subject:"\[clamav\-users\] New ClamAV update\?"

Re: [clamav-users] New ClamAV update?

2017-07-03 Thread Joel Esler (jesler)

All the ones listed in that list are fixed if you are running the current 
version.

--
Joel Esler | Talos: Manager | jes...@cisco.com

On Jul 3, 2017, at 9:54 AM, Mark Foley 
> wrote:

On Sun, 02 Jul 2017 11:25:34 -0700 Al Varnell 
> wrote
On Jul 2, 2017, at 7:44 AM, Mark Foley wrote:
On Jun 29, 2017, at 5:10 PM, Al Varnell wrote:
The list of CVE's known to apply to ClamAV can be found here:
.

I've check that known CVE list. That's a great link! Is there something on that
list indicating whether the vulnerability has been addressed? The last 3 columns
are "Conf.", "Integ." "Avail.", having values of "None" and "Partial". I can't
interpret the meaning of these and I find no legend on the page describing them.

How can I determine the resolution status?

--Mark

You will need to look each one up on either:

or

-Al-
--
Al Varnell
Mountain View, CA

Thanks Al. Looking each one up is something I'm unlikely to do. Too bad the
authors of that page don't periodically update an otherwise fine list with
resolution status.

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] New ClamAV update?

2017-07-03 Thread Mark Foley

 On Sun, 02 Jul 2017 11:25:34 -0700 Al Varnell  wrote
> On Jul 2, 2017, at 7:44 AM, Mark Foley wrote:
> > On Jun 29, 2017, at 5:10 PM, Al Varnell wrote:
> >> The list of CVE's known to apply to ClamAV can be found here:
> >> .
> > 
> > I've check that known CVE list. That's a great link! Is there something on 
> > that
> > list indicating whether the vulnerability has been addressed? The last 3 
> > columns
> > are "Conf.", "Integ." "Avail.", having values of "None" and "Partial". I 
> > can't
> > interpret the meaning of these and I find no legend on the page describing 
> > them.
> > 
> > How can I determine the resolution status?
> > 
> > --Mark
>
> You will need to look each one up on either:
>
> 
> or
> 
>
> -Al-
> -- 
> Al Varnell
> Mountain View, CA

Thanks Al. Looking each one up is something I'm unlikely to do. Too bad the
authors of that page don't periodically update an otherwise fine list with
resolution status.

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] New ClamAV update?

2017-07-02 Thread Al Varnell

On Jul 2, 2017, at 7:44 AM, Mark Foley wrote:
> On Jun 29, 2017, at 5:10 PM, Al Varnell wrote:
>> The list of CVE's known to apply to ClamAV can be found here:
>> .
> 
> I've check that known CVE list. That's a great link! Is there something on 
> that
> list indicating whether the vulnerability has been addressed? The last 3 
> columns
> are "Conf.", "Integ." "Avail.", having values of "None" and "Partial". I can't
> interpret the meaning of these and I find no legend on the page describing 
> them.
> 
> How can I determine the resolution status?
> 
> --Mark

You will need to look each one up on either:


or


-Al-
-- 
Al Varnell
Mountain View, CA




___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] New ClamAV update?

2017-07-02 Thread Mark Foley

On Jun 29, 2017, at 5:10 PM, Al Varnell 
> wrote:

> The list of CVE's known to apply to ClamAV can be found here:
> .

I've check that known CVE list. That's a great link! Is there something on that
list indicating whether the vulnerability has been addressed? The last 3 columns
are "Conf.", "Integ." "Avail.", having values of "None" and "Partial". I can't
interpret the meaning of these and I find no legend on the page describing them.

How can I determine the resolution status?

--Mark
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] New ClamAV update?

2017-07-01 Thread Joel Esler (jesler)

We are currently planning on 0.99.3 coming out near the end of July.


--
Joel Esler | Talos: Manager | jes...@cisco.com






On Jun 29, 2017, at 5:10 PM, Al Varnell 
> wrote:

CVE-2012-6706 concerns a VMSF_DELTA memory corruption was discovered in unrar 
before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 
3.37.2 and other products, that can lead to arbitrary code execution.
.

