You are here
Home > Preporuke > Sigurnosni propusti programskog paketa clamav

Sigurnosni propusti programskog paketa clamav

by ncert - 0

openSUSE Security Update: Security update for clamav
______________________________________________________________________________

Announcement ID: openSUSE-SU-2014:1679-1
Rating: important
References: #903489 #904207 #906077
Cross-References: CVE-2013-6497
Affected Products:
openSUSE Evergreen 11.4
______________________________________________________________________________

An update that solves one vulnerability and has two fixes
is now available.

Description:

clamav was updated to version 0.98.5 to fix two security issues.

These security issues were fixed:
– Segmentation fault when processing certain files (CVE-2013-6497).
– Heap-based buffer overflow when scanning crypted PE files
(CVE-2014-9050).

The following non-security issues were fixed:
– Support for the XDP file format and extracting, decoding, and scanning
PDF files within XDP files.
– Addition of shared library support for LLVM versions 3.1 – 3.5 for the
purpose of just-in-time(JIT) compilation of ClamAV bytecode signatures.
– Enhancements to the clambc command line utility to assist ClamAV
bytecode signature authors by providing introspection into compiled
bytecode programs.
– Resolution of many of the warning messages from ClamAV compilation.
– Improved detection of malicious PE files.
– ClamAV 0.98.5 now works with OpenSSL in FIPS compliant mode (bnc#904207).
– Fix server socket setup code in clamd (bnc#903489).

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– openSUSE Evergreen 11.4:

zypper in -t patch 2014-94

To bring your system up-to-date, use “zypper patch”.

Package List:

– openSUSE Evergreen 11.4 (i586 x86_64):

clamav-0.98.5-37.1
clamav-debuginfo-0.98.5-37.1
clamav-debugsource-0.98.5-37.1

– openSUSE Evergreen 11.4 (noarch):

clamav-db-0.98.5-37.1

References:

http://support.novell.com/security/cve/CVE-2013-6497.html
https://bugzilla.suse.com/show_bug.cgi?id=903489
https://bugzilla.suse.com/show_bug.cgi?id=904207
https://bugzilla.suse.com/show_bug.cgi?id=906077


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

ncert
Top
More in Preporuke
Ranjivosti programskog paketa ntp

Otkrivene su dvije ranjivosti programskog paketa ntp za openSUSE. Prva ranjivost posljedica je višestrukih prepisivanja spremnika stoga, što je udaljenim...

Close