Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
aports
aports
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 676
    • Issues 676
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 204
    • Merge Requests 204
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Incidents
    • Environments
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • alpine
  • aportsaports
  • Issues
  • #9687

Closed
Open
Opened Nov 26, 2018 by Alicha CH@alichaReporter

[3.7] clamav: Multiple vulnerabilities (CVE-2018-15378, CVE-2018-14680, CVE-2018-14681, CVE-2018-14682)

Fixes for the following ClamAV vulnerabilities:

CVE-2018-15378: Vulnerability in ClamAV’s MEW unpacking feature that could allow an unauthenticated,
remote attacker to cause a denial of service (DoS) condition on an affected device.

Fixes for the following vulnerabilities in bundled third-party libraries:

CVE-2018-14680: An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.
CVE-2018-14681: An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.
CVE-2018-14682: An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.

Fixed In Version:

clamav 0.100.2

References:

https://github.com/Cisco-Talos/clamav-devel/blob/dev/0.100/NEWS.md\#01002
http://lists.clamav.net/pipermail/clamav-announce/2018/000033.html

(from redmine: issue id 9687, created on 2018-11-26, closed on 2018-11-28)

  • Relations:
    • parent #9684 (closed)
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information
Assignee
Assign to
3.7.2
Milestone
3.7.2
Assign milestone
Time tracking
None
Due date
None
Reference: alpine/aports#9687