openSUSE Recommended Update: Recommended update for clamav ______________________________________________________________________________ Announcement ID: openSUSE-RU-2016:1410-1 Rating: moderate References: #978459 Affected Products: openSUSE 13.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for clamav fixes the following issues: - Update to version 0.99.2 (boo#978459) * 7z: Fix for FolderStartPackStreamIndex array index heck * Print all CDBNAME entries for a zip file when using the -z flag. * Try to minimize the err cleanup path * clamunrar: Notice if unpacking comment failed * Signature manual update. * Use temp var for realloc to prevent pointer loss. * Fix debug VI hex truncation * freshclam: Avoid random data in mirrors.dat. * libclamav: Print raw certificate metadata * freshclam manager check return code of strdup. * Additional suppress IP notification when using proxy * Fix download and verification of *.cld through PrivateMirrors * Suppress IP notification when using proxy * Remove redundant mempool assignment * Divide out dumpcerts output for better readability * Fix dconf and option handling for nocert and dumpcert * Patch by Jim Morris to increase clamd's soft file descriptor to its potential maximum on 64-bit systems * Move libfreshclam config to m4/reorganization. * Adding libfreshclam * Add 'cdb' datafile to sigtools list of datafile types. * NULL pointer check. * malloc() NULL pointer check. * clamscan 'block-macros' option. * Initialize cpio name buffer * Initialize mspack decompression buffers * Prevent memory allocations on used pointers (folder objects) * Prevent memory allocations on used pointers (boolvectors) * Initialize ARJ metadata structures * Change cli_malloc with cli_calloc * Check packSizes prior to dereference * Fixed inconsistent folder state on failure * Pre-check on (*unpackSizes) dereference * Fix on pre-checks on dereferenced array * Pre-checks on dereferenced array size values (not =0) * Adding sanity checks to 7z header parsing * Fixed mew source read issue * Documentation update on targets * Filetype consistency * Move llvm option flag handling to new m4 file * hwp5.x: Fix for streams without names Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.2: zypper in -t patch openSUSE-2016-645=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.2 (i586 x86_64): clamav-0.99.2-2.28.1 clamav-debuginfo-0.99.2-2.28.1 clamav-debugsource-0.99.2-2.28.1 References: https://bugzilla.suse.com/978459