<div class="container">
<h1>Security update for clamav</h1>
<table class="table table-striped table-bordered">
<tbody>
<tr>
<th>Announcement ID:</th>
<td>SUSE-SU-2025:0327-1</td>
</tr>
<tr>
<th>Release Date:</th>
<td>2025-02-03T09:39:44Z</td>
</tr>
<tr>
<th>Rating:</th>
<td>important</td>
</tr>
<tr>
<th>References:</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1102840">bsc#1102840</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1103032">bsc#1103032</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1180296">bsc#1180296</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1202986">bsc#1202986</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1211594">bsc#1211594</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214342">bsc#1214342</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1232242">bsc#1232242</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1236307">bsc#1236307</a>
</li>
<li style="display: inline;">
<a href="https://jira.suse.com/browse/PED-4596">jsc#PED-4596</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>
Cross-References:
</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2018-14679.html">CVE-2018-14679</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-20197.html">CVE-2023-20197</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-20380.html">CVE-2024-20380</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-20505.html">CVE-2024-20505</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-20506.html">CVE-2024-20506</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2025-20128.html">CVE-2025-20128</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>CVSS scores:</th>
<td>
<ul class="list-group">
<li class="list-group-item">
<span class="cvss-reference">CVE-2018-14679</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">4.4</span>
<span class="cvss-vector">CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2018-14679</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">6.5</span>
<span class="cvss-vector">CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-20197</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">7.5</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-20197</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">7.5</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-20380</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">7.5</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-20505</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">8.7</span>
<span class="cvss-vector">CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-20505</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">7.5</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-20505</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">4.0</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-20505</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">7.5</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-20506</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">6.8</span>
<span class="cvss-vector">CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-20506</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">6.5</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-20506</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">6.1</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-20506</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">6.1</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2025-20128</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">6.8</span>
<span class="cvss-vector">CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2025-20128</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">5.5</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2025-20128</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">5.3</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2025-20128</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">5.3</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L</span>
</li>
</ul>
</td>
</tr>
<tr>
<th>Affected Products:</th>
<td>
<ul class="list-group">
<li class="list-group-item">Basesystem Module 15-SP6</li>
<li class="list-group-item">openSUSE Leap 15.6</li>
<li class="list-group-item">SUSE Linux Enterprise Desktop 15 SP6</li>
<li class="list-group-item">SUSE Linux Enterprise Real Time 15 SP6</li>
<li class="list-group-item">SUSE Linux Enterprise Server 15 SP6</li>
<li class="list-group-item">SUSE Linux Enterprise Server for SAP Applications 15 SP6</li>
</ul>
</td>
</tr>
</tbody>
</table>
<p>An update that solves six vulnerabilities, contains one feature and has two security fixes can now be installed.</p>
<h2>Description:</h2>
<p>This update for clamav fixes the following issues:</p>
<p>New version 1.4.2:</p>
<ul>
<li>
<p>CVE-2025-20128, bsc#1236307: Fixed a possible buffer overflow
read bug in the OLE2 file parser that could cause a
denial-of-service (DoS) condition. </p>
</li>
<li>
<p>Start clamonacc with --fdpass to avoid errors due to
clamd not being able to access user files. (bsc#1232242)</p>
</li>
<li>
<p>New version 1.4.1:</p>
</li>
<li>
<p>https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html</p>
</li>
<li>
<p>New version 1.4.0:</p>
</li>
<li>
<p>Added support for extracting ALZ archives.</p>
</li>
<li>Added support for extracting LHA/LZH archives.</li>
<li>Added the ability to disable image fuzzy hashing, if needed.
