An update for clamav is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2022-1508 Final 1.0 1.0 2022-01-28 Initial 2022-01-28 2022-01-28 openEuler SA Tool V1.0 2022-01-28 clamav security update An update for clamav is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3. End-user tools for the Clam Antivirus scanner. Security Fix(es): A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper checks that may result in an invalid pointer read. An attacker could exploit this vulnerability by sending a crafted OOXML file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition.(CVE-2022-20698) An update for clamav is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High clamav https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1508 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-20698 https://nvd.nist.gov/vuln/detail/CVE-2022-20698 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 openEuler-20.03-LTS-SP3 clamav-debugsource-0.103.2-4.oe1.aarch64.rpm clamd-0.103.2-4.oe1.aarch64.rpm clamav-milter-0.103.2-4.oe1.aarch64.rpm clamav-debuginfo-0.103.2-4.oe1.aarch64.rpm clamav-help-0.103.2-4.oe1.aarch64.rpm clamav-update-0.103.2-4.oe1.aarch64.rpm clamav-devel-0.103.2-4.oe1.aarch64.rpm clamav-0.103.2-4.oe1.aarch64.rpm clamav-update-0.103.2-4.oe1.aarch64.rpm clamav-debuginfo-0.103.2-4.oe1.aarch64.rpm clamav-milter-0.103.2-4.oe1.aarch64.rpm clamav-devel-0.103.2-4.oe1.aarch64.rpm clamd-0.103.2-4.oe1.aarch64.rpm clamav-0.103.2-4.oe1.aarch64.rpm clamav-help-0.103.2-4.oe1.aarch64.rpm clamav-debugsource-0.103.2-4.oe1.aarch64.rpm clamd-0.103.2-5.oe1.aarch64.rpm clamav-0.103.2-5.oe1.aarch64.rpm clamav-debuginfo-0.103.2-5.oe1.aarch64.rpm clamav-devel-0.103.2-5.oe1.aarch64.rpm clamav-update-0.103.2-5.oe1.aarch64.rpm clamav-help-0.103.2-5.oe1.aarch64.rpm clamav-milter-0.103.2-5.oe1.aarch64.rpm clamav-debugsource-0.103.2-5.oe1.aarch64.rpm clamav-filesystem-0.103.2-4.oe1.noarch.rpm clamav-data-0.103.2-4.oe1.noarch.rpm clamav-data-0.103.2-4.oe1.noarch.rpm clamav-filesystem-0.103.2-4.oe1.noarch.rpm clamav-data-0.103.2-5.oe1.noarch.rpm clamav-filesystem-0.103.2-5.oe1.noarch.rpm clamav-0.103.2-4.oe1.src.rpm clamav-0.103.2-4.oe1.src.rpm clamav-0.103.2-5.oe1.src.rpm clamav-debuginfo-0.103.2-4.oe1.x86_64.rpm clamav-milter-0.103.2-4.oe1.x86_64.rpm clamd-0.103.2-4.oe1.x86_64.rpm clamav-update-0.103.2-4.oe1.x86_64.rpm clamav-devel-0.103.2-4.oe1.x86_64.rpm clamav-debugsource-0.103.2-4.oe1.x86_64.rpm clamav-0.103.2-4.oe1.x86_64.rpm clamav-help-0.103.2-4.oe1.x86_64.rpm clamav-debugsource-0.103.2-4.oe1.x86_64.rpm clamav-milter-0.103.2-4.oe1.x86_64.rpm clamav-devel-0.103.2-4.oe1.x86_64.rpm clamav-help-0.103.2-4.oe1.x86_64.rpm clamav-0.103.2-4.oe1.x86_64.rpm clamav-debuginfo-0.103.2-4.oe1.x86_64.rpm clamd-0.103.2-4.oe1.x86_64.rpm clamav-update-0.103.2-4.oe1.x86_64.rpm clamav-help-0.103.2-5.oe1.x86_64.rpm clamd-0.103.2-5.oe1.x86_64.rpm clamav-devel-0.103.2-5.oe1.x86_64.rpm clamav-update-0.103.2-5.oe1.x86_64.rpm clamav-debugsource-0.103.2-5.oe1.x86_64.rpm clamav-milter-0.103.2-5.oe1.x86_64.rpm clamav-0.103.2-5.oe1.x86_64.rpm clamav-debuginfo-0.103.2-5.oe1.x86_64.rpm A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper checks that may result in an invalid pointer read. An attacker could exploit this vulnerability by sending a crafted OOXML file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition. 2022-01-28 CVE-2022-20698 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 openEuler-20.03-LTS-SP3 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H clamav security update 2022-01-28 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1508