Alerts This Week
Warning Icon 1 923
Alerts This Week
Warning Icon 1 923

SUSE: 2023:1848-2 Critical: OpenSSL Vulnerability Patches Released

suse
Calendar Grey May 12, 2022
Dist Suse Esm H88
SUSE Security Patch brings essential resolutions for clamav flaws in SUSE Linux Enterprise Server. Discover further details!
An update that fixes 5 vulnerabilities is now available

Summary

This update for clamav fixes the following issues: - CVE-2022-20770: Fixed a possible infinite loop vulnerability in the CHM file parser (bsc#1199242). - CVE-2022-20796: Fixed a possible NULL-pointer dereference crash in the scan verdict cache check (bsc#1199246). - CVE-2022-20771: Fixed a possible infinite loop vulnerability in the TIFF file parser (bsc#1199244). - CVE-2022-20785: Fixed a possible memory leak in the HTML file parser / Javascript normalizer (bsc#1199245). - CVE-2022-20792: Fixed a possible multi-byte heap buffer overflow write vulnerability in the signature database load module (bsc#1199274). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

Topics%20covered

Topics Covered

security advisory important memory management SUSE infinite loop clamav heap buffer

References

#1199242 #1199244 #1199245 #1199246 #1199274

Cross- CVE-2022-20770 CVE-2022-20771 CVE-2022-20785

CVE-2022-20792 CVE-2022-20796

CVSS scores:

CVE-2022-20770 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2022-20771 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2022-20785 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2022-20792 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-20796 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

SUSE Linux Enterprise Server 12-SP5

https://www.suse.com/security/cve/CVE-2022-20770.html

https://www.suse.com/security/cve/CVE-2022-20771.html

https://www.suse.com/security/cve/CVE-2022-20785.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:1647-1
Rating: important

Topics%20covered

Topics Covered

security advisory important memory management SUSE infinite loop clamav heap buffer

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here