# Security update for clamav

Announcement ID: SUSE-SU-2025:0325-1  
Release Date: 2025-02-03T09:39:26Z  
Rating: important  
References:

  * bsc#1102840
  * bsc#1103032
  * bsc#1180296
  * bsc#1202986
  * bsc#1211594
  * bsc#1214342
  * bsc#1232242
  * bsc#1236307
  * jsc#PED-4596
  * jsc#SMO-494
  * jsc#SMO-495

  
Cross-References:

  * CVE-2018-14679
  * CVE-2023-20197
  * CVE-2024-20380
  * CVE-2024-20505
  * CVE-2024-20506
  * CVE-2025-20128

  
CVSS scores:

  * CVE-2018-14679 ( SUSE ):  4.4 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
  * CVE-2018-14679 ( NVD ):  6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  * CVE-2023-20197 ( SUSE ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-20197 ( NVD ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-20380 ( SUSE ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-20505 ( SUSE ):  8.7
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  * CVE-2024-20505 ( SUSE ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-20505 ( NVD ):  4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  * CVE-2024-20505 ( NVD ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-20506 ( SUSE ):  6.8
    CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
  * CVE-2024-20506 ( SUSE ):  6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
  * CVE-2024-20506 ( NVD ):  6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
  * CVE-2024-20506 ( NVD ):  6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
  * CVE-2025-20128 ( SUSE ):  6.8
    CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  * CVE-2025-20128 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  * CVE-2025-20128 ( NVD ):  5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  * CVE-2025-20128 ( NVD ):  5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

  
Affected Products:

  * SUSE Enterprise Storage 7.1
  * SUSE Linux Enterprise High Performance Computing 15 SP3
  * SUSE Linux Enterprise High Performance Computing 15 SP4
  * SUSE Linux Enterprise High Performance Computing 15 SP5
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
  * SUSE Linux Enterprise Micro 5.5
  * SUSE Linux Enterprise Server 15 SP3
  * SUSE Linux Enterprise Server 15 SP3 LTSS
  * SUSE Linux Enterprise Server 15 SP4
  * SUSE Linux Enterprise Server 15 SP4 LTSS
  * SUSE Linux Enterprise Server 15 SP5
  * SUSE Linux Enterprise Server 15 SP5 LTSS
  * SUSE Linux Enterprise Server for SAP Applications 15 SP3
  * SUSE Linux Enterprise Server for SAP Applications 15 SP4
  * SUSE Linux Enterprise Server for SAP Applications 15 SP5
  * SUSE Manager Proxy 4.3
  * SUSE Manager Retail Branch Server 4.3
  * SUSE Manager Server 4.3

  
  
An update that solves six vulnerabilities, contains three features and has two
security fixes can now be installed.

## Description:

This update for clamav fixes the following issues:

New version 1.4.2:

  * CVE-2025-20128, bsc#1236307: Fixed a possible buffer overflow read bug in
    the OLE2 file parser that could cause a denial-of-service (DoS) condition.

  * Start clamonacc with --fdpass to avoid errors due to clamd not being able to
    access user files. (bsc#1232242)

  * New version 1.4.1:

  * https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html

  * New version 1.4.0:

  * Added support for extracting ALZ archives.

  * Added support for extracting LHA/LZH archives.
  * Added the ability to disable image fuzzy hashing, if needed. For context,
    image fuzzy hashing is a detection mechanism useful for identifying malware
    by matching images included with the malware or phishing email/document.
  * https://blog.clamav.net/2024/08/clamav-140-feature-release-and-clamav.html

  * New version 1.3.2:

  * CVE-2024-20506: Changed the logging module to disable following symlinks on
    Linux and Unix systems so as to prevent an attacker with existing access to
    the 'clamd' or 'freshclam' services from using a symlink to corrupt system
    files.

  * CVE-2024-20505: Fixed a possible out-of-bounds read bug in the PDF file
    parser that could cause a denial-of-service condition.
  * Removed unused Python modules from freshclam tests including deprecated
    'cgi' module that is expected to cause test failures in Python 3.13.
  * Fix unit test caused by expiring signing certificate.
  * Fixed a build issue on Windows with newer versions of Rust. Also upgraded
    GitHub Actions imports to fix CI failures.
  * Fixed an unaligned pointer dereference issue on select architectures.
  * Fixes to Jenkins CI pipeline.

  * New Version: 1.3.1:

  * CVE-2024-20380: Fixed a possible crash in the HTML file parser that could
    cause a denial-of-service (DoS) condition.

  * Updated select Rust dependencies to the latest versions.
  * Fixed a bug causing some text to be truncated when converting from UTF-16.
  * Fixed assorted complaints identified by Coverity static analysis.
  * Fixed a bug causing CVDs downloaded by the DatabaseCustomURL
  * Added the new 'valhalla' database name to the list of optional databases in
    preparation for future work.

