SUSE-SU-2015:0882-2

Advisory lineage Upstream: 5 Downstream: 0
Published: 11 May 2015, 07:27
Last modified:04 Feb 2026, 04:37

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

11 May 2015, 07:27
Published
Vulnerability first disclosed
04 Feb 2026, 04:37
Last Modified
Vulnerability information updated

Description

Security update for clamav The ClamAV antivirus engine was updated to version 0.98.7 to fix several security and non security issues. The following vulnerabilities were fixed (bsc#929192): * CVE-2015-2170: Fix crash in upx decoder with crafted file. Discovered and patch supplied by Sebastian Andrzej Siewior. * CVE-2015-2221: Fix infinite loop condition on crafted y0da cryptor file. Identified and patch suggested by Sebastian Andrzej Siewior. * CVE-2015-2222: Fix crash on crafted petite packed file. Reported and patch supplied by Sebastian Andrzej Siewior. * CVE-2015-2668: Fix an infinite loop condition on a crafted 'xz' archive file. This was reported by Dimitri Kirchner and Goulven Guiheux. * CVE-2015-2305: Apply upstream patch for possible heap overflow in Henry Spencer's regex library.

Affected Systems

  • suseclamav&distro=SUSE Linux Enterprise Desktop 12

    < 0.98.7-13.1

  • suseclamav&distro=SUSE Linux Enterprise Server 12

    < 0.98.7-13.1

  • suseclamav&distro=SUSE Linux Enterprise Server for SAP Applications 12

    < 0.98.7-13.1

References (7)