suse-su-2025:0328-1
Vulnerability from csaf_suse
Published
2025-02-03 09:39
Modified
2025-02-03 09:39
Summary
Security update for clamav
Notes
Title of the patch
Security update for clamav
Description of the patch
This update for clamav fixes the following issues:
New version 1.4.2:
* CVE-2025-20128, bsc#1236307: Fixed a possible buffer overflow
read bug in the OLE2 file parser that could cause a
denial-of-service (DoS) condition.
- Start clamonacc with --fdpass to avoid errors due to
clamd not being able to access user files. (bsc#1232242)
- New version 1.4.1:
* https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html
- New version 1.4.0:
* Added support for extracting ALZ archives.
* Added support for extracting LHA/LZH archives.
* Added the ability to disable image fuzzy hashing, if needed.
For context, image fuzzy hashing is a detection mechanism
useful for identifying malware by matching images included with
the malware or phishing email/document.
* https://blog.clamav.net/2024/08/clamav-140-feature-release-and-clamav.html
- New version 1.3.2:
* CVE-2024-20506: Changed the logging module to disable following
symlinks on Linux and Unix systems so as to prevent an attacker
with existing access to the 'clamd' or 'freshclam' services from
using a symlink to corrupt system files.
* CVE-2024-20505: Fixed a possible out-of-bounds read bug in the PDF
file parser that could cause a denial-of-service condition.
* Removed unused Python modules from freshclam tests including
deprecated 'cgi' module that is expected to cause test failures in
Python 3.13.
* Fix unit test caused by expiring signing certificate.
* Fixed a build issue on Windows with newer versions of Rust. Also
upgraded GitHub Actions imports to fix CI failures.
* Fixed an unaligned pointer dereference issue on select architectures.
* Fixes to Jenkins CI pipeline.
- New Version: 1.3.1:
* CVE-2024-20380: Fixed a possible crash in the HTML file parser
that could cause a denial-of-service (DoS) condition.
* Updated select Rust dependencies to the latest versions.
* Fixed a bug causing some text to be truncated when converting
from UTF-16.
* Fixed assorted complaints identified by Coverity static
analysis.
* Fixed a bug causing CVDs downloaded by the DatabaseCustomURL
* Added the new 'valhalla' database name to the list of optional
databases in preparation for future work.
- New version: 1.3.0:
* Added support for extracting and scanning attachments found in
Microsoft OneNote section files. OneNote parsing will be
enabled by default, but may be optionally disabled.
* Added file type recognition for compiled Python ('.pyc') files.
* Improved support for decrypting PDFs with empty passwords.
* Fixed a warning when scanning some HTML files.
* ClamOnAcc: Fixed an infinite loop when a watched directory
does not exist.
* ClamOnAcc: Fixed an infinite loop when a file has been deleted
before a scan.
- New version: 1.2.0:
* Added support for extracting Universal Disk Format (UDF)
partitions.
* Added an option to customize the size of ClamAV's clean file
cache.
* Raised the MaxScanSize limit so the total amount of data
scanned when scanning a file or archive may exceed 4 gigabytes.
* Added ability for Freshclam to use a client certificate PEM
file and a private key PEM file for authentication to a private
mirror.
* Fix an issue extracting files from ISO9660 partitions where the
files are listed in the plain ISO tree and there also exists an
empty Joliet tree.
* PID and socket are now located under /run/clamav/clamd.pid and
/run/clamav/clamd.sock .
* bsc#1211594: Fixed an issue where ClamAV does not abort the
signature load process after partially loading an invalid
signature.
- New version 1.1.0:
* https://blog.clamav.net/2023/05/clamav-110-released.html
* Added the ability to extract images embedded in HTML CSS
<style> blocks.
* Updated to Sigtool so that the '--vba' option will extract VBA
code from Microsoft Office documents the same way that
libclamav extracts VBA.
* Added a new option --fail-if-cvd-older-than=days to clamscan
and clamd, and FailIfCvdOlderThan to clamd.conf
* Added a new function 'cl_cvdgetage()' to the libclamav API.
* Added a new function 'cl_engine_set_clcb_vba()' to the
libclamav API.
- bsc#1180296: Integrate clamonacc as a service.
- New version 1.0.1 LTS (including changes in 0.104 and 0.105):
* As of ClamAV 0.104, CMake is required to build ClamAV.
* As of ClamAV 0.105, Rust is now required to compile ClamAV.
