Bugzilla – Bug 1103091
ClamAV 0.99.4 is outdated and contains multiple CVEs
Last modified: 2018-09-13 21:27:29 UTC
The latest clamav version for Leap 42.3 is still in version 0.99.4 and contains multiple critical CVEs:
CVE-2018-0360: HWP integer overflow, infinite loop vulnerability
CVE-2018-0361: ClamAV PDF object length check, unreasonably long time to parse relatively small file
The last one can be use for heavy Denial-of-Service attack against mailing systems by sending PDF-files.
Please provide a hotfix or a regular security update release for clamav.
it is already 0.100.0.
next update will come
0.100.1 issues are tracked in bug 1101410 and bug 1101412.
*** This bug has been marked as a duplicate of bug 1101410 ***