The list of CVE's known to apply to ClamAV can be found here:
.

The latest scan engine is correctly shown as 0.99.2, which I believe was 
released over a year ago (May 2016).

-Al-

On Thu, Jun 29, 2017 at 11:25 AM, Paul Kosinski wrote:

I just got a security notice from SuSE talking about updating ClamAV.
The CVE looks quite old: is SuSE so far behind, or is there something
recent to worry about?



 SUSE Security Update: Security update for clamav
__

Announcement ID:SUSE-SU-2017:1716-1
Rating: important
References: #1040662 #1045490
Cross-References:   CVE-2012-6706
Affected Products:
  SUSE Linux Enterprise Server for SAP 12-SP1
  SUSE Linux Enterprise Server for SAP 12
  SUSE Linux Enterprise Server for Raspberry Pi 12-SP2
  SUSE Linux Enterprise Server 12-SP2
  SUSE Linux Enterprise Server 12-SP1-LTSS
  SUSE Linux Enterprise Server 12-LTSS
  SUSE Linux Enterprise Desktop 12-SP2
__

 An update that solves one vulnerability and has one errata
 is now available.

Description:


 This update for clamav fixes the following issues:

 Security issue fixed:

 - CVE-2012-6706: Fixed an arbitrary memory write in VMSF_DELTA filter in
   libclamunrar (bsc#1045490)

 Non security issues fixed:

 - Provide and obsolete clamav-nodb to trigger its removal in openSUSE
   Leap. (bsc#1040662)


Patch Instructions:

 To install this SUSE Security Update use YaST online_update.
 Alternatively you can run the command listed for your product:

 - SUSE Linux Enterprise Server for SAP 12-SP1:

zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1069=1

 - SUSE Linux Enterprise Server for SAP 12:

zypper in -t patch SUSE-SLE-SAP-12-2017-1069=1

 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:

zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1069=1

 - SUSE Linux Enterprise Server 12-SP2:

zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1069=1

 - SUSE Linux Enterprise Server 12-SP1-LTSS:

zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1069=1

 - SUSE Linux Enterprise Server 12-LTSS:

zypper in -t patch SUSE-SLE-SERVER-12-2017-1069=1

 - SUSE Linux Enterprise Desktop 12-SP2:

zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1069=1

 To bring your system up-to-date, use "zypper patch".


Package List:

 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64):

clamav-0.99.2-32.1
clamav-debuginfo-0.99.2-32.1
clamav-debugsource-0.99.2-32.1

 - SUSE Linux Enterprise Server for SAP 12 (x86_64):

clamav-0.99.2-32.1
clamav-debuginfo-0.99.2-32.1
clamav-debugsource-0.99.2-32.1

 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64):

clamav-0.99.2-32.1
clamav-debuginfo-0.99.2-32.1
clamav-debugsource-0.99.2-32.1

 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64):

clamav-0.99.2-32.1
clamav-debuginfo-0.99.2-32.1
clamav-debugsource-0.99.2-32.1

 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64):

clamav-0.99.2-32.1
clamav-debuginfo-0.99.2-32.1
clamav-debugsource-0.99.2-32.1

 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64):

clamav-0.99.2-32.1
clamav-debuginfo-0.99.2-32.1
clamav-debugsource-0.99.2-32.1

 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64):

clamav-0.99.2-32.1
clamav-debuginfo-0.99.2-32.1
clamav-debugsource-0.99.2-32.1


References:

 https://www.suse.com/security/cve/CVE-2012-6706.html
 https://bugzilla.suse.com/1040662
 https://bugzilla.suse.com/1045490
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:

Re: [clamav-users] New ClamAV update?

2017-06-29 Thread Al Varnell

CVE-2012-6706 concerns a VMSF_DELTA memory corruption was discovered in unrar 
before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 
3.37.2 and other products, that can lead to arbitrary code execution.
.

