Security update for clamav
Announcement ID: | SUSE-SU-2015:0188-1 |
---|---|
Rating: | moderate |
References: | |
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves two vulnerabilities and has five security fixes can now be installed.
Description:
Clamav was updated to version 0.98.5:
-
Support for the XDP file format and extracting, decoding, and scanning PDF files within XDP files.
-
Addition of shared library support for LLVM versions 3.1 - 3.5 for the purpose of just-in-time(JIT) compilation of ClamAV bytecode signatures.
- Enhancements to the clambc command line utility to assist ClamAV bytecode signature authors by providing introspection into compiled bytecode programs.
- Resolution of many of the warning messages from ClamAV compilation.
- Improved detection of malicious PE files (bnc#906770, CVE-2014-9050)
- Security fix for ClamAV crash when using 'clamscan -a'.
- Security fix for ClamAV crash when scanning maliciously crafted yoda's crypter files (bnc#906077, CVE-2013-6497).
- ClamAV 0.98.5 now works with OpenSSL in FIPS compliant mode (bnc#904207).
-
Fix server socket setup code in clamd (bnc#903489).
-
Change updateclamconf to prefer the state of the old config file even for commented-out options (bnc#903719) (bnc#908731).
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Linux Enterprise Desktop 12
zypper in -t patch SUSE-SLE-DESKTOP-12-2015-49=1
-
SUSE Linux Enterprise Server 12
zypper in -t patch SUSE-SLE-SERVER-12-2015-49=1
-
SUSE Linux Enterprise Server for SAP Applications 12
zypper in -t patch SUSE-SLE-SERVER-12-2015-49=1
Package List:
-
SUSE Linux Enterprise Desktop 12 (x86_64)
- clamav-debuginfo-0.98.5-6.1
- clamav-debugsource-0.98.5-6.1
- clamav-0.98.5-6.1
-
SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64)
- clamav-debuginfo-0.98.5-6.1
- clamav-debugsource-0.98.5-6.1
- clamav-0.98.5-6.1
-
SUSE Linux Enterprise Server for SAP Applications 12 (x86_64)
- clamav-debuginfo-0.98.5-6.1
- clamav-debugsource-0.98.5-6.1
- clamav-0.98.5-6.1
References:
- https://www.suse.com/security/cve/CVE-2013-6497.html
- https://www.suse.com/security/cve/CVE-2014-9050.html
- https://bugzilla.suse.com/show_bug.cgi?id=903489
- https://bugzilla.suse.com/show_bug.cgi?id=903719
- https://bugzilla.suse.com/show_bug.cgi?id=904207
- https://bugzilla.suse.com/show_bug.cgi?id=906077
- https://bugzilla.suse.com/show_bug.cgi?id=906770
- https://bugzilla.suse.com/show_bug.cgi?id=908731
- https://bugzilla.suse.com/show_bug.cgi?id=914505