* Increased the default limits for file and scan size:
* MaxScanSize: 100M to 400M
* MaxFileSize: 25M to 100M
* StreamMaxLength: 25M to 100M
* PCREMaxFileSize: 25M to 100M
* MaxEmbeddedPE: 10M to 40M
* MaxHTMLNormalize: 10M to 40M
* MaxScriptNormalize: 5M to 20M
* MaxHTMLNoTags: 2M to 8M
* Added image fuzzy hash subsignatures for logical signatures.
* Support for decrypting read-only OLE2-based XLS files that are
encrypted with the default password.
* Overhauled the implementation of the all-match feature.
* Added a new callback to the public API for inspecting file
content during a scan at each layer of archive extraction.
* Added a new function to the public API for unpacking CVD
signature archives.
* The option to build with an external TomsFastMath library has
been removed. ClamAV requires non-default build options for
TomsFastMath to support bigger floating point numbers.
* For a full list of changes see the release announcements:
* https://blog.clamav.net/2022/11/clamav-100-lts-released.html
* https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html
* https://blog.clamav.net/2021/09/clamav-01040-released.html
- Build clamd with systemd support.
* CVE-2023-20197: Fixed a possible denial of service vulnerability in
the HFS+ file parser. (bsc#1214342)
* CVE-2018-14679: Fixed that an issue was discovered in mspack/chmd.c
in libmspack before 0.7alpha. There isan off-by-one error in the CHM
PMGI/PMGL chunk number validity checks, which could lead to denial of
service (uninitialized da (bsc#1103032)
- Package huge .html documentation in a separate subpackage.
- Update to 0.103.7 (bsc#1202986)
- Zip parser: tolerate 2-byte overlap in file entries
- Fix bug with logical signature Intermediates feature
- Update to UnRAR v6.1.7
- Patch UnRAR: allow skipping files in solid archives
- Patch UnRAR: limit dict winsize to 1GB
- Use a split-provides for clamav-milter instead of recommending it.
- Package clamav-milter in a subpackage
- Remove virus signatures upon uninstall
- Check for database existence before starting clamd
- Restart clamd when it exits
- Don't daemonize freshclam, but use a systemd timer instead to
trigger updates
Patchnames
SUSE-2025-328,SUSE-SLE-SERVER-12-SP5-LTSS-2025-328,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-328
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for clamav",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for clamav fixes the following issues:\n\nNew version 1.4.2:\n\n * CVE-2025-20128, bsc#1236307: Fixed a possible buffer overflow\n read bug in the OLE2 file parser that could cause a\n denial-of-service (DoS) condition. \n\n- Start clamonacc with --fdpass to avoid errors due to\n clamd not being able to access user files. (bsc#1232242)\n\n- New version 1.4.1:\n\n * https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html\n\n- New version 1.4.0:\n\n * Added support for extracting ALZ archives.\n * Added support for extracting LHA/LZH archives.\n * Added the ability to disable image fuzzy hashing, if needed.\n For context, image fuzzy hashing is a detection mechanism\n useful for identifying malware by matching images included with\n the malware or phishing email/document.\n * https://blog.clamav.net/2024/08/clamav-140-feature-release-and-clamav.html\n\n- New version 1.3.2:\n\n * CVE-2024-20506: Changed the logging module to disable following\n symlinks on Linux and Unix systems so as to prevent an attacker\n with existing access to the \u0027clamd\u0027 or \u0027freshclam\u0027 services from\n using a symlink to corrupt system files.\n * CVE-2024-20505: Fixed a possible out-of-bounds read bug in the PDF\n file parser that could cause a denial-of-service condition.\n * Removed unused Python modules from freshclam tests including\n deprecated \u0027cgi\u0027 module that is expected to cause test failures in\n Python 3.13.\n * Fix unit test caused by expiring signing certificate.\n * Fixed a build issue on Windows with newer versions of Rust. Also\n upgraded GitHub Actions imports to fix CI failures.\n * Fixed an unaligned pointer dereference issue on select architectures.\n * Fixes to Jenkins CI pipeline.\n \n\n- New Version: 1.3.1:\n\n * CVE-2024-20380: Fixed a possible crash in the HTML file parser\n that could cause a denial-of-service (DoS) condition.\n * Updated select Rust dependencies to the latest versions.\n * Fixed a bug causing some text to be truncated when converting\n from UTF-16.\n * Fixed assorted complaints identified by Coverity static\n analysis.\n * Fixed a bug causing CVDs downloaded by the DatabaseCustomURL\n * Added the new \u0027valhalla\u0027 database name to the list of optional\n databases in preparation for future work.\n\n- New version: 1.3.0:\n\n * Added support for extracting and scanning attachments found in\n Microsoft OneNote section files. OneNote parsing will be\n enabled by default, but may be optionally disabled.\n * Added file type recognition for compiled Python (\u0027.pyc\u0027) files.\n * Improved support for decrypting PDFs with empty passwords.\n * Fixed a warning when scanning some HTML files.\n * ClamOnAcc: Fixed an infinite loop when a watched directory\n does not exist.\n * ClamOnAcc: Fixed an infinite loop when a file has been deleted\n before a scan.\n\n- New version: 1.2.0:\n\n * Added support for extracting Universal Disk Format (UDF)\n partitions.