- Update to version 0.100.0 (bsc#1089502):
* Add interfaces to the Prelude SIEM open source package for
collecting ClamAV virus events.
* Support libmspack internal code or as a shared object
library. The internal library is the default and includes
modifications to enable parsing of CAB files that do not
entirely adhere to the CAB file format.
* Link with OpenSSL 1.1.0.
* Deprecate of the AllowSupplementaryGroups parameter
statement in clamd, clamav-milter, and freshclam.
Use of supplementary is now in effect by default.
* Deprecate internal LLVM code support.
* Compute and check PE import table hash (a.k.a. "imphash")
signatures.
* Support file property collection and analysis for MHTML files.
* Raw scanning of PostScript files.
* Fix clamsubmit to use the new virus and false positive
submission web interface.
* Optionally, flag files with the virus
"Heuristic.Limits.Exceeded" when size limitations are exceeded.
* Improved decoders for PDF files.
* Reduced number of compile time warnings.
* Improved support for C++11.
* Improved detection of system installed libraries.
* Fixes to ClamAV's Container system and the introduction of
Intermediates for more descriptive signatures.
* Improvements to clamd's On-Access scanning capabilities
for Linux.
* Obsoletes clamav-fix_newer_zlib.patch
- Update key ring and add signature file.
OBS-URL: https://build.opensuse.org/request/show/601641
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/clamav?expand=0&rev=94
the versions we have are too new and the performance gain over
the byte code interpreter are negligable, according to upstream.
- Put libclammspack0 into its own subpackage to follow the letter
of the shlib packaging policy, even though it really makes no
sense here.
OBS-URL: https://build.opensuse.org/package/show/security/clamav?expand=0&rev=166
collecting ClamAV virus events.
* Support libmspack internal code or as a shared object
library. The internal library is the default and includes
modifications to enable parsing of CAB files that do not
entirely adhere to the CAB file format.
* Link with OpenSSL 1.1.0.
* Deprecate of the AllowSupplementaryGroups parameter
statement in clamd, clamav-milter, and freshclam.
Use of supplementary is now in effect by default.
* Deprecate internal LLVM code support.
* Compute and check PE import table hash (a.k.a. "imphash")
signatures.
* Support file property collection and analysis for MHTML files.
* Raw scanning of PostScript files.
* Fix clamsubmit to use the new virus and false positive
submission web interface.
* Optionally, flag files with the virus
"Heuristic.Limits.Exceeded" when size limitations are exceeded.
* Improved decoders for PDF files.
* Reduced number of compile time warnings.
* Improved support for C++11.
* Improved detection of system installed libraries.
* Fixes to ClamAV's Container system and the introduction of
Intermediates for more descriptive signatures.
* Improvements to clamd's On-Access scanning capabilities
for Linux.
- Use system-wide LLVM instead of the deprecated bundled one.
- Move pkgconfig stuff the main to the devel package.
OBS-URL: https://build.opensuse.org/package/show/security/clamav?expand=0&rev=162
* FIXME: Add upstream changes here before submitting to Factory.
* Obsoletes clamav-fix_newer_zlib.patch
- Update key ring and add signature file.
- Remove the logic around building the embedded llvm as the
system-wide llvm is now auto-detected and used.
- Move pc files from the main to the devel package.
OBS-URL: https://build.opensuse.org/package/show/security/clamav?expand=0&rev=161
- Update to security release 0.99.3 (bsc#1077732)
* CVE-2017-12376 (ClamAV Buffer Overflow in handle_pdfname Vulnerability)
* CVE-2017-12377 (ClamAV Mew Packet Heap Overflow Vulnerability)
* CVE-2017-12379 (ClamAV Buffer Overflow in messageAddArgument Vulnerability)
- these vulnerabilities could have allowed an unauthenticated,
remote attacker to cause a denial of service (DoS) condition
or potentially execute arbitrary code on an affected device.
* CVE-2017-12374 (ClamAV use-after-free Vulnerabilities)
* CVE-2017-12375 (ClamAV Buffer Overflow Vulnerability)
* CVE-2017-12378 (ClamAV Buffer Over Read Vulnerability)
* CVE-2017-12380 (ClamAV Null Dereference Vulnerability)
- these vulnerabilities could have allowed an unauthenticated,
remote attacker to cause a denial of service (DoS) condition on an affected device.
* CVE-2017-6420 (bsc#1052448)
- this vulnerability allowed remote attackers to cause a denial of service
(use-after-free) via a crafted PE file with WWPack compression.
* CVE-2017-6419 (bsc#1052449)
- ClamAV allowed remote attackers to cause a denial of service
(heap-based buffer overflow and application crash) or possibly
have unspecified other impact via a crafted CHM file.
* CVE-2017-11423 (bsc#1049423)
- The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha
allowed remote attackers to cause a denial of service
(stack-based buffer over-read and application crash) via a crafted CAB file.
* CVE-2017-6418 (bsc#1052466)
- ClamAV 0.99.2 allowed remote attackers to cause a denial
of service (out-of-bounds read) via a crafted e-mail message.
