SuSE Local Security Checks : openSUSE: Security Advisory for clamav (openSUSE-SU-2018:3315-1)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.852069

Categoría: SuSE Local Security Checks

Título: openSUSE: Security Advisory for clamav (openSUSE-SU-2018:3315-1)

Resumen: The remote host is missing an update for the 'clamav'; package(s) announced via the openSUSE-SU-2018:3315-1 advisory.

Descripción: Summary:
The remote host is missing an update for the 'clamav'
package(s) announced via the openSUSE-SU-2018:3315-1 advisory.

Vulnerability Insight:
This update for clamav fixes the following issues:

clamav was updated to version 0.100.2.

The following security issues were fixed:

- CVE-2018-15378: Vulnerability in ClamAV's MEW unpacking feature that
could allow an unauthenticated, remote attacker to cause a denial of
service (DoS) condition on an affected device. (bsc#1110723)

- CVE-2018-14680, CVE-2018-14681, CVE-2018-14682: more fixes for embedded
libmspack. (bsc#1103040)

The following non-security issues were addressed:

- Make freshclam more robust against lagging signature mirrors.

- On-Access 'Extra Scanning', an opt-in minor feature of OnAccess scanning
on Linux systems, has been disabled due to a known issue with resource
cleanup OnAccessExtraScanning will be re-enabled in a future release
when the issue is resolved. In the mean-time, users who enabled the
feature in clamd.conf will see a warning informing them that the feature
is not active.

- Restore exit code compatibility of freshclam with versions before
0.100.0 when the virus database is already up to date (bsc#1104457)

This update was imported from the SUSE:SLE-15:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended
installation methods
like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2018-1227=1

Affected Software/OS:
clamav on openSUSE Leap 15.0.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2018-14680
Common Vulnerability Exposure (CVE) ID: CVE-2018-14681
Common Vulnerability Exposure (CVE) ID: CVE-2018-14682
Common Vulnerability Exposure (CVE) ID: CVE-2018-15378

Copyright Copyright (C) 2018 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.852069
Categoría:	SuSE Local Security Checks
Título:	openSUSE: Security Advisory for clamav (openSUSE-SU-2018:3315-1)
Resumen:	The remote host is missing an update for the 'clamav'; package(s) announced via the openSUSE-SU-2018:3315-1 advisory.
Descripción:	Summary: The remote host is missing an update for the 'clamav' package(s) announced via the openSUSE-SU-2018:3315-1 advisory. Vulnerability Insight: This update for clamav fixes the following issues: clamav was updated to version 0.100.2. The following security issues were fixed: - CVE-2018-15378: Vulnerability in ClamAV's MEW unpacking feature that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. (bsc#1110723) - CVE-2018-14680, CVE-2018-14681, CVE-2018-14682: more fixes for embedded libmspack. (bsc#1103040) The following non-security issues were addressed: - Make freshclam more robust against lagging signature mirrors. - On-Access 'Extra Scanning', an opt-in minor feature of OnAccess scanning on Linux systems, has been disabled due to a known issue with resource cleanup OnAccessExtraScanning will be re-enabled in a future release when the issue is resolved. In the mean-time, users who enabled the feature in clamd.conf will see a warning informing them that the feature is not active. - Restore exit code compatibility of freshclam with versions before 0.100.0 when the virus database is already up to date (bsc#1104457) This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product: - openSUSE Leap 15.0: zypper in -t patch openSUSE-2018-1227=1 Affected Software/OS: clamav on openSUSE Leap 15.0. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2018-14680 Common Vulnerability Exposure (CVE) ID: CVE-2018-14681 Common Vulnerability Exposure (CVE) ID: CVE-2018-14682 Common Vulnerability Exposure (CVE) ID: CVE-2018-15378
Copyright	Copyright (C) 2018 Greenbone Networks GmbH