options for clamscan, clamdscan, and clamonacc. (bsc#1174255) * CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing module in ClamAV 0.102.3 that could cause a Denial-of-Service (DoS) condition. Improper bounds checking results in an

References

#1118459 #1171981 #1174250 #1174255 ECO-3010

Cross- CVE-2020-3123 CVE-2020-3327 CVE-2020-3341

CVE-2020-3350 CVE-2020-3481

Affected Products:

SUSE Linux Enterprise Server 11-SP4-LTSS

SUSE Linux Enterprise Point of Sale 11-SP3

SUSE Linux Enterprise Debuginfo 11-SP4

SUSE Linux Enterprise Debuginfo 11-SP3

https://www.suse.com/security/cve/CVE-2020-3123.html

https://www.suse.com/security/cve/CVE-2020-3327.html

https://www.suse.com/security/cve/CVE-2020-3341.html

https://www.suse.com/security/cve/CVE-2020-3350.html

https://www.suse.com/security/cve/CVE-2020-3481.html

https://bugzilla.suse.com/1118459

https://bugzilla.suse.com/1171981

https://bugzilla.suse.com/1174250

https://bugzilla.suse.com/1174255

Announcement ID: SUSE-SU-2021:14592-1
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.