Security update for clamav

Announcement ID:	SUSE-SU-2015:0291-1
Rating:	moderate
References:	bsc#915512 bsc#916214 bsc#916215 bsc#916217
Cross-References:	CVE-2014-9328 CVE-2015-1461 CVE-2015-1462 CVE-2015-1463
CVSS scores:
Affected Products:	SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server for SAP Applications 12

An update that solves four vulnerabilities can now be installed.

Description:

clamav was updated to version 0.98.6 to fix four security issues.

These security issues were fixed: - CVE-2015-1462: ClamAV allowed remote attackers to have unspecified impact via a crafted upx packer file, related to a heap out of bounds condition (bnc#916214). - CVE-2015-1463: ClamAV allowed remote attackers to cause a denial of service (crash) via a crafted petite packer file, related to an incorrect compiler optimization (bnc#916215). - CVE-2014-9328: ClamAV allowed remote attackers to have unspecified impact via a crafted upack packer file, related to a heap out of bounds condition (bnc#915512). - CVE-2015-1461: ClamAV allowed remote attackers to have unspecified impact via a crafted (1) Yoda's crypter or (2) mew packer file, related to a heap out of bounds condition (bnc#916217).

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Desktop 12
  zypper in -t patch SUSE-SLE-DESKTOP-12-2015-75=1
• SUSE Linux Enterprise Server 12
  zypper in -t patch SUSE-SLE-SERVER-12-2015-75=1
• SUSE Linux Enterprise Server for SAP Applications 12
  zypper in -t patch SUSE-SLE-SERVER-12-2015-75=1

Package List:

• SUSE Linux Enterprise Desktop 12 (x86_64)
  • clamav-debugsource-0.98.6-10.1
  • clamav-debuginfo-0.98.6-10.1
  • clamav-0.98.6-10.1
• SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64)
  • clamav-debugsource-0.98.6-10.1
  • clamav-debuginfo-0.98.6-10.1
  • clamav-0.98.6-10.1
• SUSE Linux Enterprise Server for SAP Applications 12 (x86_64)
  • clamav-debugsource-0.98.6-10.1
  • clamav-debuginfo-0.98.6-10.1
  • clamav-0.98.6-10.1

References:

• https://www.suse.com/security/cve/CVE-2014-9328.html
• https://www.suse.com/security/cve/CVE-2015-1461.html
• https://www.suse.com/security/cve/CVE-2015-1462.html
• https://www.suse.com/security/cve/CVE-2015-1463.html
• https://bugzilla.suse.com/show_bug.cgi?id=915512
• https://bugzilla.suse.com/show_bug.cgi?id=916214
• https://bugzilla.suse.com/show_bug.cgi?id=916215
• https://bugzilla.suse.com/show_bug.cgi?id=916217