Mailinglist Archive: opensuse-security-announce (36 mails)

< Previous Next >
[security-announce] openSUSE-SU-2014:1560-1: important: Security update for clamav
openSUSE Security Update: Security update for clamav

Announcement ID: openSUSE-SU-2014:1560-1
Rating: important
References: #903489 #903719 #904207 #906077 #906770
Cross-References: CVE-2013-6497 CVE-2014-9050
Affected Products:
openSUSE 13.2
openSUSE 13.1
openSUSE 12.3

An update that solves two vulnerabilities and has three
fixes is now available.


clamav was updated to version 0.98.5 to fix two security issues.

These security issues were fixed:
- Segmentation fault when processing certain files (CVE-2013-6497).
- Heap-based buffer overflow when scanning crypted PE files

The following non-security issues were fixed:
- Support for the XDP file format and extracting, decoding, and scanning
PDF files within XDP files.
- Addition of shared library support for LLVM versions 3.1 - 3.5 for the
purpose of just-in-time(JIT) compilation of ClamAV bytecode signatures.
- Enhancements to the clambc command line utility to assist ClamAV
bytecode signature authors by providing introspection into compiled
bytecode programs.
- Resolution of many of the warning messages from ClamAV compilation.
- Improved detection of malicious PE files.
- ClamAV 0.98.5 now works with OpenSSL in FIPS compliant mode (bnc#904207).
- Fix server socket setup code in clamd (bnc#903489).
- Change updateclamconf to prefer the state of the old config file even
for commented-out options (bnc#903719).

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 13.2:

zypper in -t patch openSUSE-2014-736

- openSUSE 13.1:

zypper in -t patch openSUSE-2014-736

- openSUSE 12.3:

zypper in -t patch openSUSE-2014-736

To bring your system up-to-date, use "zypper patch".

Package List:

- openSUSE 13.2 (i586 x86_64):


- openSUSE 13.1 (i586 x86_64):


- openSUSE 12.3 (i586 x86_64):



To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security-announce+help@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages