You are here
Home > Preporuke > Sigurnosni propusti programskog paketa clamav

Sigurnosni propusti programskog paketa clamav

  • Detalji os-a: LSU
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LSU

openSUSE Security Update: Security update for clamav

Announcement ID: openSUSE-SU-2014:1679-1
Rating: important
References: #903489 #904207 #906077
Cross-References: CVE-2013-6497
Affected Products:
openSUSE Evergreen 11.4

An update that solves one vulnerability and has two fixes
is now available.


clamav was updated to version 0.98.5 to fix two security issues.

These security issues were fixed:
– Segmentation fault when processing certain files (CVE-2013-6497).
– Heap-based buffer overflow when scanning crypted PE files

The following non-security issues were fixed:
– Support for the XDP file format and extracting, decoding, and scanning
PDF files within XDP files.
– Addition of shared library support for LLVM versions 3.1 – 3.5 for the
purpose of just-in-time(JIT) compilation of ClamAV bytecode signatures.
– Enhancements to the clambc command line utility to assist ClamAV
bytecode signature authors by providing introspection into compiled
bytecode programs.
– Resolution of many of the warning messages from ClamAV compilation.
– Improved detection of malicious PE files.
– ClamAV 0.98.5 now works with OpenSSL in FIPS compliant mode (bnc#904207).
– Fix server socket setup code in clamd (bnc#903489).

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– openSUSE Evergreen 11.4:

zypper in -t patch 2014-94

To bring your system up-to-date, use “zypper patch”.

Package List:

– openSUSE Evergreen 11.4 (i586 x86_64):


– openSUSE Evergreen 11.4 (noarch):



To unsubscribe, e-mail:
For additional commands, e-mail:

AutorTomislav Protega
Cert idNCERT-REF-2014-12-0013-ADV
CveCVE-2013-6497 CVE-2014-9050
ID izvornikaopenSUSE-SU-2014:1679-1
ProizvodSecurity update for clamav
More in Preporuke
Ranjivosti programskog paketa ntp

Otkrivene su dvije ranjivosti programskog paketa ntp za openSUSE. Prva ranjivost posljedica je višestrukih prepisivanja spremnika stoga, što je udaljenim...