openSUSE Recommended Update: Recommended update for clamav ______________________________________________________________________________ Announcement ID: openSUSE-RU-2016:1545-1 Rating: moderate References: #978459 Affected Products: openSUSE Leap 42.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: ClamAV was updated to version 0.99.2, which brings fixes and enhancements: - Fix 7z's FolderStartPackStreamIndex array index check. - Print all CDBNAME entries for a zip file when using the -z flag. - clamunrar: Notice if unpacking comment failed. - Use temporary variable for realloc to prevent pointer loss. - freshclam: Avoid random data in mirrors.dat. - libclamav: Print raw certificate metadata. - Fix download and verification of *.cld through PrivateMirrors. - Suppress IP notification when using proxy. - Remove redundant mempool assignment. - Divide out dumpcerts output for better readability. - Fix dconf and option handling for nocert and dumpcert. - Increase clamd's soft file descriptor to its potential maximum on 64-bit systems. - Move libfreshclam config to m4/reorganization. - Add 'cdb' datafile to sigtools list of datafile types. - Prevent memory allocations on used pointers. - Check packSizes prior to dereference - Fix inconsistent folder state on failure. - Add sanity checks to 7z header parsing. For a comprehensive list of fixes please refer to the package's change log. This update was imported from the SUSE:SLE-12:Update update project. Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.1: zypper in -t patch openSUSE-2016-701=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.1 (i586 x86_64): clamav-0.99.2-14.1 clamav-debuginfo-0.99.2-14.1 clamav-debugsource-0.99.2-14.1 References: https://bugzilla.suse.com/978459