SUSE: 2021:14850-1 Moderate ClamAV Denial of Service Issue
suse
December 1, 2021
An update that solves one vulnerability and has three fixes is now available
Summary
This update for clamav fixes the following issues: - CVE-2018-14679: Fixed off-by-one issue in embedded libmspack that could lead to denial of service (bsc#1103032). - Update to 0.103.4 (bsc#1192346). - Add documentation about max file size purpose and side effect in the "clamscan" and "clamdscan" manpages (bsc#1187509). - Update to 0.103.3 (bsc#1188284). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-clamav-14850=1 - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-clamav-14850=1 - SUSE Linux Enterprise Point of Sale 11-SP3:
Topics Covered
References
#1103032 #1187509 #1188284 #1192346
Cross- CVE-2018-14679
CVSS scores:
CVE-2018-14679 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2018-14679 (SUSE): 4.4 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
Affected Products:
SUSE Linux Enterprise Server 11-SP4-LTSS
SUSE Linux Enterprise Server 11-SECURITY
SUSE Linux Enterprise Point of Sale 11-SP3
SUSE Linux Enterprise Debuginfo 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP3
https://www.suse.com/security/cve/CVE-2018-14679.html
https://bugzilla.suse.com/1103032
https://bugzilla.suse.com/1187509
https://bugzilla.suse.com/1188284
https://bugzilla.suse.com/1192346
PREVIOUS 
NEXT Announcement ID: SUSE-SU-2021:14850-1
Rating: moderate
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!