\n * Added an option to customize the size of ClamAV\u0027s clean file\n cache.\n * Raised the MaxScanSize limit so the total amount of data\n scanned when scanning a file or archive may exceed 4 gigabytes.\n * Added ability for Freshclam to use a client certificate PEM\n file and a private key PEM file for authentication to a private\n mirror.\n * Fix an issue extracting files from ISO9660 partitions where the\n files are listed in the plain ISO tree and there also exists an\n empty Joliet tree.\n * PID and socket are now located under /run/clamav/clamd.pid and\n /run/clamav/clamd.sock .\n * bsc#1211594: Fixed an issue where ClamAV does not abort the\n signature load process after partially loading an invalid\n signature.\n\n- New version 1.1.0:\n\n * https://blog.clamav.net/2023/05/clamav-110-released.html\n * Added the ability to extract images embedded in HTML CSS\n \u003cstyle\u003e blocks.\n * Updated to Sigtool so that the \u0027--vba\u0027 option will extract VBA\n code from Microsoft Office documents the same way that\n libclamav extracts VBA.\n * Added a new option --fail-if-cvd-older-than=days to clamscan\n and clamd, and FailIfCvdOlderThan to clamd.conf\n * Added a new function \u0027cl_cvdgetage()\u0027 to the libclamav API.\n * Added a new function \u0027cl_engine_set_clcb_vba()\u0027 to the\n libclamav API.\n- bsc#1180296: Integrate clamonacc as a service.\n- New version 1.0.1 LTS (including changes in 0.104 and 0.105):\n * As of ClamAV 0.104, CMake is required to build ClamAV.\n * As of ClamAV 0.105, Rust is now required to compile ClamAV.\n * Increased the default limits for file and scan size:\n * MaxScanSize: 100M to 400M\n * MaxFileSize: 25M to 100M\n * StreamMaxLength: 25M to 100M\n * PCREMaxFileSize: 25M to 100M\n * MaxEmbeddedPE: 10M to 40M\n * MaxHTMLNormalize: 10M to 40M\n * MaxScriptNormalize: 5M to 20M\n * MaxHTMLNoTags: 2M to 8M\n * Added image fuzzy hash subsignatures for logical signatures.\n * Support for decrypting read-only OLE2-based XLS files that are\n encrypted with the default password.\n * Overhauled the implementation of the all-match feature.\n * Added a new callback to the public API for inspecting file\n content during a scan at each layer of archive extraction.\n * Added a new function to the public API for unpacking CVD\n signature archives.\n * The option to build with an external TomsFastMath library has\n been removed. ClamAV requires non-default build options for\n TomsFastMath to support bigger floating point numbers.\n * For a full list of changes see the release announcements:\n * https://blog.clamav.net/2022/11/clamav-100-lts-released.html\n * https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html\n * https://blog.clamav.net/2021/09/clamav-01040-released.html\n- Build clamd with systemd support.\n\n* CVE-2023-20197: Fixed a possible denial of service vulnerability in\n the HFS+ file parser. (bsc#1214342)\n* CVE-2018-14679: Fixed that an issue was discovered in mspack/chmd.c\n in libmspack before 0.7alpha. There isan off-by-one error in the CHM\n PMGI/PMGL chunk number validity checks, which could lead to denial of\n service (uninitialized da (bsc#1103032)\n \n- Package huge .html documentation in a separate subpackage.\n\n- Update to 0.103.7 (bsc#1202986)\n\n - Zip parser: tolerate 2-byte overlap in file entries\n - Fix bug with logical signature Intermediates feature\n - Update to UnRAR v6.1.7\n - Patch UnRAR: allow skipping files in solid archives\n - Patch UnRAR: limit dict winsize to 1GB\n\n- Use a split-provides for clamav-milter instead of recommending it.\n- Package clamav-milter in a subpackage\n- Remove virus signatures upon uninstall\n- Check for database existence before starting clamd\n- Restart clamd when it exits\n- Don\u0027t daemonize freshclam, but use a systemd timer instead to\n trigger updates\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-328,SUSE-SLE-SERVER-12-SP5-LTSS-2025-328,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-328",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0328-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0328-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250328-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0328-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020256.html"
},
{
"category": "self",
"summary": "SUSE Bug 1102840",
"url": "https://bugzilla.suse.com/1102840"
},
{
"category": "self",
"summary": "SUSE Bug 1103032",
"url": "https://bugzilla.suse.com/1103032"
},
{
"category": "self",
"summary": "SUSE Bug 1180296",
"url": "https://bugzilla.suse.com/1180296"
},
{
"category": "self",
"summary": "SUSE Bug 1202986",
"url": "https://bugzilla.suse.com/1202986"
},
{
"category": "self",
"summary": "SUSE Bug 1211594",
"url": "https://bugzilla.suse.com/1211594"
},
{
"category": "self",
"summary": "SUSE Bug 1214342",
"url": "https://bugzilla.suse.com/1214342"
},
{
"category": "self",
"summary": "SUSE Bug 1232242",
"url": "https://bugzilla.suse.com/1232242"
},
{
"category": "self",
"summary": "SUSE Bug 1236307",
"url": "https://bugzilla.suse.com/1236307"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14679 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14679/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-20197 page",
"url": "https://www.suse.com/security/cve/CVE-2023-20197/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-20380 page",
"url": "https://www.suse.com/security/cve/CVE-2024-20380/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-20505 page",
"url": "https://www.suse.com/security/cve/CVE-2024-20505/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-20506 page",
"url": "https://www.suse.com/security/cve/CVE-2024-20506/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-20128 page",
"url": "https://www.suse.com/security/cve/CVE-2025-20128/"
}
],
"title": "Security update for clamav",
"tracking": {
"current_release_date": "2025-02-03T09:39:50Z",
"generator": {
"date": "2025-02-03T09:39:50Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0328-1",
"initial_release_date": "2025-02-03T09:39:50Z",
"revision_history": [
{
"date": "2025-02-03T09:39:50Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "clamav-1.4.2-3.36.1.aarch64",
"product": {
"name": "clamav-1.4.2-3.36.1.aarch64",
"product_id": "clamav-1.4.2-3.36.1.aarch64"
}
},
{
"category": "product_version",
"name": "clamav-devel-1.4.2-3.36.1.aarch64",
"product": {
"name": "clamav-devel-1.4.2-3.36.1.aarch64",
"product_id": "clamav-devel-1.4.2-3.36.1.aarch64"
}
},
{
"category": "product_version",
"name": "clamav-milter-1.4.2-3.36.1.aarch64",
"product": {
"name": "clamav-milter-1.4.2-3.36.1.aarch64",
"product_id": "clamav-milter-1.4.2-3.36.1.aarch64"
}
},
{
"category": "product_version",
"name": "libclamav12-1.4.2-3.36.1.aarch64",
"product": {
"name": "libclamav12-1.4.2-3.36.1.aarch64",
"product_id": "libclamav12-1.4.2-3.36.1.aarch64"
}
},
{
"category": "product_version",
"name": "libclammspack0-1.4.2-3.36.1.aarch64",
"product": {
"name": "libclammspack0-1.4.2-3.36.1.aarch64",
"product_id": "libclammspack0-1.4.2-3.36.1.aarch64"
}
},
{
"category": "product_version",
"name": "libfreshclam3-1.4.2-3.36.1.aarch64",
"product": {
"name": "libfreshclam3-1.4.2-3.36.1.aarch64",
"product_id": "libfreshclam3-1.4.2-3.36.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "clamav-1.4.2-3.36.1.i586",
"product": {
"name": "clamav-1.4.2-3.36.1.i586",
"product_id": "clamav-1.4.2-3.36.1.i586"
}
},
{
"category": "product_version",
"name": "clamav-devel-1.4.2-3.36.1.i586",
"product": {
"name": "clamav-devel-1.4.2-3.36.1.i586",
"product_id": "clamav-devel-1.4.2-3.36.1.i586"
}
},
{
"category": "product_version",
"name": "clamav-milter-1.4.2-3.36.1.i586",
"product": {
"name": "clamav-milter-1.4.2-3.36.1.i586",
"product_id": "clamav-milter-1.4.2-3.36.1.i586"
}
},
{
"category": "product_version",
"name": "libclamav12-1.4.2-3.36.1.i586",
"product": {
"name": "libclamav12-1.4.2-3.36.1.i586",
"product_id": "libclamav12-1.4.2-3.36.1.i586"
}
},
{
"category": "product_version",
"name": "libclammspack0-1.4.2-3.36.1.i586",
"product": {
"name": "libclammspack0-1.4.2-3.36.1.i586",
"product_id": "libclammspack0-1.4.2-3.36.1.i586"
}
},
{
"category": "product_version",
"name": "libfreshclam3-1.4.2-3.36.1.i586",
"product": {
"name": "libfreshclam3-1.4.2-3.36.1.i586",
"product_id": "libfreshclam3-1.4.2-3.36.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "clamav-docs-html-1.4.2-3.36.1.noarch",
"product": {
"name": "clamav-docs-html-1.4.2-3.36.1.noarch",
"product_id": "clamav-docs-html-1.4.2-3.36.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "clamav-1.4.2-3.36.1.ppc64le",
"product": {
"name": "clamav-1.4.2-3.36.1.ppc64le",
"product_id": "clamav-1.4.2-3.36.1.ppc64le"
}
},
{
"category": "product_version",
"name": "clamav-devel-1.4.2-3.36.1.ppc64le",
"product": {
"name": "clamav-devel-1.4.2-3.36.1.ppc64le",
"product_id": "clamav-devel-1.4.2-3.36.1.ppc64le"
}
},
{
"category": "product_version",
"name": "clamav-milter-1.4.2-3.36.1.ppc64le",
"product": {
"name": "clamav-milter-1.4.2-3.36.1.ppc64le",
"product_id": "clamav-milter-1.4.2-3.36.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libclamav12-1.4.2-3.36.1.ppc64le",
"product": {
"name": "libclamav12-1.4.2-3.36.1.ppc64le",
"product_id": "libclamav12-1.4.2-3.36.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libclammspack0-1.4.2-3.36.1.ppc64le",
"product": {
"name": "libclammspack0-1.4.2-3.36.1.ppc64le",
"product_id": "libclammspack0-1.4.2-3.36.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libfreshclam3-1.4.2-3.36.1.ppc64le",
"product": {
"name": "libfreshclam3-1.4.2-3.36.1.ppc64le",
"product_id": "libfreshclam3-1.4.2-3.36.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "clamav-1.4.2-3.36.1.s390x",
"product": {
"name": "clamav-1.4.2-3.36.1.s390x",
"product_id": "clamav-1.4.2-3.36.1.s390x"
}
},
{
"category": "product_version",
"name": "clamav-devel-1.4.2-3.36.1.s390x",
"product": {
"name": "clamav-devel-1.4.2-3.36.1.s390x",
"product_id": "clamav-devel-1.4.2-3.36.1.s390x"
}
},
{
"category": "product_version",
"name": "clamav-milter-1.4.2-3.36.1.s390x",
"product": {
"name": "clamav-milter-1.4.2-3.36.1.s390x",
"product_id": "clamav-milter-1.4.2-3.36.1.s390x"
}
},
{
"category": "product_version",
"name": "libclamav12-1.4.2-3.36.1.s390x",
"product": {
"name": "libclamav12-1.4.2-3.36.1.s390x",
"product_id": "libclamav12-1.4.2-3.36.1.s390x"
}
},
{
"category": "product_version",
"name": "libclammspack0-1.4.2-3.36.1.s390x",
"product": {
"name": "libclammspack0-1.4.2-3.36.1.s390x",
"product_id": "libclammspack0-1.4.2-3.36.1.s390x"
}
},
{
"category": "product_version",
"name": "libfreshclam3-1.4.2-3.36.1.s390x",
"product": {
"name": "libfreshclam3-1.4.2-3.36.1.s390x",
"product_id": "libfreshclam3-1.4.2-3.36.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "clamav-1.4.2-3.36.1.x86_64",
"product": {
"name": "clamav-1.4.2-3.36.1.x86_64",
"product_id": "clamav-1.4.2-3.36.1.x86_64"
}
},
{
"category": "product_version",
"name": "clamav-devel-1.4.2-3.36.1.x86_64",
"product": {
"name": "clamav-devel-1.4.2-3.36.1.x86_64",
"product_id": "clamav-devel-1.4.2-3.36.1.x86_64"
}
},
{
"category": "product_version",
"name": "clamav-milter-1.4.2-3.36.1.x86_64",
"product": {
"name": "clamav-milter-1.4.2-3.36.1.x86_64",
"product_id": "clamav-milter-1.4.2-3.36.1.x86_64"
}
},
{
"category": "product_version",
"name": "libclamav12-1.4.2-3.36.1.x86_64",
"product": {
"name": "libclamav12-1.4.2-3.36.1.x86_64",
"product_id": "libclamav12-1.4.2-3.36.1.x86_64"
}
},
{
"category": "product_version",
"name": "libclammspack0-1.4.2-3.36.1.x86_64",
"product": {
"name": "libclammspack0-1.4.2-3.36.1.x86_64",
"product_id": "libclammspack0-1.4.2-3.36.1.x86_64"
}
},
{
"category": "product_version",
"name": "libfreshclam3-1.4.2-3.36.1.x86_64",
"product": {
"name": "libfreshclam3-1.4.2-3.36.1.x86_64",
"product_id": "libfreshclam3-1.4.2-3.36.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss-extended-security:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "clamav-1.4.2-3.36.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.aarch64"
},
"product_reference": "clamav-1.4.2-3.36.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "clamav-1.4.2-3.36.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.ppc64le"
},
"product_reference": "clamav-1.4.2-3.36.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "clamav-1.4.2-3.36.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.s390x"
},
"product_reference": "clamav-1.4.2-3.36.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "clamav-1.4.2-3.36.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.x86_64"
},
"product_reference": "clamav-1.4.2-3.36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "clamav-devel-1.4.2-3.36.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.aarch64"
},
"product_reference": "clamav-devel-1.4.2-3.36.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "clamav-devel-1.4.2-3.36.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.ppc64le"
},
"product_reference": "clamav-devel-1.4.2-3.36.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "clamav-devel-1.4.2-3.36.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.s390x"
},
"product_reference": "clamav-devel-1.4.2-3.36.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "clamav-devel-1.4.2-3.36.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.x86_64"
},
"product_reference": "clamav-devel-1.4.2-3.36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "clamav-docs-html-1.4.2-3.36.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-docs-html-1.4.2-3.36.1.noarch"
},
"product_reference": "clamav-docs-html-1.4.2-3.36.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "clamav-milter-1.4.2-3.36.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.aarch64"
},
"product_reference": "clamav-milter-1.4.2-3.36.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "clamav-milter-1.4.2-3.36.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.ppc64le"
},
"product_reference": "clamav-milter-1.4.2-3.36.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "clamav-milter-1.4.2-3.36.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.s390x"
},
"product_reference": "clamav-milter-1.4.2-3.36.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "clamav-milter-1.4.2-3.36.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.x86_64"
},
"product_reference": "clamav-milter-1.4.2-3.36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libclamav12-1.4.2-3.36.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.aarch64"
},
"product_reference": "libclamav12-1.4.2-3.36.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libclamav12-1.4.2-3.36.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.ppc64le"
},
"product_reference": "libclamav12-1.4.2-3.36.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libclamav12-1.4.2-3.36.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.s390x"
},
"product_reference": "libclamav12-1.4.2-3.36.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libclamav12-1.4.2-3.36.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.x86_64"
},
"product_reference": "libclamav12-1.4.2-3.36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libclammspack0-1.4.2-3.36.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.aarch64"
},
"product_reference": "libclammspack0-1.4.2-3.36.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libclammspack0-1.4.2-3.36.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.ppc64le"
},
"product_reference": "libclammspack0-1.4.2-3.36.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libclammspack0-1.4.2-3.36.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.s390x"
},
"product_reference": "libclammspack0-1.4.2-3.36.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libclammspack0-1.4.2-3.36.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.x86_64"
},
"product_reference": "libclammspack0-1.4.2-3.36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreshclam3-1.4.2-3.36.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.aarch64"
},
