Detections
Analytics

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : clamav (SUSE-SU-2025:0327-1)

medium Nessus Plugin ID 214899

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0327-1 advisory.

 New version 1.4.2:

 * CVE-2025-20128, bsc#1236307: Fixed a possible buffer overflow read bug in the OLE2 file parser that could cause a denial-of-service (DoS) condition.

 - Start clamonacc with --fdpass to avoid errors due to clamd not being able to access user files. (bsc#1232242)

 - New version 1.4.1:

 * https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html

 - New version 1.4.0:

 * Added support for extracting ALZ archives.
 * Added support for extracting LHA/LZH archives.
 * Added the ability to disable image fuzzy hashing, if needed.
 For context, image fuzzy hashing is a detection mechanism useful for identifying malware by matching images included with the malware or phishing email/document.
 * https://blog.clamav.net/2024/08/clamav-140-feature-release-and-clamav.html

 - New version 1.3.2:

 * CVE-2024-20506: Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the 'clamd' or 'freshclam' services from using a symlink to corrupt system files.
 * CVE-2024-20505: Fixed a possible out-of-bounds read bug in the PDF file parser that could cause a denial-of-service condition.
 * Removed unused Python modules from freshclam tests including deprecated 'cgi' module that is expected to cause test failures in Python 3.13.
 * Fix unit test caused by expiring signing certificate.
 * Fixed a build issue on Windows with newer versions of Rust. Also upgraded GitHub Actions imports to fix CI failures.
 * Fixed an unaligned pointer dereference issue on select architectures.
 * Fixes to Jenkins CI pipeline.


 - New Version: 1.3.1:

 * CVE-2024-20380: Fixed a possible crash in the HTML file parser that could cause a denial-of-service (DoS) condition.
 * Updated select Rust dependencies to the latest versions.
 * Fixed a bug causing some text to be truncated when converting from UTF-16.
 * Fixed assorted complaints identified by Coverity static analysis.
 * Fixed a bug causing CVDs downloaded by the DatabaseCustomURL
 * Added the new 'valhalla' database name to the list of optional databases in preparation for future work.

 - New version: 1.3.0:

 * Added support for extracting and scanning attachments found in Microsoft OneNote section files. OneNote parsing will be enabled by default, but may be optionally disabled.
 * Added file type recognition for compiled Python ('.pyc') files.
 * Improved support for decrypting PDFs with empty passwords.
 * Fixed a warning when scanning some HTML files.
 * ClamOnAcc: Fixed an infinite loop when a watched directory does not exist.
 * ClamOnAcc: Fixed an infinite loop when a file has been deleted before a scan.

 - New version: 1.2.0:

 * Added support for extracting Universal Disk Format (UDF) partitions.
 * Added an option to customize the size of ClamAV's clean file cache.
 * Raised the MaxScanSize limit so the total amount of data scanned when scanning a file or archive may exceed 4 gigabytes.
 * Added ability for Freshclam to use a client certificate PEM file and a private key PEM file for authentication to a private mirror.
 * Fix an issue extracting files from ISO9660 partitions where the files are listed in the plain ISO tree and there also exists an empty Joliet tree.
 * PID and socket are now located under /run/clamav/clamd.pid and /run/clamav/clamd.sock .
 * bsc#1211594: Fixed an issue where ClamAV does not abort the signature load process after partially loading an invalid signature.

 - New version 1.1.0:

 * https://blog.clamav.net/2023/05/clamav-110-released.html
 * Added the ability to extract images embedded in HTML CSS <style> blocks.
 * Updated to Sigtool so that the '--vba' option will extract VBA code from Microsoft Office documents the same way that libclamav extracts VBA.
 * Added a new option --fail-if-cvd-older-than=days to clamscan and clamd, and FailIfCvdOlderThan to clamd.conf
 * Added a new function 'cl_cvdgetage()' to the libclamav API.
 * Added a new function 'cl_engine_set_clcb_vba()' to the libclamav API.
 - bsc#1180296: Integrate clamonacc as a service.
 - New version 1.0.1 LTS (including changes in 0.104 and 0.105):
 * As of ClamAV 0.104, CMake is required to build ClamAV.
 * As of ClamAV 0.105, Rust is now required to compile ClamAV.
 * Increased the default limits for file and scan size:
 * MaxScanSize: 100M to 400M
 * MaxFileSize: 25M to 100M
 * StreamMaxLength: 25M to 100M
 * PCREMaxFileSize: 25M to 100M
 * MaxEmbeddedPE: 10M to 40M
 * MaxHTMLNormalize: 10M to 40M
 * MaxScriptNormalize: 5M to 20M
 * MaxHTMLNoTags: 2M to 8M
 * Added image fuzzy hash subsignatures for logical signatures.
 * Support for decrypting read-only OLE2-based XLS files that are encrypted with the default password.
 * Overhauled the implementation of the all-match feature.
 * Added a new callback to the public API for inspecting file content during a scan at each layer of archive extraction.
 * Added a new function to the public API for unpacking CVD signature archives.
 * The option to build with an external TomsFastMath library has been removed. ClamAV requires non-default build options for TomsFastMath to support bigger floating point numbers.
 * For a full list of changes see the release announcements:
 * https://blog.clamav.net/2022/11/clamav-100-lts-released.html
 * https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html
 * https://blog.clamav.net/2021/09/clamav-01040-released.html
 - Build clamd with systemd support.

 * CVE-2023-20197: Fixed a possible denial of service vulnerability in the HFS+ file parser. (bsc#1214342)
 * CVE-2018-14679: Fixed that an issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There isan off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized da (bsc#1103032)

 - Package huge .html documentation in a separate subpackage.

 - Update to 0.103.7 (bsc#1202986)

 - Zip parser: tolerate 2-byte overlap in file entries
 - Fix bug with logical signature Intermediates feature
 - Update to UnRAR v6.1.7
 - Patch UnRAR: allow skipping files in solid archives
 - Patch UnRAR: limit dict winsize to 1GB

 - Use a split-provides for clamav-milter instead of recommending it.
 - Package clamav-milter in a subpackage
 - Remove virus signatures upon uninstall
 - Check for database existence before starting clamd
 - Restart clamd when it exits
 - Don't daemonize freshclam, but use a systemd timer instead to trigger updates

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1102840

https://bugzilla.suse.com/1103032

https://bugzilla.suse.com/1180296

https://bugzilla.suse.com/1202986

https://bugzilla.suse.com/1211594

https://bugzilla.suse.com/1214342

https://bugzilla.suse.com/1232242

https://bugzilla.suse.com/1236307

http://www.nessus.org/u?8c045173

https://www.suse.com/security/cve/CVE-2018-14679

https://www.suse.com/security/cve/CVE-2023-20197

https://www.suse.com/security/cve/CVE-2024-20380

https://www.suse.com/security/cve/CVE-2024-20505

https://www.suse.com/security/cve/CVE-2024-20506

https://www.suse.com/security/cve/CVE-2025-20128

Plugin Details

Severity: Medium

ID: 214899

File Name: suse_SU-2025-0327-1.nasl

Version: 1.1

Type: local

Agent: unix

Published: 2/3/2025

Updated: 2/3/2025

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2018-14679

CVSS v3

Risk Factor: Medium

Base Score: 6.1

Temporal Score: 5.7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

CVSS Score Source: CVE-2024-20506

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:clamav-devel, p-cpe:/a:novell:suse_linux:clamav-milter, p-cpe:/a:novell:suse_linux:libclamav12, p-cpe:/a:novell:suse_linux:libclammspack0, p-cpe:/a:novell:suse_linux:libfreshclam3, p-cpe:/a:novell:suse_linux:clamav-docs-html, cpe:/o:novell:suse_linux:15, p-cpe:/a:novell:suse_linux:clamav

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/3/2025

Vulnerability Publication Date: 7/28/2018

Reference Information

CVE: CVE-2018-14679, CVE-2023-20197, CVE-2024-20380, CVE-2024-20505, CVE-2024-20506, CVE-2025-20128

IAVB: 2023-B-0062-S, 2024-B-0134

SuSE: SUSE-SU-2025:0327-1