clamav-0.103.6-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:12047 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z clamav-0.103.6-1.1 on GA media These are all security issues fixed in the clamav-0.103.6-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-12047 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:12047 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2022-20770/ SUSE CVE CVE-2022-20770 page https://www.suse.com/security/cve/CVE-2022-20771/ SUSE CVE CVE-2022-20771 page https://www.suse.com/security/cve/CVE-2022-20785/ SUSE CVE CVE-2022-20785 page https://www.suse.com/security/cve/CVE-2022-20792/ SUSE CVE CVE-2022-20792 page https://www.suse.com/security/cve/CVE-2022-20796/ SUSE CVE CVE-2022-20796 page openSUSE Tumbleweed clamav-0.103.6-1.1 clamav-devel-0.103.6-1.1 clamav-milter-0.103.6-1.1 libclamav9-0.103.6-1.1 libfreshclam2-0.103.6-1.1 clamav-0.103.6-1.1 as a component of openSUSE Tumbleweed clamav-devel-0.103.6-1.1 as a component of openSUSE Tumbleweed clamav-milter-0.103.6-1.1 as a component of openSUSE Tumbleweed libclamav9-0.103.6-1.1 as a component of openSUSE Tumbleweed libfreshclam2-0.103.6-1.1 as a component of openSUSE Tumbleweed On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. CVE-2022-20770 openSUSE Tumbleweed:clamav-0.103.6-1.1 openSUSE Tumbleweed:clamav-devel-0.103.6-1.1 openSUSE Tumbleweed:clamav-milter-0.103.6-1.1 openSUSE Tumbleweed:libclamav9-0.103.6-1.1 openSUSE Tumbleweed:libfreshclam2-0.103.6-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-20770.html CVE-2022-20770 https://bugzilla.suse.com/1199242 SUSE Bug 1199242 On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. CVE-2022-20771 openSUSE Tumbleweed:clamav-0.103.6-1.1 openSUSE Tumbleweed:clamav-devel-0.103.6-1.1 openSUSE Tumbleweed:clamav-milter-0.103.6-1.1 openSUSE Tumbleweed:libclamav9-0.103.6-1.1 openSUSE Tumbleweed:libfreshclam2-0.103.6-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-20771.html CVE-2022-20771 https://bugzilla.suse.com/1199244 SUSE Bug 1199244 On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. CVE-2022-20785 openSUSE Tumbleweed:clamav-0.103.6-1.1 openSUSE Tumbleweed:clamav-devel-0.103.6-1.1 openSUSE Tumbleweed:clamav-milter-0.103.6-1.1 openSUSE Tumbleweed:libclamav9-0.103.6-1.1 openSUSE Tumbleweed:libfreshclam2-0.103.6-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-20785.html CVE-2022-20785 https://bugzilla.suse.com/1199245 SUSE Bug 1199245 A vulnerability in the regex module used by the signature database load module of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an authenticated, local attacker to crash ClamAV at database load time, and possibly gain code execution. The vulnerability is due to improper bounds checking that may result in a multi-byte heap buffer overwflow write. An attacker could exploit this vulnerability by placing a crafted CDB ClamAV signature database file in the ClamAV database directory. An exploit could allow the attacker to run code as the clamav user. CVE-2022-20792 openSUSE Tumbleweed:clamav-0.103.6-1.1 openSUSE Tumbleweed:clamav-devel-0.103.6-1.1 openSUSE Tumbleweed:clamav-milter-0.103.6-1.1 openSUSE Tumbleweed:libclamav9-0.103.6-1.1 openSUSE Tumbleweed:libfreshclam2-0.103.6-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-20792.html CVE-2022-20792 https://bugzilla.suse.com/1199274 SUSE Bug 1199274 On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. CVE-2022-20796 openSUSE Tumbleweed:clamav-0.103.6-1.1 openSUSE Tumbleweed:clamav-devel-0.103.6-1.1 openSUSE Tumbleweed:clamav-milter-0.103.6-1.1 openSUSE Tumbleweed:libclamav9-0.103.6-1.1 openSUSE Tumbleweed:libfreshclam2-0.103.6-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-20796.html CVE-2022-20796 https://bugzilla.suse.com/1199246 SUSE Bug 1199246