Security update for clamav
This update for clamav fixes the following issues:
Security issues fixed:
- CVE-2012-6706: VMSF_DELTA filter inside the unrar implementation allows an arbitrary memory write (bsc#1045315).
- CVE-2017-6419: A heap-based buffer overflow that can lead to a denial of service in libmspack via a crafted CHM file (bsc#1052449).
- CVE-2017-11423: A stack-based buffer over-read that can lead to a denial of service in mspack via a crafted CAB file (bsc#1049423).
- CVE-2018-1000085: An out-of-bounds heap read vulnerability was found in XAR parser that can lead to a denial of service (bsc#1082858).
- CVE-2018-0202: Fixed two vulnerabilities in the PDF parsing code (bsc#1083915).
This update was imported from the SUSE:SLE-12:Update update project.
-
Submitted by
Reinhard Max (rmax)
Fixed bugs
bnc#1045315
VUL-0: CVE-2012-6706: unrar: VMSF_DELTA filter allows arbitrary memory write
bnc#1052449
VUL-0: CVE-2017-6419: clamav: mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allowsremote attackers to cause a denial of service (heap-based bufferoverflow and application crash) or possibly have unspecified otherimpact v
bnc#1049423
VUL-0: CVE-2017-11423: clamav: The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used inClamAV 0.99.2, allows remote attackers to cause a denial of service
bnc#1082858
VUL-0: CVE-2018-1000085: clamav: Out-of-bounds heap read in XAR parser
bnc#1083915
VUL-0: clamav: 0.99.4 release
