Advisories ยป MGASA-2015-0056

Updated clamav packages fix security vulnerabilities

Publication date: 09 Feb 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-9328

Description

ClamAV 0.98.6 is a maintenance release to fix some bugs, some of them being
security bugs:

Fix a heap out of bounds condition with crafted Yoda's crypter files.
This issue was discovered by Felix Groebert of the Google Security Team.

Fix a heap out of bounds condition with crafted mew packer files.
This issue was discovered by Felix Groebert of the Google Security Team.

Fix a heap out of bounds condition with crafted upx packer files.
This issue was discovered by Kevin Szkudlapski of Quarkslab.

Fix a heap out of bounds condition with crafted upack packer files.
This issue was discovered by Sebastian Andrzej Siewior (CVE-2014-9328).

Compensate a crash due to incorrect compiler optimization when handling crafted
petite packer files. This issue was discovered by Sebastian Andrzej Siewior.
                

References

SRPMS

4/core