Advisories ยป MGASA-2015-0190

Updated clamav packages fix security vulnerabilities

Publication date: 05 May 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-2221 , CVE-2015-2222 , CVE-2015-2668 , CVE-2015-2305 , CVE-2015-2170


This updates fixes the following security issues:

Fix infinite loop condition on crafted y0da cryptor file. Identified and
patch suggested by Sebastian Andrzej Siewior. CVE-2015-2221

Fix crash on crafted petite packed file. Reported and patch supplied by
Sebastian Andrzej Siewior. CVE-2015-2222.

Fix an infinite loop condition on a crafted "xz" archive file. This was
reported by Dimitri Kirchner and Goulven Guiheux.CVE-2015-2668

Apply upstream patch for possible heap overflow in Henry Spencer's regex
library. CVE-2015-2305

Fix crash in upx decoder with crafted file. Discovered and patch supplied
by Sebastian Andrzej Siewior. CVE-2015-2170