"product_reference": "libfreshclam3-1.4.2-3.36.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreshclam3-1.4.2-3.36.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.ppc64le"
},
"product_reference": "libfreshclam3-1.4.2-3.36.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreshclam3-1.4.2-3.36.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.s390x"
},
"product_reference": "libfreshclam3-1.4.2-3.36.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreshclam3-1.4.2-3.36.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.x86_64"
},
"product_reference": "libfreshclam3-1.4.2-3.36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "clamav-1.4.2-3.36.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-1.4.2-3.36.1.x86_64"
},
"product_reference": "clamav-1.4.2-3.36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "clamav-devel-1.4.2-3.36.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-devel-1.4.2-3.36.1.x86_64"
},
"product_reference": "clamav-devel-1.4.2-3.36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "clamav-docs-html-1.4.2-3.36.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-docs-html-1.4.2-3.36.1.noarch"
},
"product_reference": "clamav-docs-html-1.4.2-3.36.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "clamav-milter-1.4.2-3.36.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-milter-1.4.2-3.36.1.x86_64"
},
"product_reference": "clamav-milter-1.4.2-3.36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libclamav12-1.4.2-3.36.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libclamav12-1.4.2-3.36.1.x86_64"
},
"product_reference": "libclamav12-1.4.2-3.36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libclammspack0-1.4.2-3.36.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libclammspack0-1.4.2-3.36.1.x86_64"
},
"product_reference": "libclammspack0-1.4.2-3.36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreshclam3-1.4.2-3.36.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libfreshclam3-1.4.2-3.36.1.x86_64"
},
"product_reference": "libfreshclam3-1.4.2-3.36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-14679",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14679"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-docs-html-1.4.2-3.36.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-devel-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-docs-html-1.4.2-3.36.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-milter-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libclamav12-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libclammspack0-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libfreshclam3-1.4.2-3.36.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14679",
"url": "https://www.suse.com/security/cve/CVE-2018-14679"
},
{
"category": "external",
"summary": "SUSE Bug 1102922 for CVE-2018-14679",
"url": "https://bugzilla.suse.com/1102922"
},
{
"category": "external",
"summary": "SUSE Bug 1103032 for CVE-2018-14679",
"url": "https://bugzilla.suse.com/1103032"
},
{
"category": "external",
"summary": "SUSE Bug 1103040 for CVE-2018-14679",
"url": "https://bugzilla.suse.com/1103040"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-docs-html-1.4.2-3.36.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-devel-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-docs-html-1.4.2-3.36.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-milter-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libclamav12-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libclammspack0-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libfreshclam3-1.4.2-3.36.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-docs-html-1.4.2-3.36.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-devel-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-docs-html-1.4.2-3.36.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-milter-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libclamav12-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libclammspack0-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libfreshclam3-1.4.2-3.36.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T09:39:50Z",
"details": "low"
}
],
"title": "CVE-2018-14679"
},
{
"cve": "CVE-2023-20197",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-20197"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability in the filesystem image parser for Hierarchical File System Plus (HFS+) of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r This vulnerability is due to an incorrect check for completion when a file is decompressed, which may result in a loop condition that could cause the affected software to stop responding. An attacker could exploit this vulnerability by submitting a crafted HFS+ filesystem image to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to stop responding, resulting in a DoS condition on the affected software and consuming available system resources.\r\n\r For a description of this vulnerability, see the ClamAV blog .",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-docs-html-1.4.2-3.36.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-devel-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-docs-html-1.4.2-3.36.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-milter-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libclamav12-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libclammspack0-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libfreshclam3-1.4.2-3.36.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-20197",
