Security update for clamav SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2022:0493-1 Final 1 1 2022-02-18T09:38:13Z current 2022-02-18T09:38:13Z 2022-02-18T09:38:13Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for clamav This update for clamav fixes the following issues: - CVE-2022-20698: Fixed invalid pointer read allowing denial of service crash. (bsc#1194731) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2022-493,SUSE-SLE-Module-Basesystem-15-SP3-2022-493,SUSE-SLE-Module-Basesystem-15-SP4-2022-493,SUSE-SLE-Product-HPC-15-2022-493,SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-493,SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-493,SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-493,SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-493,SUSE-SLE-Product-RT-15-SP2-2022-493,SUSE-SLE-Product-SLES-15-2022-493,SUSE-SLE-Product-SLES-15-SP1-BCL-2022-493,SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-493,SUSE-SLE-Product-SLES-15-SP2-BCL-2022-493,SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-493,SUSE-SLE-Product-SLES_SAP-15-2022-493,SUSE-SLE-Product-SLES_SAP-15-SP1-2022-493,SUSE-SLE-Product-SLES_SAP-15-SP2-2022-493,SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-493,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-493,SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-493,SUSE-Storage-6-2022-493,SUSE-Storage-7-2022-493 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2022/suse-su-20220493-1/ Link for SUSE-SU-2022:0493-1 https://lists.suse.com/pipermail/sle-security-updates/2022-February/010270.html E-Mail link for SUSE-SU-2022:0493-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1194731 SUSE Bug 1194731 https://www.suse.com/security/cve/CVE-2022-20698/ SUSE CVE CVE-2022-20698 page SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Module for Basesystem 15 SP3 SUSE Linux Enterprise Real Time 15 SP2 SUSE Linux Enterprise Server 15 SP1-BCL SUSE Linux Enterprise Server 15 SP1-LTSS SUSE Linux Enterprise Server 15 SP2-BCL SUSE Linux Enterprise Server 15 SP2-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 clamav-0.103.5-3.35.1 clamav-devel-0.103.5-3.35.1 libclamav9-0.103.5-3.35.1 libfreshclam2-0.103.5-3.35.1 clamav-0.103.5-3.35.1 as a component of SUSE Enterprise Storage 6 clamav-devel-0.103.5-3.35.1 as a component of SUSE Enterprise Storage 6 libclamav9-0.103.5-3.35.1 as a component of SUSE Enterprise Storage 6 libfreshclam2-0.103.5-3.35.1 as a component of SUSE Enterprise Storage 6 clamav-0.103.5-3.35.1 as a component of SUSE Enterprise Storage 7 clamav-devel-0.103.5-3.35.1 as a component of SUSE Enterprise Storage 7 libclamav9-0.103.5-3.35.1 as a component of SUSE Enterprise Storage 7 libfreshclam2-0.103.5-3.35.1 as a component of SUSE Enterprise Storage 7 clamav-0.103.5-3.35.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS clamav-devel-0.103.5-3.35.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS libclamav9-0.103.5-3.35.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS libfreshclam2-0.103.5-3.35.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS clamav-0.103.5-3.35.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS clamav-devel-0.103.5-3.35.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS libclamav9-0.103.5-3.35.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS libfreshclam2-0.103.5-3.35.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS clamav-0.103.5-3.35.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS clamav-devel-0.103.5-3.35.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS libclamav9-0.103.5-3.35.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS libfreshclam2-0.103.5-3.35.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS clamav-0.103.5-3.35.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS clamav-devel-0.103.5-3.35.