For context, image fuzzy hashing is a detection mechanism
useful for identifying malware by matching images included with
the malware or phishing email/document.</li>
<li>
<p>https://blog.clamav.net/2024/08/clamav-140-feature-release-and-clamav.html</p>
</li>
<li>
<p>New version 1.3.2:</p>
</li>
<li>
<p>CVE-2024-20506: Changed the logging module to disable following
symlinks on Linux and Unix systems so as to prevent an attacker
with existing access to the 'clamd' or 'freshclam' services from
using a symlink to corrupt system files.</p>
</li>
<li>CVE-2024-20505: Fixed a possible out-of-bounds read bug in the PDF
file parser that could cause a denial-of-service condition.</li>
<li>Removed unused Python modules from freshclam tests including
deprecated 'cgi' module that is expected to cause test failures in
Python 3.13.</li>
<li>Fix unit test caused by expiring signing certificate.</li>
<li>Fixed a build issue on Windows with newer versions of Rust. Also
upgraded GitHub Actions imports to fix CI failures.</li>
<li>Fixed an unaligned pointer dereference issue on select architectures.</li>
<li>
<p>Fixes to Jenkins CI pipeline.</p>
</li>
<li>
<p>New Version: 1.3.1:</p>
</li>
<li>
<p>CVE-2024-20380: Fixed a possible crash in the HTML file parser
that could cause a denial-of-service (DoS) condition.</p>
</li>
<li>Updated select Rust dependencies to the latest versions.</li>
<li>Fixed a bug causing some text to be truncated when converting
from UTF-16.</li>
<li>Fixed assorted complaints identified by Coverity static
analysis.</li>
<li>Fixed a bug causing CVDs downloaded by the DatabaseCustomURL</li>
<li>
<p>Added the new 'valhalla' database name to the list of optional
databases in preparation for future work.</p>
</li>
<li>
<p>New version: 1.3.0:</p>
</li>
<li>
<p>Added support for extracting and scanning attachments found in
Microsoft OneNote section files. OneNote parsing will be
enabled by default, but may be optionally disabled.</p>
</li>
<li>Added file type recognition for compiled Python ('.pyc') files.</li>
<li>Improved support for decrypting PDFs with empty passwords.</li>
<li>Fixed a warning when scanning some HTML files.</li>
<li>ClamOnAcc: Fixed an infinite loop when a watched directory
does not exist.</li>
<li>
<p>ClamOnAcc: Fixed an infinite loop when a file has been deleted
before a scan.</p>
</li>
<li>
<p>New version: 1.2.0:</p>
</li>
<li>
<p>Added support for extracting Universal Disk Format (UDF)
partitions.</p>
</li>
<li>Added an option to customize the size of ClamAV's clean file
cache.</li>
<li>Raised the MaxScanSize limit so the total amount of data
scanned when scanning a file or archive may exceed 4 gigabytes.</li>
<li>Added ability for Freshclam to use a client certificate PEM
file and a private key PEM file for authentication to a private
mirror.</li>
<li>Fix an issue extracting files from ISO9660 partitions where the
files are listed in the plain ISO tree and there also exists an
empty Joliet tree.</li>
<li>PID and socket are now located under /run/clamav/clamd.pid and
/run/clamav/clamd.sock .</li>
<li>
<p>bsc#1211594: Fixed an issue where ClamAV does not abort the
signature load process after partially loading an invalid
signature.</p>
</li>
<li>
<p>New version 1.1.0:</p>
</li>
<li>
<p>https://blog.clamav.net/2023/05/clamav-110-released.html</p>
</li>
<li>Added the ability to extract images embedded in HTML CSS
<style> blocks.</li>
<li>Updated to Sigtool so that the '--vba' option will extract VBA
code from Microsoft Office documents the same way that
libclamav extracts VBA.</li>
<li>Added a new option --fail-if-cvd-older-than=days to clamscan
and clamd, and FailIfCvdOlderThan to clamd.conf</li>
<li>Added a new function 'cl_cvdgetage()' to the libclamav API.</li>
<li>Added a new function 'cl_engine_set_clcb_vba()' to the
libclamav API.</li>
<li>bsc#1180296: Integrate clamonacc as a service.</li>
<li>New version 1.0.1 LTS (including changes in 0.104 and 0.105):</li>
<li>As of ClamAV 0.104, CMake is required to build ClamAV.</li>
<li>As of ClamAV 0.105, Rust is now required to compile ClamAV.</li>
<li>Increased the default limits for file and scan size:<ul>
<li>MaxScanSize: 100M to 400M</li>
<li>MaxFileSize: 25M to 100M</li>
<li>StreamMaxLength: 25M to 100M</li>
<li>PCREMaxFileSize: 25M to 100M</li>
<li>MaxEmbeddedPE: 10M to 40M</li>
<li>MaxHTMLNormalize: 10M to 40M</li>
<li>MaxScriptNormalize: 5M to 20M</li>
<li>MaxHTMLNoTags: 2M to 8M</li>
</ul>
</li>
<li>Added image fuzzy hash subsignatures for logical signatures.</li>
<li>Support for decrypting read-only OLE2-based XLS files that are
encrypted with the default password.</li>
<li>Overhauled the implementation of the all-match feature.</li>
<li>Added a new callback to the public API for inspecting file
content during a scan at each layer of archive extraction.</li>
<li>Added a new function to the public API for unpacking CVD
signature archives.</li>
<li>The option to build with an external TomsFastMath library has
been removed. ClamAV requires non-default build options for
TomsFastMath to support bigger floating point numbers.</li>
<li>For a full list of changes see the release announcements:<ul>
