{"affected":[{"ecosystem_specific":{"binaries":[{"clamav":"0.100.2-33.18.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP1","name":"clamav","purl":"pkg:rpm/suse/clamav&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.100.2-33.18.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for clamav fixes the following issues:\n\nclamav was updated to version 0.100.2:\n\n- CVE-2018-15378: Vulnerability in ClamAV's MEW unpacking feature that\n  could allow an unauthenticated, remote attacker to cause a denial of\n  service (DoS) condition on an affected device. (bsc#1110723)\n- CVE-2018-14680, CVE-2018-14681, CVE-2018-14682: more fixes for embedded\n  libmspack. (bsc#1103040)\n\n- Make freshclam more robust against lagging signature mirrors.\n- On-Access 'Extra Scanning', an opt-in minor feature of\n  OnAccess scanning on Linux systems, has been disabled due to a\n  known issue with resource cleanup OnAccessExtraScanning will\n  be re-enabled in a future release when the issue is\n  resolved. In the mean-time, users who enabled the feature in\n  clamd.conf will see a warning informing them that the feature\n  is not active. For details, see:\n  https://bugzilla.clamav.net/show_bug.cgi?id=12048\n\n- Restore exit code compatibility of freshclam with versions before\n  0.100.0 when the virus database is already up to date\n  (bsc#1104457).\n","id":"SUSE-SU-2018:3436-2","modified":"2019-04-27T14:50:55Z","published":"2019-04-27T14:50:55Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2018/suse-su-20183436-2/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1103040"},{"type":"REPORT","url":"https://bugzilla.suse.com/1104457"},{"type":"REPORT","url":"https://bugzilla.suse.com/1110723"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-14680"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-14681"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-14682"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-15378"}],"related":["CVE-2018-14680","CVE-2018-14681","CVE-2018-14682","CVE-2018-15378"],"summary":"Security update for clamav","upstream":["CVE-2018-14680","CVE-2018-14681","CVE-2018-14682","CVE-2018-15378"]}