Updated clamav packages fix security vulnerabilities
Publication date: 05 May 2015Modification date: 05 May 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-2221 , CVE-2015-2222 , CVE-2015-2668 , CVE-2015-2305 , CVE-2015-2170
Description
This updates fixes the following security issues:
Fix infinite loop condition on crafted y0da cryptor file. Identified and
patch suggested by Sebastian Andrzej Siewior. CVE-2015-2221
Fix crash on crafted petite packed file. Reported and patch supplied by
Sebastian Andrzej Siewior. CVE-2015-2222.
Fix an infinite loop condition on a crafted "xz" archive file. This was
reported by Dimitri Kirchner and Goulven Guiheux.CVE-2015-2668
Apply upstream patch for possible heap overflow in Henry Spencer's regex
library. CVE-2015-2305
Fix crash in upx decoder with crafted file. Discovered and patch supplied
by Sebastian Andrzej Siewior. CVE-2015-2170
References
- https://bugs.mageia.org/show_bug.cgi?id=15792
- http://openwall.com/lists/oss-security/2015/05/03/1
- http://openwall.com/lists/oss-security/2015/05/03/2
- http://openwall.com/lists/oss-security/2015/05/03/3
- http://openwall.com/lists/oss-security/2015/05/03/4
- http://openwall.com/lists/oss-security/2015/05/03/5
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2221
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2222
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2668
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2305
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2170
SRPMS
4/core
- clamav-0.98.7-1.mga4