Bug 1103091 - ClamAV 0.99.4 is outdated and contains multiple CVEs
ClamAV 0.99.4 is outdated and contains multiple CVEs
Status: RESOLVED DUPLICATE of bug 1101410
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 42.3
All All
: P5 - None : Critical (vote)
: ---
Assigned To: Security Team bot
E-mail List
Depends on:
  Show dependency treegraph
Reported: 2018-07-30 12:14 UTC by Igor Drobot
Modified: 2018-09-13 21:27 UTC (History)
0 users

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Igor Drobot 2018-07-30 12:14:14 UTC
The latest clamav version for Leap 42.3 is still in version 0.99.4 and contains multiple critical CVEs:
CVE-2018-0360: HWP integer overflow, infinite loop vulnerability
CVE-2018-0361: ClamAV PDF object length check, unreasonably long time to parse relatively small file

The last one can be use for heavy Denial-of-Service attack against mailing systems by sending PDF-files.

Please provide a hotfix or a regular security update release for clamav.

Further Information:
Comment 1 Marcus Meissner 2018-07-30 12:35:47 UTC
it is already 0.100.0.

next update will come
Comment 2 Marcus Meissner 2018-07-30 12:37:48 UTC
0.100.1 issues are tracked in bug 1101410 and bug 1101412.

*** This bug has been marked as a duplicate of bug 1101410 ***