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS libclamav9-0.103.5-3.35.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS libfreshclam2-0.103.5-3.35.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS clamav-0.103.5-3.35.1 as a component of SUSE Linux Enterprise High Performance Computing 15-ESPOS clamav-devel-0.103.5-3.35.1 as a component of SUSE Linux Enterprise High Performance Computing 15-ESPOS libclamav9-0.103.5-3.35.1 as a component of SUSE Linux Enterprise High Performance Computing 15-ESPOS libfreshclam2-0.103.5-3.35.1 as a component of SUSE Linux Enterprise High Performance Computing 15-ESPOS clamav-0.103.5-3.35.1 as a component of SUSE Linux Enterprise High Performance Computing 15-LTSS clamav-devel-0.103.5-3.35.1 as a component of SUSE Linux Enterprise High Performance Computing 15-LTSS libclamav9-0.103.5-3.35.1 as a component of SUSE Linux Enterprise High Performance Computing 15-LTSS libfreshclam2-0.103.5-3.35.1 as a component of SUSE Linux Enterprise High Performance Computing 15-LTSS clamav-0.103.5-3.35.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP3 clamav-devel-0.103.5-3.35.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP3 libclamav9-0.103.5-3.35.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP3 libfreshclam2-0.103.5-3.35.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP3 clamav-0.103.5-3.35.1 as a component of SUSE Linux Enterprise Real Time 15 SP2 clamav-devel-0.103.5-3.35.1 as a component of SUSE Linux Enterprise Real Time 15 SP2 libclamav9-0.103.5-3.35.1 as a component of SUSE Linux Enterprise Real Time 15 SP2 libfreshclam2-0.103.5-3.35.1 as a component of SUSE Linux Enterprise Real Time 15 SP2 clamav-0.103.5-3.35.1 as a component of SUSE Linux Enterprise Server 15 SP1-BCL clamav-devel-0.103.5-3.35.1 as a component of SUSE Linux Enterprise Server 15 SP1-BCL libclamav9-0.103.5-3.35.1 as a component of SUSE Linux Enterprise Server 15 SP1-BCL libfreshclam2-0.103.5-3.35.1 as a component of SUSE Linux Enterprise Server 15 SP1-BCL clamav-0.103.5-3.35.1 as a component of SUSE Linux Enterprise Server 15 SP1-LTSS clamav-devel-0.103.5-3.35.1 as a component of SUSE Linux Enterprise Server 15 SP1-LTSS libclamav9-0.103.5-3.35.1 as a component of SUSE Linux Enterprise Server 15 SP1-LTSS libfreshclam2-0.103.5-3.35.1 as a component of SUSE Linux Enterprise Server 15 SP1-LTSS clamav-0.103.5-3.35.1 as a component of SUSE Linux Enterprise Server 15 SP2-BCL clamav-devel-0.103.5-3.35.1 as a component of SUSE Linux Enterprise Server 15 SP2-BCL libclamav9-0.103.5-3.35.1 as a component of SUSE Linux Enterprise Server 15 SP2-BCL libfreshclam2-0.103.5-3.35.1 as a component of SUSE Linux Enterprise Server 15 SP2-BCL clamav-0.103.5-3.35.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS clamav-devel-0.103.5-3.35.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS libclamav9-0.103.5-3.35.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS libfreshclam2-0.103.5-3.35.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS clamav-0.103.5-3.35.1 as a component of SUSE Linux Enterprise Server 15-LTSS clamav-devel-0.103.5-3.35.1 as a component of SUSE Linux Enterprise Server 15-LTSS libclamav9-0.103.5-3.35.1 as a component of SUSE Linux Enterprise Server 15-LTSS libfreshclam2-0.103.5-3.35.1 as a component of SUSE Linux Enterprise Server 15-LTSS clamav-0.103.5-3.35.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 clamav-devel-0.103.5-3.35.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 libclamav9-0.103.5-3.35.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 libfreshclam2-0.103.5-3.35.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 clamav-0.103.5-3.35.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 clamav-devel-0.103.5-3.35.