- drop clamav-0.99.2-openssl-1.1.patch (upstream) (forwarded request 569976 from vitezslav_cizek)
OBS-URL: https://build.opensuse.org/request/show/569980
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/clamav?expand=0&rev=90
- Update to security release 0.99.3 (bsc#1077732)
* CVE-2017-12376 (ClamAV Buffer Overflow in handle_pdfname Vulnerability)
* CVE-2017-12377 (ClamAV Mew Packet Heap Overflow Vulnerability)
* CVE-2017-12379 (ClamAV Buffer Overflow in messageAddArgument Vulnerability)
- these vulnerabilities could have allowed an unauthenticated,
remote attacker to cause a denial of service (DoS) condition
or potentially execute arbitrary code on an affected device.
* CVE-2017-12374 (ClamAV use-after-free Vulnerabilities)
* CVE-2017-12375 (ClamAV Buffer Overflow Vulnerability)
* CVE-2017-12378 (ClamAV Buffer Over Read Vulnerability)
* CVE-2017-12380 (ClamAV Null Dereference Vulnerability)
- these vulnerabilities could have allowed an unauthenticated,
remote attacker to cause a denial of service (DoS) condition on an affected device.
* CVE-2017-6420 (bsc#1052448)
- this vulnerability allowed remote attackers to cause a denial of service
(use-after-free) via a crafted PE file with WWPack compression.
* CVE-2017-6419 (bsc#1052449)
- ClamAV allowed remote attackers to cause a denial of service
(heap-based buffer overflow and application crash) or possibly
have unspecified other impact via a crafted CHM file.
* CVE-2017-11423 (bsc#1049423)
- The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha
allowed remote attackers to cause a denial of service
(stack-based buffer over-read and application crash) via a crafted CAB file.
* CVE-2017-6418 (bsc#1052466)
- ClamAV 0.99.2 allowed remote attackers to cause a denial
of service (out-of-bounds read) via a crafted e-mail message.
- drop clamav-0.99.2-openssl-1.1.patch (upstream)
OBS-URL: https://build.opensuse.org/request/show/569976
OBS-URL: https://build.opensuse.org/package/show/security/clamav?expand=0&rev=151
- Update to version 0.99.2 (bsc#978459)
* 7z: fix for FolderStartPackStreamIndex array index heck
* print all CDBNAME entries for a zip file when using the -z
flag.
* try to minimize the err cleanup path
* clamunrar: notice if unpacking comment failed
* signature manual update.
* use temp var for realloc to prevent pointer loss.
* fix debug VI hex truncation
* freshclam: avoid random data in mirrors.dat.
* libclamav: print raw certificate metadata
* freshclam manager check return code of strdup.
* additional suppress IP notification when using proxy
* fix download and verification of *.cld through PrivateMirrors
* suppress IP notification when using proxy
* remove redundant mempool assignment
* divide out dumpcerts output for better readability
* fix dconf and option handling for nocert and dumpcert
* patch by Jim Morris to increase clamd's soft file descriptor to
its potential maximum on 64-bit systems
* Move libfreshclam config to m4/reorganization.
* adding libfreshclam
* Add 'cdb' datafile to sigtools list of datafile types.
* NULL pointer check.
* malloc() NULL pointer check.
* clamscan 'block-macros' option.
* initialize cpio name buffer
* initialize mspack decompression buffers
* prevent memory allocations on used pointers (folder objects)
* prevent memory allocations on used pointers (boolvectors)
OBS-URL: https://build.opensuse.org/request/show/404154
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/clamav?expand=0&rev=83
- Version 0.98.7 fixes several security issues (bsc#929192) and
other bug fixes/improvements:
* Fix crash in upx decoder with crafted file. Discovered and
patch supplied by Sebastian Andrzej Siewior. CVE-2015-2170.
* Fix infinite loop condition on crafted y0da cryptor
file. Identified and patch suggested by Sebastian Andrzej
Siewior. CVE-2015-2221.
* Fix crash on crafted petite packed file. Reported and patch
supplied by Sebastian Andrzej Siewior. CVE-2015-2222.
* Fix an infinite loop condition on a crafted "xz" archive file.
This was reported by Dimitri Kirchner and Goulven Guiheux.
CVE-2015-2668.
* Apply upstream patch for possible heap overflow in Henry
Spencer's regex library. CVE-2015-2305.
* Fix false negatives on files within iso9660 containers. This
issue was reported by Minzhuan Gong.
* Fix a couple crashes on crafted upack packed file. Identified
and patches supplied by Sebastian Andrzej Siewior.
* Fix a crash during algorithmic detection on crafted PE file.
Identified and patch supplied by Sebastian Andrzej Siewior.
* Fix compilation error after ./configure --disable-pthreads.
Reported and fix suggested by John E. Krokes.
* Fix segfault scanning certain HTML files. Reported with sample
by Kai Risku.
* Improve detections within xar/pkg files.
* Improvements to PDF processing: decryption, escape sequence
handling, and file property collection.
* Scanning/analysis of additional Microsoft Office 2003 XML
format.
OBS-URL: https://build.opensuse.org/request/show/305579
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/clamav?expand=0&rev=76
