Advisories ยป MGASA-2016-0402

Updated clamav packages fix security vulnerability

Publication date: 27 Nov 2016
Modification date: 27 Nov 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-1371 , CVE-2016-1372 , CVE-2016-1405

Description

ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause
a denial of service (application crash) via a crafted mew packer
executable (CVE-2016-1371).

ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause
a denial of service (application crash) via a crafted 7z file
(CVE-2016-1372).

libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware
Protection (AMP) on Cisco Email Security Appliance (ESA) devices before
9.7.0-125 and Web Security Appliance (WSA) devices before 9.0.1-135 and
9.1.x before 9.1.1-041, allows remote attackers to cause a denial of
service (AMP process restart) via a crafted document (CVE-2016-1405).

The clavav package has been updated to version 0.99.2, fixing these issues
and other bugs. See the upstream release announcements for details.
                

References

SRPMS

5/core