Security update for clamav

Announcement ID:	SUSE-SU-2015:0188-1
Rating:	moderate
References:	bsc#903489 bsc#903719 bsc#904207 bsc#906077 bsc#906770 bsc#908731 bsc#914505
Cross-References:	CVE-2013-6497 CVE-2014-9050
CVSS scores:
Affected Products:	SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server for SAP Applications 12

An update that solves two vulnerabilities and has five security fixes can now be installed.

Description:

Clamav was updated to version 0.98.5:

• Support for the XDP file format and extracting, decoding, and scanning PDF files within XDP files.

• Addition of shared library support for LLVM versions 3.1 - 3.5 for the purpose of just-in-time(JIT) compilation of ClamAV bytecode signatures.

• Enhancements to the clambc command line utility to assist ClamAV bytecode signature authors by providing introspection into compiled bytecode programs.
• Resolution of many of the warning messages from ClamAV compilation.
• Improved detection of malicious PE files (bnc#906770, CVE-2014-9050)
• Security fix for ClamAV crash when using 'clamscan -a'.
• Security fix for ClamAV crash when scanning maliciously crafted yoda's crypter files (bnc#906077, CVE-2013-6497).
• ClamAV 0.98.5 now works with OpenSSL in FIPS compliant mode (bnc#904207).

• Fix server socket setup code in clamd (bnc#903489).

• Change updateclamconf to prefer the state of the old config file even for commented-out options (bnc#903719) (bnc#908731).

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Desktop 12
  zypper in -t patch SUSE-SLE-DESKTOP-12-2015-49=1
• SUSE Linux Enterprise Server 12
  zypper in -t patch SUSE-SLE-SERVER-12-2015-49=1
• SUSE Linux Enterprise Server for SAP Applications 12
  zypper in -t patch SUSE-SLE-SERVER-12-2015-49=1

Package List:

• SUSE Linux Enterprise Desktop 12 (x86_64)
  • clamav-debuginfo-0.98.5-6.1
  • clamav-debugsource-0.98.5-6.1
  • clamav-0.98.5-6.1
• SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64)
  • clamav-debuginfo-0.98.5-6.1
  • clamav-debugsource-0.98.5-6.1
  • clamav-0.98.5-6.1
• SUSE Linux Enterprise Server for SAP Applications 12 (x86_64)
  • clamav-debuginfo-0.98.5-6.1
  • clamav-debugsource-0.98.5-6.1
  • clamav-0.98.5-6.1

References:

• https://www.suse.com/security/cve/CVE-2013-6497.html
• https://www.suse.com/security/cve/CVE-2014-9050.html
• https://bugzilla.suse.com/show_bug.cgi?id=903489
• https://bugzilla.suse.com/show_bug.cgi?id=903719
• https://bugzilla.suse.com/show_bug.cgi?id=904207
• https://bugzilla.suse.com/show_bug.cgi?id=906077
• https://bugzilla.suse.com/show_bug.cgi?id=906770
• https://bugzilla.suse.com/show_bug.cgi?id=908731
• https://bugzilla.suse.com/show_bug.cgi?id=914505