Bugzilla – Bug 1103092
ClamAV 0.100.0 is outdated and contains multiple CVEs
Last modified: 2018-09-13 21:27:36 UTC
The latest clamav version for Leap 15.0 is outdated 0.100.0 and contains multiple critical CVEs:
CVE-2018-0360: HWP integer overflow, infinite loop vulnerability
CVE-2018-0361: ClamAV PDF object length check, unreasonably long time to parse relatively small file
The last one can be use for heavy Denial-of-Service attack against mailing systems by sending PDF-files.
Please provide a hotfix or a regular security update release for clamav.
0.100.1 issues are tracked in bug 1101410 and bug 1101412.
*** This bug has been marked as a duplicate of bug 1101410 ***