  * New version: 1.3.0:

  * Added support for extracting and scanning attachments found in Microsoft
    OneNote section files. OneNote parsing will be enabled by default, but may
    be optionally disabled.

  * Added file type recognition for compiled Python ('.pyc') files.
  * Improved support for decrypting PDFs with empty passwords.
  * Fixed a warning when scanning some HTML files.
  * ClamOnAcc: Fixed an infinite loop when a watched directory does not exist.
  * ClamOnAcc: Fixed an infinite loop when a file has been deleted before a
    scan.

  * New version: 1.2.0:

  * Added support for extracting Universal Disk Format (UDF) partitions.

  * Added an option to customize the size of ClamAV's clean file cache.
  * Raised the MaxScanSize limit so the total amount of data scanned when
    scanning a file or archive may exceed 4 gigabytes.
  * Added ability for Freshclam to use a client certificate PEM file and a
    private key PEM file for authentication to a private mirror.
  * Fix an issue extracting files from ISO9660 partitions where the files are
    listed in the plain ISO tree and there also exists an empty Joliet tree.
  * PID and socket are now located under /run/clamav/clamd.pid and
    /run/clamav/clamd.sock .
  * bsc#1211594: Fixed an issue where ClamAV does not abort the signature load
    process after partially loading an invalid signature.

  * New version 1.1.0:

  * https://blog.clamav.net/2023/05/clamav-110-released.html

  * Added the ability to extract images embedded in HTML CSS

SUSE: 2025:0325-1 important: clamav Security Advisory Updates

February 3, 2025
* bsc#1102840 * bsc#1103032 * bsc#1180296 * bsc#1202986 * bsc#1211594

Summary

## This update for clamav fixes the following issues: New version 1.4.2: * CVE-2025-20128, bsc#1236307: Fixed a possible buffer overflow read bug in the OLE2 file parser that could cause a denial-of-service (DoS) condition. * Start clamonacc with --fdpass to avoid errors due to clamd not being able to access user files. (bsc#1232242) * New version 1.4.1: * https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html * New version 1.4.0: * Added support for extracting ALZ archives. * Added support for extracting LHA/LZH archives. * Added the ability to disable image fuzzy hashing, if needed. For context, image fuzzy hashing is a detection mechanism useful for identifying malware by matching images included with the malware or phishing email/document. * https://blog.clamav.net/2024/08/clamav-140-feature-release-and-clamav.html * New version 1.3.2: * CVE-2024-20506: Changed the logging module to disable following symlinks...

Read the Full Advisory

References

* bsc#1102840

* bsc#1103032

* bsc#1180296

* bsc#1202986

* bsc#1211594

* bsc#1214342

* bsc#1232242

* bsc#1236307

* jsc#PED-4596

* jsc#SMO-494

* jsc#SMO-495

Cross-

* CVE-2018-14679

* CVE-2023-20197

* CVE-2024-20380

* CVE-2024-20505

* CVE-2024-20506

* CVE-2025-20128

CVSS scores:

* CVE-2018-14679 ( SUSE ): 4.4 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

* CVE-2018-14679 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

* CVE-2023-20197 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-20197 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-20380 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-20505 ( SUSE ): 8.7

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

* CVE-2024-20505 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-20505 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

* CVE-2024-20505 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/U...

Read the Full Advisory

Severity
Announcement ID: SUSE-SU-2025:0325-1
Release Date: 2025-02-03T09:39:26Z
Rating: important

Related News

Parrot OS 6.3: Elevating Security with Enhanced Features & Tools
3 - 5 min read
Parrot OS 6.3 has just arrived , bringing crucial updates that security admins should note. This latest version of the popular secure Linux
Linux Kernel 6.14 Released: Top Security Features You Need to Know
3 - 6 min read
With the release of Linux kernel 6.14 , admins and Linux users have many new features and enhancements to look forward to - especially in the realm
Don
2 - 4 min read
Google recently issued a crucial Chrome update that those using a version of the browser prior to version 132.0.6834.110 should implement
Intel Brings Next-Level Security to Linux with Partner Security Engine
3 - 6 min read
Intel recently introduced a game-changer in hardware security with its new Partner Security Engine integrated into the Core Ultra Series 2. This
A Tiny Linux Kernel Tweak with Massive Implications for Datacenter Efficiency
3 - 6 min read
In a groundbreaking development, security researchers have introduced a small but mighty tweak to the Linux kernel that promises to cut data center
Best Practices for Securing Linux Systems Against Malicious Bots
3 - 6 min read
Linux systems have long been an indispensable asset to businesses and individuals alike. From running servers and cloud infrastructure to powering
Securing Open-Source Projects with Automated Testing on Linux
4 - 7 min read
Open-source project security testing focuses on many components, ensuring there are no safety vulnerabilities. These components include physical
KaOS Linux 2025.01: Merging Security with Practicality
3 - 6 min read
As the realm of Linux distribution expands, security admins find themselves faced with choosing a system that fits operational needs and upholds

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved