Advisories » MGASA-2015-0056

Updated clamav packages fix security vulnerabilities

Publication date: 09 Feb 2015
Modification date: 09 Feb 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-9328

Description

ClamAV 0.98.6 is a maintenance release to fix some bugs, some of them being
security bugs:

Fix a heap out of bounds condition with crafted Yoda's crypter files.
This issue was discovered by Felix Groebert of the Google Security Team.

Fix a heap out of bounds condition with crafted mew packer files.
This issue was discovered by Felix Groebert of the Google Security Team.

Fix a heap out of bounds condition with crafted upx packer files.
This issue was discovered by Kevin Szkudlapski of Quarkslab.

Fix a heap out of bounds condition with crafted upack packer files.
This issue was discovered by Sebastian Andrzej Siewior (CVE-2014-9328).

Compensate a crash due to incorrect compiler optimization when handling crafted
petite packer files. This issue was discovered by Sebastian Andrzej Siewior.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=15155
• http://blog.clamav.net/2015/01/clamav-0986-has-been-released.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9328

SRPMS

4/core

• clamav-0.98.6-1.mga4