"url": "https://www.suse.com/security/cve/CVE-2023-20197"
},
{
"category": "external",
"summary": "SUSE Bug 1214342 for CVE-2023-20197",
"url": "https://bugzilla.suse.com/1214342"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-docs-html-1.4.2-3.36.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-devel-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-docs-html-1.4.2-3.36.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-milter-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libclamav12-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libclammspack0-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libfreshclam3-1.4.2-3.36.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-docs-html-1.4.2-3.36.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-devel-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-docs-html-1.4.2-3.36.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-milter-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libclamav12-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libclammspack0-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libfreshclam3-1.4.2-3.36.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T09:39:50Z",
"details": "important"
}
],
"title": "CVE-2023-20197"
},
{
"cve": "CVE-2024-20380",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-20380"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\nThe vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this vulnerability by submitting a crafted file containing HTML content to be scanned by ClamAV on an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-docs-html-1.4.2-3.36.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-devel-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-docs-html-1.4.2-3.36.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-milter-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libclamav12-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libclammspack0-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libfreshclam3-1.4.2-3.36.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-20380",
"url": "https://www.suse.com/security/cve/CVE-2024-20380"
},
{
"category": "external",
"summary": "SUSE Bug 1223132 for CVE-2024-20380",
"url": "https://bugzilla.suse.com/1223132"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-docs-html-1.4.2-3.36.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-devel-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-docs-html-1.4.2-3.36.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-milter-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libclamav12-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libclammspack0-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libfreshclam3-1.4.2-3.36.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-docs-html-1.4.2-3.36.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-devel-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-docs-html-1.4.2-3.36.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-milter-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libclamav12-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libclammspack0-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libfreshclam3-1.4.2-3.36.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T09:39:50Z",
"details": "important"
}
],
"title": "CVE-2024-20380"
},
{
"cve": "CVE-2024-20505",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-20505"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThe vulnerability is due to an out of bounds read. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device. An exploit could allow the attacker to terminate the scanning process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-docs-html-1.4.2-3.36.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-devel-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-docs-html-1.4.2-3.36.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-milter-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libclamav12-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libclammspack0-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libfreshclam3-1.4.2-3.36.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-20505",
"url": "https://www.suse.com/security/cve/CVE-2024-20505"
},
{
"category": "external",
"summary": "SUSE Bug 1230161 for CVE-2024-20505",
"url": "https://bugzilla.suse.com/1230161"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-docs-html-1.4.2-3.36.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-devel-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-docs-html-1.4.2-3.36.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-milter-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libclamav12-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libclammspack0-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libfreshclam3-1.4.2-3.36.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-docs-html-1.4.2-3.36.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-devel-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-docs-html-1.4.2-3.36.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-milter-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libclamav12-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libclammspack0-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libfreshclam3-1.4.2-3.36.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T09:39:50Z",
