{"affected":[{"ecosystem_specific":{"binaries":[{"clamav":"0.100.1-3.3.1","clamav-devel":"0.100.1-3.3.1","libclamav7":"0.100.1-3.3.1","libclammspack0":"0.100.1-3.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15","name":"clamav","purl":"pkg:rpm/suse/clamav&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.100.1-3.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for clamav to version 0.100.1 fixes the following issues:\n  \nThe following security vulnerabilities were addressed:\n  \n- CVE-2018-0360: HWP integer overflow, infinite loop vulnerability\n  (bsc#1101410)\n- CVE-2018-0361: PDF object length check, unreasonably long time to parse\n  relatively small file (bsc#1101412)\n- Buffer over-read in unRAR code due to missing max value checks in table\n  initialization\n- Libmspack heap buffer over-read in CHM parser (bsc#1103040)\n- PDF parser bugs\n\nThe following other changes were made:\n\n- Disable YARA support for licensing reasons (bsc#1101654).\n- Add HTTPS support for clamsubmit\n- Fix for DNS resolution for users on IPv4-only machines where IPv6 is not\n  available or is link-local only\n","id":"SUSE-SU-2018:2230-1","modified":"2018-08-07T07:39:11Z","published":"2018-08-07T07:39:11Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2018/suse-su-20182230-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1101410"},{"type":"REPORT","url":"https://bugzilla.suse.com/1101412"},{"type":"REPORT","url":"https://bugzilla.suse.com/1101654"},{"type":"REPORT","url":"https://bugzilla.suse.com/1103040"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-0360"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-0361"}],"related":["CVE-2018-0360","CVE-2018-0361"],"summary":"Security update for clamav","upstream":["CVE-2018-0360","CVE-2018-0361"]}