Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

SUSE: 2021:14692-1 Important Update For ClamAV Security Issues

suse
Calendar Grey April 14, 2021
Dist Suse Esm H88
SUSE Security Patch for ClamAV addresses various vulnerabilities. Apply the update promptly to ensure system security and efficiency.
An update that solves three vulnerabilities and has one errata is now available

Summary

This update for clamav fixes the following issues: - CVE-2021-1252: Fix for Excel XLM parser infinite loop. (bsc#1184532) - CVE-2021-1404: Fix for PDF parser buffer over-read; possible crash. (bsc#1184533) - CVE-2021-1405: Fix for mail parser NULL-dereference crash. (bsc#1184534) - Fix errors when scanning files > 4G (bsc#1181256) - Update clamav.keyring - Update to 0.103.2 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-clamav-14692=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-clamav-14692=1 - SUSE Linux Enterprise Debuginfo 11-SP4:

Topics%20covered

Topics Covered

security advisory buffer overflow malware protection SUSE clamav important update

References

#1181256 #1184532 #1184533 #1184534

Cross- CVE-2021-1252 CVE-2021-1404 CVE-2021-1405

CVSS scores:

CVE-2021-1252 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2021-1404 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2021-1405 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

SUSE Linux Enterprise Server 11-SP4-LTSS

SUSE Linux Enterprise Point of Sale 11-SP3

SUSE Linux Enterprise Debuginfo 11-SP4

SUSE Linux Enterprise Debuginfo 11-SP3

https://www.suse.com/security/cve/CVE-2021-1252.html

https://www.suse.com/security/cve/CVE-2021-1404.html

https://www.suse.com/security/cve/CVE-2021-1405.html

https://bugzilla.suse.com/1181256

https://bugzilla.suse.com/1184532

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2021:14692-1
Rating: important

Topics%20covered

Topics Covered

security advisory buffer overflow malware protection SUSE clamav important update

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here