Updated clamav packages fix security vulnerability
Publication date: 27 Nov 2016Modification date: 27 Nov 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-1371 , CVE-2016-1372 , CVE-2016-1405
Description
ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted mew packer executable (CVE-2016-1371). ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted 7z file (CVE-2016-1372). libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware Protection (AMP) on Cisco Email Security Appliance (ESA) devices before 9.7.0-125 and Web Security Appliance (WSA) devices before 9.0.1-135 and 9.1.x before 9.1.1-041, allows remote attackers to cause a denial of service (AMP process restart) via a crafted document (CVE-2016-1405). The clavav package has been updated to version 0.99.2, fixing these issues and other bugs. See the upstream release announcements for details.
References
SRPMS
5/core
- clamav-0.99.2-1.mga5