SB2018081715 - OpenSUSE Linux update for clamav
Published: August 17, 2018
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Integer overflow (CVE-ID: CVE-2018-0360)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to integer overflow when handling malicious input. A remote attacker can trick the victim into opening a specially crafted file, trigger an infinite loop and cause the service to crash.
2) Improper input validation (CVE-ID: CVE-2018-0361)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to a flaw when handling malicious input. A remote attacker can trick the victim into opening a specially crafted file, trigger a PDF object length check error and cause the service to crash.
3) Out-of-bounds read (CVE-ID: CVE-2018-1000085)
The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.The weakness exists in the xar_hash_check() function due to insufficient validation of user-supplied input. A remote attacker can send a specially crafted XAR file, trick the victim into opening it, trigger out-of-bounds heap memory read and cause the service to crash.
4) Stack-based buffer overflow (CVE-ID: CVE-2018-14679)
The vulnerability allows a local attacker to cause DoS condition on the target system.
The vulnerability exists due to stack-based buffer overflow the read_chunk function, as defined in the mspack/chmd.c source code file. A local attacker can send a specially crafted request that submits malicious input, trigger memory corruption and cause the service to crash.
Remediation
Install update from vendor's website.