File _patchinfo of Package patchinfo.6836

<patchinfo incident="6836">
  <issue id="1045315" tracker="bnc">VUL-0: CVE-2012-6706: unrar: VMSF_DELTA filter allows arbitrary memory write</issue>
  <issue id="1052449" tracker="bnc">VUL-0: CVE-2017-6419: clamav: mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allowsremote attackers to cause a denial of service (heap-based bufferoverflow and application crash) or possibly have unspecified otherimpact v</issue>
  <issue id="1049423" tracker="bnc">VUL-0: CVE-2017-11423: clamav: The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used inClamAV 0.99.2, allows remote attackers to cause a denial of service</issue>
  <issue id="1082858" tracker="bnc">VUL-0: CVE-2018-1000085: clamav: Out-of-bounds heap read in XAR parser</issue>
  <issue id="1083915" tracker="bnc">VUL-0: clamav: 0.99.4 release</issue>
  <issue id="2017-11423" tracker="cve" />
  <issue id="2017-6419" tracker="cve" />
  <issue id="2018-1000085" tracker="cve" />
  <issue id="2012-6706" tracker="cve" />
  <issue id="2018-0202" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>rmax</packager>
  <description>This update for clamav fixes the following issues:

Security issues fixed:

- CVE-2012-6706: VMSF_DELTA filter inside the unrar implementation allows an arbitrary memory write (bsc#1045315).
- CVE-2017-6419: A heap-based buffer overflow that can lead to a denial of service in libmspack via a crafted CHM file (bsc#1052449).
- CVE-2017-11423: A stack-based buffer over-read that can lead to a denial of service in mspack via a crafted CAB file (bsc#1049423).
- CVE-2018-1000085: An out-of-bounds heap read vulnerability was found in XAR parser that can lead to a denial of service (bsc#1082858).
- CVE-2018-0202: Fixed two vulnerabilities in the PDF parsing code (bsc#1083915).
</description>
  <summary>Security update for clamav</summary>
</patchinfo>