"details": "important"
}
],
"title": "CVE-2024-20505"
},
{
"cve": "CVE-2024-20506",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-20506"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability in the ClamD service module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an authenticated, local attacker to corrupt critical system files.\r\n\r\nThe vulnerability is due to allowing the ClamD process to write to its log file while privileged without checking if the logfile has been replaced with a symbolic link. An attacker could exploit this vulnerability if they replace the ClamD log file with a symlink to a critical system file and then find a way to restart the ClamD process. An exploit could allow the attacker to corrupt a critical system file by appending ClamD log messages after restart.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-docs-html-1.4.2-3.36.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-devel-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-docs-html-1.4.2-3.36.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-milter-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libclamav12-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libclammspack0-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libfreshclam3-1.4.2-3.36.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-20506",
"url": "https://www.suse.com/security/cve/CVE-2024-20506"
},
{
"category": "external",
"summary": "SUSE Bug 1230162 for CVE-2024-20506",
"url": "https://bugzilla.suse.com/1230162"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-docs-html-1.4.2-3.36.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-devel-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-docs-html-1.4.2-3.36.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-milter-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libclamav12-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libclammspack0-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libfreshclam3-1.4.2-3.36.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-docs-html-1.4.2-3.36.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-devel-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-docs-html-1.4.2-3.36.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-milter-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libclamav12-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libclammspack0-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libfreshclam3-1.4.2-3.36.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T09:39:50Z",
"details": "moderate"
}
],
"title": "CVE-2024-20506"
},
{
"cve": "CVE-2025-20128",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-20128"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThis vulnerability is due to an integer underflow in a bounds check that allows for a heap buffer overflow read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software.\r\nFor a description of this vulnerability, see the .\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-docs-html-1.4.2-3.36.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-devel-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-docs-html-1.4.2-3.36.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-milter-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libclamav12-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libclammspack0-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libfreshclam3-1.4.2-3.36.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-20128",
"url": "https://www.suse.com/security/cve/CVE-2025-20128"
},
{
"category": "external",
"summary": "SUSE Bug 1236307 for CVE-2025-20128",
"url": "https://bugzilla.suse.com/1236307"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-docs-html-1.4.2-3.36.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-devel-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-docs-html-1.4.2-3.36.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-milter-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libclamav12-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libclammspack0-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libfreshclam3-1.4.2-3.36.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-devel-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-docs-html-1.4.2-3.36.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:clamav-milter-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclamav12-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libclammspack0-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libfreshclam3-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-devel-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-docs-html-1.4.2-3.36.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:clamav-milter-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libclamav12-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libclammspack0-1.4.2-3.36.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libfreshclam3-1.4.2-3.36.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T09:39:50Z",
"details": "moderate"
}
],
"title": "CVE-2025-20128"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…