Advisories ยป MGASA-2014-0487

Updated clamav packages fix security vulnerabilities

Publication date: 26 Nov 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-6497 , CVE-2014-9050

Description

Certain javascript files causes ClamAV to segfault when scanned with
the -a (list archived files) (CVE-2013-6497).

A heap buffer overflow was reported in ClamAV when scanning a specially
crafted y0da Crypter obfuscated PE file (CVE-2014-9050).

ClamAV has been updated to version 0.98.5 to address these and other issues.
                

References

SRPMS

3/core

4/core