<li>https://blog.clamav.net/2022/11/clamav-100-lts-released.html</li>
<li>https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html</li>
<li>https://blog.clamav.net/2021/09/clamav-01040-released.html</li>
</ul>
</li>
<li>
<p>Build clamd with systemd support.</p>
</li>
<li>
<p>CVE-2023-20197: Fixed a possible denial of service vulnerability in
the HFS+ file parser. (bsc#1214342)</p>
</li>
<li>
<p>CVE-2018-14679: Fixed that an issue was discovered in mspack/chmd.c
in libmspack before 0.7alpha. There isan off-by-one error in the CHM
PMGI/PMGL chunk number validity checks, which could lead to denial of
service (uninitialized da (bsc#1103032)</p>
</li>
<li>
<p>Package huge .html documentation in a separate subpackage.</p>
</li>
<li>
<p>Update to 0.103.7 (bsc#1202986)</p>
</li>
<li>
<p>Zip parser: tolerate 2-byte overlap in file entries</p>
</li>
<li>Fix bug with logical signature Intermediates feature</li>
<li>Update to UnRAR v6.1.7</li>
<li>Patch UnRAR: allow skipping files in solid archives</li>
<li>
<p>Patch UnRAR: limit dict winsize to 1GB</p>
</li>
<li>
<p>Use a split-provides for clamav-milter instead of recommending it.</p>
</li>
<li>Package clamav-milter in a subpackage</li>
<li>Remove virus signatures upon uninstall</li>
<li>Check for database existence before starting clamd</li>
<li>Restart clamd when it exits</li>
<li>Don't daemonize freshclam, but use a systemd timer instead to
trigger updates</li>
</ul>
<h2>Patch Instructions:</h2>
<p>
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".<br/>
Alternatively you can run the command listed for your product:
</p>
<ul class="list-group">
<li class="list-group-item">
openSUSE Leap 15.6
<br/>
<code>zypper in -t patch SUSE-2025-327=1 openSUSE-SLE-15.6-2025-327=1</code>
</li>
<li class="list-group-item">
Basesystem Module 15-SP6
<br/>
<code>zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-327=1</code>
</li>
</ul>
<h2>Package List:</h2>
<ul>
<li>
openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
<ul>
<li>clamav-1.4.2-150600.18.6.1</li>
<li>libfreshclam3-debuginfo-1.4.2-150600.18.6.1</li>
<li>libclamav12-1.4.2-150600.18.6.1</li>
<li>clamav-devel-1.4.2-150600.18.6.1</li>
<li>libclammspack0-debuginfo-1.4.2-150600.18.6.1</li>
<li>clamav-debuginfo-1.4.2-150600.18.6.1</li>
<li>libfreshclam3-1.4.2-150600.18.6.1</li>
<li>libclamav12-debuginfo-1.4.2-150600.18.6.1</li>
<li>clamav-debugsource-1.4.2-150600.18.6.1</li>
<li>libclammspack0-1.4.2-150600.18.6.1</li>
<li>clamav-milter-debuginfo-1.4.2-150600.18.6.1</li>
<li>clamav-milter-1.4.2-150600.18.6.1</li>
</ul>
</li>
<li>
openSUSE Leap 15.6 (noarch)
<ul>
<li>clamav-docs-html-1.4.2-150600.18.6.1</li>
</ul>
</li>
<li>
Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
<ul>
<li>clamav-1.4.2-150600.18.6.1</li>
<li>libfreshclam3-debuginfo-1.4.2-150600.18.6.1</li>
<li>libclamav12-1.4.2-150600.18.6.1</li>
<li>clamav-devel-1.4.2-150600.18.6.1</li>
<li>libclammspack0-debuginfo-1.4.2-150600.18.6.1</li>
<li>clamav-debuginfo-1.4.2-150600.18.6.1</li>
<li>libfreshclam3-1.4.2-150600.18.6.1</li>
<li>libclamav12-debuginfo-1.4.2-150600.18.6.1</li>
<li>clamav-debugsource-1.4.2-150600.18.6.1</li>
<li>libclammspack0-1.4.2-150600.18.6.1</li>
<li>clamav-milter-debuginfo-1.4.2-150600.18.6.1</li>
<li>clamav-milter-1.4.2-150600.18.6.1</li>
</ul>
</li>
<li>
Basesystem Module 15-SP6 (noarch)
<ul>
<li>clamav-docs-html-1.4.2-150600.18.6.1</li>
</ul>
</li>
</ul>
<h2>References:</h2>
<ul>
<li>
<a href="https://www.suse.com/security/cve/CVE-2018-14679.html">https://www.suse.com/security/cve/CVE-2018-14679.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-20197.html">https://www.suse.com/security/cve/CVE-2023-20197.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-20380.html">https://www.suse.com/security/cve/CVE-2024-20380.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-20505.html">https://www.suse.com/security/cve/CVE-2024-20505.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-20506.html">https://www.suse.com/security/cve/CVE-2024-20506.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2025-20128.html">https://www.suse.com/security/cve/CVE-2025-20128.html</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1102840">https://bugzilla.suse.com/show_bug.cgi?id=1102840</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1103032">https://bugzilla.suse.com/show_bug.cgi?id=1103032</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1180296">https://bugzilla.suse.com/show_bug.cgi?id=1180296</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1202986">https://bugzilla.suse.com/show_bug.cgi?id=1202986</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1211594">https://bugzilla.suse.com/show_bug.cgi?id=1211594</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214342">https://bugzilla.suse.com/show_bug.cgi?id=1214342</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1232242">https://bugzilla.suse.com/show_bug.cgi?id=1232242</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1236307">https://bugzilla.suse.com/show_bug.cgi?id=1236307</a>
</li>
<li>
<a href="https://jira.suse.com/browse/PED-4596">https://jira.suse.com/browse/PED-4596</a>
</li>
</ul>
</div>