Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.850622 |
Kategorie: | SuSE Local Security Checks |
Titel: | openSUSE: Security Advisory for clamav (openSUSE-SU-2014:1560-1) |
Zusammenfassung: | The remote host is missing an update for the 'clamav'; package(s) announced via the referenced advisory. |
Beschreibung: | Summary: The remote host is missing an update for the 'clamav' package(s) announced via the referenced advisory. Vulnerability Insight: clamav was updated to version 0.98.5 to fix two security issues. These security issues were fixed: - Segmentation fault when processing certain files (CVE-2013-6497). - Heap-based buffer overflow when scanning encrypted PE files (CVE-2014-9050). The following non-security issues were fixed: - Support for the XDP file format and extracting, decoding, and scanning PDF files within XDP files. - Addition of shared library support for LLVM versions 3.1 - 3.5 for the purpose of just-in-time(JIT) compilation of ClamAV bytecode signatures. - Enhancements to the clambc command line utility to assist ClamAV bytecode signature authors by providing introspection into compiled bytecode programs. - Resolution of many of the warning messages from ClamAV compilation. - Improved detection of malicious PE files. - ClamAV 0.98.5 now works with OpenSSL in FIPS compliant mode (bnc#904207). - Fix server socket setup code in clamd (bnc#903489). - Change updateclamconf to prefer the state of the old config file even for commented-out options (bnc#903719). Affected Software/OS: clamav on openSUSE 13.1, openSUSE 12.3 Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2013-6497 BugTraq ID: 71178 http://www.securityfocus.com/bid/71178 http://lists.fedoraproject.org/pipermail/package-announce/2014-November/144979.html http://lists.fedoraproject.org/pipermail/package-announce/2014-November/144754.html http://www.mandriva.com/security/advisories?name=MDVSA-2014:217 http://www.openwall.com/lists/oss-security/2014/11/19/2 http://www.openwall.com/lists/oss-security/2014/11/19/5 http://secunia.com/advisories/59645 http://secunia.com/advisories/60150 SuSE Security Announcement: SUSE-SU-2014:1571 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00006.html SuSE Security Announcement: SUSE-SU-2014:1574 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00007.html SuSE Security Announcement: openSUSE-SU-2014:1560 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00003.html http://www.ubuntu.com/usn/USN-2423-1 http://www.ubuntu.com/usn/USN-2488-2 XForce ISS Database: clamv-cve20136497os(98804) https://exchange.xforce.ibmcloud.com/vulnerabilities/98804 Common Vulnerability Exposure (CVE) ID: CVE-2014-9050 BugTraq ID: 71242 http://www.securityfocus.com/bid/71242 http://www.openwall.com/lists/oss-security/2014/11/22/1 http://www.securitytracker.com/id/1031268 http://secunia.com/advisories/62542 |
Copyright | Copyright (C) 2014 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |