Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

SUSE: 2024:3305-1 Important: Clamav Security Issues Mitigated

suse
Calendar Grey September 18, 2024
Dist Suse Esm H88
Urgent software patch for clamav tackling two significant vulnerabilities. Ensure safety with this crucial notification.
* bsc#1230161 * bsc#1230162 Cross-References: * CVE-2024-20505

Summary

## This update for clamav fixes the following issues: * Update to version 0.103.12 * CVE-2024-20506: Disable symlinks following to prevent an attacker to corrupt system files. (bsc#1230162) * CVE-2024-20505: Fixed possible out-of-bounds read bug in the PDF file parser. (bsc#1230161) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-3305=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-3305=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-3305=1

Topics%20covered

Topics Covered

security advisory security issue update threat important suse clamav

References

* bsc#1230161

* bsc#1230162

Cross-

* CVE-2024-20505

* CVE-2024-20506

CVSS scores:

* CVE-2024-20505 ( SUSE ): 8.7

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

* CVE-2024-20505 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-20505 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-20505 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

* CVE-2024-20506 ( SUSE ): 6.8

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

* CVE-2024-20506 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N

* CVE-2024-20506 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

* CVE-2024-20506 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Affected Products:

* Basesystem Module 15-SP5

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2024:3305-1
Rating: important

Topics%20covered

Topics Covered

security advisory security issue update threat important suse clamav

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here