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 libclamav9-0.103.5-3.35.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 libfreshclam2-0.103.5-3.35.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 clamav-0.103.5-3.35.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 clamav-devel-0.103.5-3.35.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 libclamav9-0.103.5-3.35.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 libfreshclam2-0.103.5-3.35.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 clamav-0.103.5-3.35.1 as a component of SUSE Manager Proxy 4.1 clamav-devel-0.103.5-3.35.1 as a component of SUSE Manager Proxy 4.1 libclamav9-0.103.5-3.35.1 as a component of SUSE Manager Proxy 4.1 libfreshclam2-0.103.5-3.35.1 as a component of SUSE Manager Proxy 4.1 clamav-0.103.5-3.35.1 as a component of SUSE Manager Retail Branch Server 4.1 clamav-devel-0.103.5-3.35.1 as a component of SUSE Manager Retail Branch Server 4.1 libclamav9-0.103.5-3.35.1 as a component of SUSE Manager Retail Branch Server 4.1 libfreshclam2-0.103.5-3.35.1 as a component of SUSE Manager Retail Branch Server 4.1 clamav-0.103.5-3.35.1 as a component of SUSE Manager Server 4.1 clamav-devel-0.103.5-3.35.1 as a component of SUSE Manager Server 4.1 libclamav9-0.103.5-3.35.1 as a component of SUSE Manager Server 4.1 libfreshclam2-0.103.5-3.35.1 as a component of SUSE Manager Server 4.1 A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper checks that may result in an invalid pointer read. An attacker could exploit this vulnerability by sending a crafted OOXML file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition. CVE-2022-20698 SUSE Enterprise Storage 6:clamav-0.103.5-3.35.1 SUSE Enterprise Storage 6:clamav-devel-0.103.5-3.35.1 SUSE Enterprise Storage 6:libclamav9-0.103.5-3.35.1 SUSE Enterprise Storage 6:libfreshclam2-0.103.5-3.35.1 SUSE Enterprise Storage 7:clamav-0.103.5-3.35.1 SUSE Enterprise Storage 7:clamav-devel-0.103.5-3.35.1 SUSE Enterprise Storage 7:libclamav9-0.103.5-3.35.1 SUSE Enterprise Storage 7:libfreshclam2-0.103.5-3.35.1 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:clamav-0.103.5-3.35.1 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:clamav-devel-0.103.5-3.35.1 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libclamav9-0.103.5-3.35.1 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libfreshclam2-0.103.5-3.35.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:clamav-0.103.5-3.35.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:clamav-devel-0.103.5-3.35.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libclamav9-0.103.5-3.35.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libfreshclam2-0.103.5-3.35.1 SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:clamav-0.103.5-3.35.1 SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:clamav-devel-0.103.5-3.35.1 SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:libclamav9-0.103.5-3.35.1 SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:libfreshclam2-0.103.5-3.35.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:clamav-0.103.5-3.35.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:clamav-devel-0.103.5-3.35.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libclamav9-0.103.5-3.35.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libfreshclam2-0.103.5-3.35.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:clamav-0.103.5-3.35.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:clamav-devel-0.103.5-3.35.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:libclamav9-0.103.5-3.35.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:libfreshclam2-0.103.5-3.35.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:clamav-0.103.5-3.35.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:clamav-devel-0.103.5-3.35.