File _patchinfo of Package patchinfo.8969
<patchinfo incident="8969"> <issue tracker="bnc" id="1103040">VUL-1: CVE-2018-14679: clamav: libmspack: An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There isan off-by-one error in the CHM PMGI/PMGL chunk number validity checks, whichcould lead to denial of service (uninitialized da</issue> <issue tracker="bnc" id="1110723">VUL-0: CVE-2018-15378: clamav: MEW unpacking DoS</issue> <issue tracker="bnc" id="1104457">return code wrong for "freshclam -v" if all is uptodate</issue> <issue tracker="cve" id="2018-14682"/> <issue tracker="cve" id="2018-14681"/> <issue tracker="cve" id="2018-14680"/> <issue tracker="cve" id="2018-15378"/> <category>security</category> <rating>moderate</rating> <packager>rmax</packager> <description>This update for clamav fixes the following issues: clamav was updated to version 0.100.2. Following security issues were fixed: - CVE-2018-15378: Vulnerability in ClamAV's MEW unpacking feature that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. (bsc#1110723) - CVE-2018-14680, CVE-2018-14681, CVE-2018-14682: more fixes for embedded libmspack. (bsc#1103040) Following non-security issues were addressed: - Make freshclam more robust against lagging signature mirrors. - On-Access "Extra Scanning", an opt-in minor feature of OnAccess scanning on Linux systems, has been disabled due to a known issue with resource cleanup OnAccessExtraScanning will be re-enabled in a future release when the issue is resolved. In the mean-time, users who enabled the feature in clamd.conf will see a warning informing them that the feature is not active. For details, see: https://bugzilla.clamav.net/show_bug.cgi?id=12048 - Restore exit code compatibility of freshclam with versions before 0.100.0 when the virus database is already up to date (bsc#1104457) </description> <summary>Security update for clamav</summary> </patchinfo>
