ALT Linux Team

Branch p7 update on 2018-10-23

2018-10-23

ALT-BU-2018-3527-1

Branch p7 update bulletin.

ALT-PU-2018-2530-1

Package clamav updated to version 0.100.2-alt0.M70P.1 for branch p7 in task 215329.

Closed vulnerabilities

Published: 2017-11-26

BDU:2020-01873

Уязвимость функции kwajd_read_headers библиотеки Libmspack и утилиты разархивации CAB-файлов СabExtract, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: CRITICAL (9.3) Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
References:
Published: 2019-11-06
Modified: 2024-11-21

CVE-2007-0899

There is a possible heap overflow in libclamav/fsg.c before 0.100.0.

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2018-07-16
Modified: 2024-11-21

CVE-2018-0360

ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. This is in parsehwp3_paragraph() in libclamav/hwp.c.

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
Published: 2018-07-16
Modified: 2024-11-21

CVE-2018-0361

ClamAV before 0.100.1 lacks a PDF object length check, resulting in an unreasonably long time to parse a relatively small file.

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: LOW (3.3) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
References:
Published: 2018-07-28
Modified: 2024-11-21

CVE-2018-14680

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
Published: 2018-07-28
Modified: 2024-11-21

CVE-2018-14681

An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2018-07-28
Modified: 2024-11-21

CVE-2018-14682

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2018-10-15
Modified: 2024-11-21

CVE-2018-15378

A vulnerability in ClamAV versions prior to 0.100.2 could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to an error related to the MEW unpacker within the "unmew11()" function (libclamav/mew.c), which can be exploited to trigger an invalid read memory access via a specially crafted EXE file.

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:

Closed bugs

Bug #35096

Обновить clamav

VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top