Updated clamav packages fix security vulnerabilities
Publication date: 26 Nov 2014Modification date: 26 Nov 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-6497 , CVE-2014-9050
Description
Certain javascript files causes ClamAV to segfault when scanned with the -a (list archived files) (CVE-2013-6497). A heap buffer overflow was reported in ClamAV when scanning a specially crafted y0da Crypter obfuscated PE file (CVE-2014-9050). ClamAV has been updated to version 0.98.5 to address these and other issues.
References
- https://bugs.mageia.org/show_bug.cgi?id=14608
- https://bugzilla.clamav.net/show_bug.cgi?id=11088
- http://blog.clamav.net/2014/11/clamav-0985-has-been-released.html
- http://www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2014%3A217/
- http://openwall.com/lists/oss-security/2014/11/22/1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6497
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9050
SRPMS
4/core
- clamav-0.98.5-1.mga4
3/core
- clamav-0.98.5-1.mga3