{"affected":[{"ecosystem_specific":{"binaries":[{"clamav":"0.100.1-33.15.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP2-BCL","name":"clamav","purl":"pkg:rpm/suse/clamav&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.100.1-33.15.2"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for clamav to version 0.100.1 fixes the following issues:\n  \nThe following security vulnerabilities were addressed:\n  \n- CVE-2018-0360: HWP integer overflow, infinite loop vulnerability (bsc#1101410)\n- CVE-2018-0361: PDF object length check, unreasonably long time to parse relatively small file (bsc#1101412)\n- CVE-2018-1000085: Fixed a out-of-bounds heap read in XAR parser (bsc#1082858)\n- CVE-2018-14679: Libmspack heap buffer over-read in CHM parser (bsc#1103040)\n- Buffer over-read in unRAR code due to missing max value checks in table initialization\n- PDF parser bugs\n\nThe following other changes were made:\n\n- Disable YARA support for licensing reasons (bsc#1101654).\n- Add HTTPS support for clamsubmit\n- Fix for DNS resolution for users on IPv4-only machines where IPv6 is not\n  available or is link-local only\n","id":"SUSE-SU-2018:2323-2","modified":"2018-10-18T12:48:43Z","published":"2018-10-18T12:48:43Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2018/suse-su-20182323-2/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1082858"},{"type":"REPORT","url":"https://bugzilla.suse.com/1101410"},{"type":"REPORT","url":"https://bugzilla.suse.com/1101412"},{"type":"REPORT","url":"https://bugzilla.suse.com/1101654"},{"type":"REPORT","url":"https://bugzilla.suse.com/1103040"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-0360"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-0361"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-1000085"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-14679"}],"related":["CVE-2018-0360","CVE-2018-0361","CVE-2018-1000085","CVE-2018-14679"],"summary":"Security update for clamav","upstream":["CVE-2018-0360","CVE-2018-0361","CVE-2018-1000085","CVE-2018-14679"]}