SUSE-RU-2016:1477-1: moderate: Recommended update for clamav

sle-updates at lists.suse.com sle-updates at lists.suse.com
Thu Jun 2 07:08:56 MDT 2016 

   SUSE Recommended Update: Recommended update for clamav
______________________________________________________________________________

Announcement ID:    SUSE-RU-2016:1477-1
Rating:             moderate
References:         #978459 
Affected Products:
                    SUSE Linux Enterprise Server 12-SP1
                    SUSE Linux Enterprise Server 12
                    SUSE Linux Enterprise Desktop 12-SP1
                    SUSE Linux Enterprise Desktop 12
______________________________________________________________________________

   An update that has one recommended fix can now be installed.

Description:


   ClamAV was updated to version 0.99.2, which brings fixes and enhancements:

   - Fix 7z's FolderStartPackStreamIndex array index check.
   - Print all CDBNAME entries for a zip file when using the -z flag.
   - clamunrar: Notice if unpacking comment failed.
   - Use temporary variable for realloc to prevent pointer loss.
   - freshclam: Avoid random data in mirrors.dat.
   - libclamav: Print raw certificate metadata.
   - Fix download and verification of *.cld through PrivateMirrors.
   - Suppress IP notification when using proxy.
   - Remove redundant mempool assignment.
   - Divide out dumpcerts output for better readability.
   - Fix dconf and option handling for nocert and dumpcert.
   - Increase clamd's soft file descriptor to its potential maximum on 64-bit
     systems.
   - Move libfreshclam config to m4/reorganization.
   - Add 'cdb' datafile to sigtools list of datafile types.
   - Prevent memory allocations on used pointers.
   - Check packSizes prior to dereference
   - Fix inconsistent folder state on failure.
   - Add sanity checks to 7z header parsing.

   For a comprehensive list of fixes please refer to the package's change log.


Patch Instructions:

   To install this SUSE Recommended Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 12-SP1:

      zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-877=1

   - SUSE Linux Enterprise Server 12:

      zypper in -t patch SUSE-SLE-SERVER-12-2016-877=1

   - SUSE Linux Enterprise Desktop 12-SP1:

      zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-877=1

   - SUSE Linux Enterprise Desktop 12:

      zypper in -t patch SUSE-SLE-DESKTOP-12-2016-877=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64):

      clamav-0.99.2-25.1
      clamav-debuginfo-0.99.2-25.1
      clamav-debugsource-0.99.2-25.1

   - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64):

      clamav-0.99.2-25.1
      clamav-debuginfo-0.99.2-25.1
      clamav-debugsource-0.99.2-25.1

   - SUSE Linux Enterprise Desktop 12-SP1 (x86_64):

      clamav-0.99.2-25.1
      clamav-debuginfo-0.99.2-25.1
      clamav-debugsource-0.99.2-25.1

   - SUSE Linux Enterprise Desktop 12 (x86_64):

      clamav-0.99.2-25.1
      clamav-debuginfo-0.99.2-25.1
      clamav-debugsource-0.99.2-25.1


References:

   https://bugzilla.suse.com/978459

More information about the sle-updates mailing list