SUSE-RU-2016:1422-1: moderate: Recommended update for clamav

sle-updates at lists.suse.com sle-updates at lists.suse.com
Fri May 27 07:15:28 MDT 2016 

   SUSE Recommended Update: Recommended update for clamav
______________________________________________________________________________

Announcement ID:    SUSE-RU-2016:1422-1
Rating:             moderate
References:         #978459 
Affected Products:
                    SUSE Linux Enterprise Server 11-SP4
                    SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________

   An update that has one recommended fix can now be installed.

Description:


   ClamAV was updated to version 0.99.2, which brings fixes and enhancements:

   - Fix 7z's FolderStartPackStreamIndex array index check.
   - Print all CDBNAME entries for a zip file when using the -z flag.
   - clamunrar: Notice if unpacking comment failed.
   - Use temporary variable for realloc to prevent pointer loss.
   - freshclam: Avoid random data in mirrors.dat.
   - libclamav: Print raw certificate metadata.
   - Fix download and verification of *.cld through PrivateMirrors.
   - Suppress IP notification when using proxy.
   - Remove redundant mempool assignment.
   - Divide out dumpcerts output for better readability.
   - Fix dconf and option handling for nocert and dumpcert.
   - Increase clamd's soft file descriptor to its potential maximum on 64-bit
     systems.
   - Move libfreshclam config to m4/reorganization.
   - Add 'cdb' datafile to sigtools list of datafile types.
   - Prevent memory allocations on used pointers.
   - Check packSizes prior to dereference
   - Fix inconsistent folder state on failure.
   - Add sanity checks to 7z header parsing.

   For a comprehensive list of fixes please refer to the package's change log.


Patch Instructions:

   To install this SUSE Recommended Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11-SP4:

      zypper in -t patch slessp4-clamav-12580=1

   - SUSE Linux Enterprise Debuginfo 11-SP4:

      zypper in -t patch dbgsp4-clamav-12580=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      clamav-0.99.2-0.14.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      clamav-debuginfo-0.99.2-0.14.1
      clamav-debugsource-0.99.2-0.14.1


References:

   https://bugzilla.suse.com/978459

More information about the sle-updates mailing list