{"affected":[{"ecosystem_specific":{"binaries":[{"clamav":"0.98.7-13.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Desktop 12","name":"clamav","purl":"pkg:rpm/suse/clamav&distro=SUSE%20Linux%20Enterprise%20Desktop%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.98.7-13.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"clamav":"0.98.7-13.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12","name":"clamav","purl":"pkg:rpm/suse/clamav&distro=SUSE%20Linux%20Enterprise%20Server%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.98.7-13.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"clamav":"0.98.7-13.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12","name":"clamav","purl":"pkg:rpm/suse/clamav&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.98.7-13.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"The ClamAV antivirus engine was updated to version 0.98.7 to fix several security and non security issues.\n\nThe following vulnerabilities were fixed (bsc#929192):\n* CVE-2015-2170: Fix crash in upx decoder with crafted file. Discovered and patch supplied by Sebastian Andrzej Siewior.\n* CVE-2015-2221: Fix infinite loop condition on crafted y0da cryptor file. Identified and patch suggested by Sebastian Andrzej Siewior.\n* CVE-2015-2222: Fix crash on crafted petite packed file. Reported and patch supplied by Sebastian Andrzej Siewior.\n* CVE-2015-2668: Fix an infinite loop condition on a crafted 'xz' archive file. This was reported by Dimitri Kirchner and Goulven Guiheux.\n* CVE-2015-2305: Apply upstream patch for possible heap overflow in Henry Spencer's regex library.\n","id":"SUSE-SU-2015:0882-2","modified":"2015-05-11T07:27:32Z","published":"2015-05-11T07:27:32Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2015/suse-su-20150882-2/"},{"type":"REPORT","url":"https://bugzilla.suse.com/929192"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-2170"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-2221"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-2222"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-2305"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-2668"}],"related":["CVE-2015-2170","CVE-2015-2221","CVE-2015-2222","CVE-2015-2305","CVE-2015-2668"],"summary":"Security update for clamav","upstream":["CVE-2015-2170","CVE-2015-2221","CVE-2015-2222","CVE-2015-2305","CVE-2015-2668"]}