Security update for clamav SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2021:3859-1 Final 1 1 2021-12-01T16:03:03Z current 2021-12-01T16:03:03Z 2021-12-01T16:03:03Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for clamav This update for clamav fixes the following issues: - CVE-2018-14679: Fixed off-by-one issue in embedded libmspack that could lead to denial of service (bsc#1103032). - Update to 0.103.4 (bsc#1192346). - Update to 0.103.3 (bsc#1188284). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). HPE-Helion-OpenStack-8-2021-3859,SUSE-2021-3859,SUSE-OpenStack-Cloud-8-2021-3859,SUSE-OpenStack-Cloud-9-2021-3859,SUSE-OpenStack-Cloud-Crowbar-8-2021-3859,SUSE-OpenStack-Cloud-Crowbar-9-2021-3859,SUSE-SLE-SAP-12-SP3-2021-3859,SUSE-SLE-SAP-12-SP4-2021-3859,SUSE-SLE-SERVER-12-SP2-BCL-2021-3859,SUSE-SLE-SERVER-12-SP3-2021-3859,SUSE-SLE-SERVER-12-SP3-BCL-2021-3859,SUSE-SLE-SERVER-12-SP4-LTSS-2021-3859 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2021/suse-su-20213859-1/ Link for SUSE-SU-2021:3859-1 https://lists.suse.com/pipermail/sle-security-updates/2021-December/009804.html E-Mail link for SUSE-SU-2021:3859-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1103032 SUSE Bug 1103032 https://bugzilla.suse.com/1188284 SUSE Bug 1188284 https://bugzilla.suse.com/1192346 SUSE Bug 1192346 https://www.suse.com/security/cve/CVE-2018-14679/ SUSE CVE CVE-2018-14679 page HPE Helion OpenStack 8 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP4-LTSS SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 clamav-0.103.4-33.41.1 clamav-0.103.4-33.41.1 as a component of HPE Helion OpenStack 8 clamav-0.103.4-33.41.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL clamav-0.103.4-33.41.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL clamav-0.103.4-33.41.1 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS clamav-0.103.4-33.41.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS clamav-0.103.4-33.41.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 clamav-0.103.4-33.41.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 clamav-0.103.4-33.41.1 as a component of SUSE OpenStack Cloud 8 clamav-0.103.4-33.41.1 as a component of SUSE OpenStack Cloud 9 clamav-0.103.4-33.41.1 as a component of SUSE OpenStack Cloud Crowbar 8 clamav-0.103.4-33.41.1 as a component of SUSE OpenStack Cloud Crowbar 9 An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash). CVE-2018-14679 HPE Helion OpenStack 8:clamav-0.103.4-33.41.1 SUSE Linux Enterprise Server 12 SP2-BCL:clamav-0.103.4-33.41.1 SUSE Linux Enterprise Server 12 SP3-BCL:clamav-0.103.4-33.41.1 SUSE Linux Enterprise Server 12 SP3-LTSS:clamav-0.103.4-33.41.1 SUSE Linux Enterprise Server 12 SP4-LTSS:clamav-0.103.4-33.41.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:clamav-0.103.4-33.41.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:clamav-0.103.4-33.41.1 SUSE OpenStack Cloud 8:clamav-0.103.4-33.41.1 SUSE OpenStack Cloud 9:clamav-0.103.4-33.41.1 SUSE OpenStack Cloud Crowbar 8:clamav-0.103.4-33.41.1 SUSE OpenStack Cloud Crowbar 9:clamav-0.103.4-33.41.1 low 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 4.4 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20213859-1/ https://www.suse.com/security/cve/CVE-2018-14679.html CVE-2018-14679 https://bugzilla.suse.com/1102922 SUSE Bug 1102922 https://bugzilla.suse.com/1103032 SUSE Bug 1103032 https://bugzilla.suse.com/1103040 SUSE Bug 1103040