Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

SUSE Linux Enterprise: 2025:0325-1 important clamav DoS issues

suse
Calendar Grey February 3, 2025
Dist Suse Esm H88
This safety notice concerns essential enhancements for clamav in SUSE systems, tackling various vulnerabilities and dangers.
* bsc#1102840 * bsc#1103032 * bsc#1180296 * bsc#1202986 * bsc#1211594

Summary

## This update for clamav fixes the following issues: New version 1.4.2: * CVE-2025-20128, bsc#1236307: Fixed a possible buffer overflow read bug in the OLE2 file parser that could cause a denial-of-service (DoS) condition. * Start clamonacc with --fdpass to avoid errors due to clamd not being able to access user files. (bsc#1232242) * New version 1.4.1: * https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html * New version 1.4.0: * Added support for extracting ALZ archives. * Added support for extracting LHA/LZH archives. * Added the ability to disable image fuzzy hashing, if needed. For context, image fuzzy hashing is a detection mechanism useful for identifying malware by matching images included with the malware or phishing email/document.

Topics%20covered

Topics Covered

security advisory denial of service buffer overflow patch important clamav SUSE Linux Enterprise

References

* bsc#1102840

* bsc#1103032

* bsc#1180296

* bsc#1202986

* bsc#1211594

* bsc#1214342

* bsc#1232242

* bsc#1236307

* jsc#PED-4596

* jsc#SMO-494

* jsc#SMO-495

Cross-

* CVE-2018-14679

* CVE-2023-20197

* CVE-2024-20380

* CVE-2024-20505

* CVE-2024-20506

* CVE-2025-20128

CVSS scores:

* CVE-2018-14679 ( SUSE ): 4.4 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

* CVE-2018-14679 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

* CVE-2023-20197 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-20197 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-20380 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-20505 ( SUSE ): 8.7

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:0325-1
Release Date: 2025-02-03T09:39:26Z
Rating: important

Topics%20covered

Topics Covered

security advisory denial of service buffer overflow patch important clamav SUSE Linux Enterprise

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here