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:libclamav9-0.103.5-3.35.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:libfreshclam2-0.103.5-3.35.1 SUSE Linux Enterprise Module for Basesystem 15 SP3:clamav-0.103.5-3.35.1 SUSE Linux Enterprise Module for Basesystem 15 SP3:clamav-devel-0.103.5-3.35.1 SUSE Linux Enterprise Module for Basesystem 15 SP3:libclamav9-0.103.5-3.35.1 SUSE Linux Enterprise Module for Basesystem 15 SP3:libfreshclam2-0.103.5-3.35.1 SUSE Linux Enterprise Real Time 15 SP2:clamav-0.103.5-3.35.1 SUSE Linux Enterprise Real Time 15 SP2:clamav-devel-0.103.5-3.35.1 SUSE Linux Enterprise Real Time 15 SP2:libclamav9-0.103.5-3.35.1 SUSE Linux Enterprise Real Time 15 SP2:libfreshclam2-0.103.5-3.35.1 SUSE Linux Enterprise Server 15 SP1-BCL:clamav-0.103.5-3.35.1 SUSE Linux Enterprise Server 15 SP1-BCL:clamav-devel-0.103.5-3.35.1 SUSE Linux Enterprise Server 15 SP1-BCL:libclamav9-0.103.5-3.35.1 SUSE Linux Enterprise Server 15 SP1-BCL:libfreshclam2-0.103.5-3.35.1 SUSE Linux Enterprise Server 15 SP1-LTSS:clamav-0.103.5-3.35.1 SUSE Linux Enterprise Server 15 SP1-LTSS:clamav-devel-0.103.5-3.35.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libclamav9-0.103.5-3.35.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libfreshclam2-0.103.5-3.35.1 SUSE Linux Enterprise Server 15 SP2-BCL:clamav-0.103.5-3.35.1 SUSE Linux Enterprise Server 15 SP2-BCL:clamav-devel-0.103.5-3.35.1 SUSE Linux Enterprise Server 15 SP2-BCL:libclamav9-0.103.5-3.35.1 SUSE Linux Enterprise Server 15 SP2-BCL:libfreshclam2-0.103.5-3.35.1 SUSE Linux Enterprise Server 15 SP2-LTSS:clamav-0.103.5-3.35.1 SUSE Linux Enterprise Server 15 SP2-LTSS:clamav-devel-0.103.5-3.35.1 SUSE Linux Enterprise Server 15 SP2-LTSS:libclamav9-0.103.5-3.35.1 SUSE Linux Enterprise Server 15 SP2-LTSS:libfreshclam2-0.103.5-3.35.1 SUSE Linux Enterprise Server 15-LTSS:clamav-0.103.5-3.35.1 SUSE Linux Enterprise Server 15-LTSS:clamav-devel-0.103.5-3.35.1 SUSE Linux Enterprise Server 15-LTSS:libclamav9-0.103.5-3.35.1 SUSE Linux Enterprise Server 15-LTSS:libfreshclam2-0.103.5-3.35.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:clamav-0.103.5-3.35.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:clamav-devel-0.103.5-3.35.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libclamav9-0.103.5-3.35.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libfreshclam2-0.103.5-3.35.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:clamav-0.103.5-3.35.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:clamav-devel-0.103.5-3.35.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:libclamav9-0.103.5-3.35.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:libfreshclam2-0.103.5-3.35.1 SUSE Linux Enterprise Server for SAP Applications 15:clamav-0.103.5-3.35.1 SUSE Linux Enterprise Server for SAP Applications 15:clamav-devel-0.103.5-3.35.1 SUSE Linux Enterprise Server for SAP Applications 15:libclamav9-0.103.5-3.35.1 SUSE Linux Enterprise Server for SAP Applications 15:libfreshclam2-0.103.5-3.35.1 SUSE Manager Proxy 4.1:clamav-0.103.5-3.35.1 SUSE Manager Proxy 4.1:clamav-devel-0.103.5-3.35.1 SUSE Manager Proxy 4.1:libclamav9-0.103.5-3.35.1 SUSE Manager Proxy 4.1:libfreshclam2-0.103.5-3.35.1 SUSE Manager Retail Branch Server 4.1:clamav-0.103.5-3.35.1 SUSE Manager Retail Branch Server 4.1:clamav-devel-0.103.5-3.35.1 SUSE Manager Retail Branch Server 4.1:libclamav9-0.103.5-3.35.1 SUSE Manager Retail Branch Server 4.1:libfreshclam2-0.103.5-3.35.1 SUSE Manager Server 4.1:clamav-0.103.5-3.35.1 SUSE Manager Server 4.1:clamav-devel-0.103.5-3.35.1 SUSE Manager Server 4.1:libclamav9-0.103.5-3.35.1 SUSE Manager Server 4.1:libfreshclam2-0.103.5-3.35.1 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20220493-1/ https://www.suse.com/security/cve/CVE-2022-20698.html CVE-2022-20698 https://bugzilla.suse.com/1194731 SUSE Bug 1194731