Bug 984492 (CVE-2016-1405) - VUL-0: CVE-2016-1405: clamav: libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware Protection(AMP) on Cisco Emai...
Summary: VUL-0: CVE-2016-1405: clamav: libclamav in ClamAV (aka Clam AntiVirus), as us...
Status: RESOLVED DUPLICATE of bug 978459
Alias: CVE-2016-1405
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Reinhard Max
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/169897/
Whiteboard: CVSSv2:NVD:CVE-2016-1405:5.0:(AV:N/A...
Keywords:
Depends on:
Blocks:
 
Reported: 2016-06-13 16:03 UTC by Marcus Meissner
Modified: 2016-07-25 08:04 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2016-06-13 16:03:33 UTC 
CVE-2016-1405

libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware Protection
(AMP) on Cisco Email Security Appliance (ESA) devices before 9.7.0-125 and Web
Security Appliance (WSA) devices before 9.0.1-135 and 9.1.x before 9.1.1-041,
allows remote attackers to cause a denial of service (AMP process restart) via a
crafted document, aka Bug ID CSCuv78533.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1405
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1405.html
https://github.com/vrtadmin/clamav-devel/blob/master/ChangeLog
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160531-wsa-esa
Comment 1 Marcus Meissner 2016-06-13 16:05:40 UTC 
basically fixed via the clamav 0.99.2 update in bug 978459, although it is not clear which one of the issues in changes it references.
Comment 2 Swamp Workflow Management 2016-06-13 22:04:41 UTC 
bugbot adjusting priority
Comment 3 Reinhard Max 2016-07-21 16:58:13 UTC 
How shall we continue with this?
Comment 4 Marcus Meissner 2016-07-25 08:04:03 UTC 
This problem has been fixed with the 0.99.2 clamav update.

*** This bug has been marked as a duplicate of bug 978459 ***