The list of CVE's known to apply to ClamAV can be found here:
.

The latest scan engine is correctly shown as 0.99.2, which I believe was 
released over a year ago (May 2016).

-Al-

On Thu, Jun 29, 2017 at 11:25 AM, Paul Kosinski wrote:
> 
> I just got a security notice from SuSE talking about updating ClamAV.
> The CVE looks quite old: is SuSE so far behind, or is there something
> recent to worry about?
> 
> 
> 
>   SUSE Security Update: Security update for clamav
> __
> 
> Announcement ID:SUSE-SU-2017:1716-1
> Rating: important
> References: #1040662 #1045490 
> Cross-References:   CVE-2012-6706
> Affected Products:
>SUSE Linux Enterprise Server for SAP 12-SP1
>SUSE Linux Enterprise Server for SAP 12
>SUSE Linux Enterprise Server for Raspberry Pi 12-SP2
>SUSE Linux Enterprise Server 12-SP2
>SUSE Linux Enterprise Server 12-SP1-LTSS
>SUSE Linux Enterprise Server 12-LTSS
>SUSE Linux Enterprise Desktop 12-SP2
> __
> 
>   An update that solves one vulnerability and has one errata
>   is now available.
> 
> Description:
> 
> 
>   This update for clamav fixes the following issues:
> 
>   Security issue fixed:
> 
>   - CVE-2012-6706: Fixed an arbitrary memory write in VMSF_DELTA filter in
> libclamunrar (bsc#1045490)
> 
>   Non security issues fixed:
> 
>   - Provide and obsolete clamav-nodb to trigger its removal in openSUSE
> Leap. (bsc#1040662)
> 
> 
> Patch Instructions:
> 
>   To install this SUSE Security Update use YaST online_update.
>   Alternatively you can run the command listed for your product:
> 
>   - SUSE Linux Enterprise Server for SAP 12-SP1:
> 
>  zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1069=1
> 
>   - SUSE Linux Enterprise Server for SAP 12:
> 
>  zypper in -t patch SUSE-SLE-SAP-12-2017-1069=1
> 
>   - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:
> 
>  zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1069=1
> 
>   - SUSE Linux Enterprise Server 12-SP2:
> 
>  zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1069=1
> 
>   - SUSE Linux Enterprise Server 12-SP1-LTSS:
> 
>  zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1069=1
> 
>   - SUSE Linux Enterprise Server 12-LTSS:
> 
>  zypper in -t patch SUSE-SLE-SERVER-12-2017-1069=1
> 
>   - SUSE Linux Enterprise Desktop 12-SP2:
> 
>  zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1069=1
> 
>   To bring your system up-to-date, use "zypper patch".
> 
> 
> Package List:
> 
>   - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64):
> 
>  clamav-0.99.2-32.1
>  clamav-debuginfo-0.99.2-32.1
>  clamav-debugsource-0.99.2-32.1
> 
>   - SUSE Linux Enterprise Server for SAP 12 (x86_64):
> 
>  clamav-0.99.2-32.1
>  clamav-debuginfo-0.99.2-32.1
>  clamav-debugsource-0.99.2-32.1
> 
>   - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64):
> 
>  clamav-0.99.2-32.1
>  clamav-debuginfo-0.99.2-32.1
>  clamav-debugsource-0.99.2-32.1
> 
>   - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64):
> 
>  clamav-0.99.2-32.1
>  clamav-debuginfo-0.99.2-32.1
>  clamav-debugsource-0.99.2-32.1
> 
>   - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64):
> 
>  clamav-0.99.2-32.1
>  clamav-debuginfo-0.99.2-32.1
>  clamav-debugsource-0.99.2-32.1
> 
>   - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64):
> 
>  clamav-0.99.2-32.1
>  clamav-debuginfo-0.99.2-32.1
>  clamav-debugsource-0.99.2-32.1
> 
>   - SUSE Linux Enterprise Desktop 12-SP2 (x86_64):
> 
>  clamav-0.99.2-32.1
>  clamav-debuginfo-0.99.2-32.1
>  clamav-debugsource-0.99.2-32.1
> 
> 
> References:
> 
>   https://www.suse.com/security/cve/CVE-2012-6706.html
>   https://bugzilla.suse.com/1040662
>   https://bugzilla.suse.com/1045490


smime.p7s
Description: S/MIME cryptographic signature
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] New ClamAV update?

2017-06-29 Thread Paul Kosinski

I just got a security notice from SuSE talking about updating ClamAV.
The CVE looks quite old: is SuSE so far behind, or is there something
recent to worry about?



   SUSE Security Update: Security update for clamav
__

Announcement ID:SUSE-SU-2017:1716-1
Rating: important
References: #1040662 #1045490 
Cross-References:   CVE-2012-6706
Affected Products:
SUSE Linux Enterprise Server for SAP 12-SP1
SUSE Linux Enterprise Server for SAP 12
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2
SUSE Linux Enterprise Server 12-SP2
SUSE Linux Enterprise Server 12-SP1-LTSS
SUSE Linux Enterprise Server 12-LTSS
SUSE Linux Enterprise Desktop 12-SP2
__

   An update that solves one vulnerability and has one errata
   is now available.

Description:


   This update for clamav fixes the following issues:

   Security issue fixed:

   - CVE-2012-6706: Fixed an arbitrary memory write in VMSF_DELTA filter in
 libclamunrar (bsc#1045490)

   Non security issues fixed:

   - Provide and obsolete clamav-nodb to trigger its removal in openSUSE
 Leap. (bsc#1040662)


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server for SAP 12-SP1:

  zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1069=1

   - SUSE Linux Enterprise Server for SAP 12:

  zypper in -t patch SUSE-SLE-SAP-12-2017-1069=1

   - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:

  zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1069=1

   - SUSE Linux Enterprise Server 12-SP2:

  zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1069=1

   - SUSE Linux Enterprise Server 12-SP1-LTSS:

  zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1069=1

   - SUSE Linux Enterprise Server 12-LTSS:

  zypper in -t patch SUSE-SLE-SERVER-12-2017-1069=1

   - SUSE Linux Enterprise Desktop 12-SP2:

  zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1069=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64):

  clamav-0.99.2-32.1
  clamav-debuginfo-0.99.2-32.1
  clamav-debugsource-0.99.2-32.1

   - SUSE Linux Enterprise Server for SAP 12 (x86_64):

  clamav-0.99.2-32.1
  clamav-debuginfo-0.99.2-32.1
  clamav-debugsource-0.99.2-32.1

   - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64):

  clamav-0.99.2-32.1
  clamav-debuginfo-0.99.2-32.1
  clamav-debugsource-0.99.2-32.1

   - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64):

  clamav-0.99.2-32.1
  clamav-debuginfo-0.99.2-32.1
  clamav-debugsource-0.99.2-32.1

   - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64):

  clamav-0.99.2-32.1
  clamav-debuginfo-0.99.2-32.1
  clamav-debugsource-0.99.2-32.1

   - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64):

  clamav-0.99.2-32.1
  clamav-debuginfo-0.99.2-32.1
  clamav-debugsource-0.99.2-32.1

   - SUSE Linux Enterprise Desktop 12-SP2 (x86_64):

  clamav-0.99.2-32.1
  clamav-debuginfo-0.99.2-32.1
  clamav-debugsource-0.99.2-32.1


References:

   https://www.suse.com/security/cve/CVE-2012-6706.html
   https://bugzilla.suse.com/1040662
   https://bugzilla.suse.com/1045490
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] New ClamAV update?

Re: [clamav-users] New ClamAV update?

Re: [clamav-users] New ClamAV update?

Re: [clamav-users] New ClamAV update?

Re: [clamav-users] New ClamAV update?

Re: [clamav-users] New ClamAV update?

[clamav-users] New ClamAV update?

7 matches

Site Navigation

Mail list logo

Footer information