Advisories » MGASA-2016-0402

Updated clamav packages fix security vulnerability

Publication date: 27 Nov 2016
Modification date: 27 Nov 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-1371 , CVE-2016-1372 , CVE-2016-1405

Description

ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause
a denial of service (application crash) via a crafted mew packer
executable (CVE-2016-1371).

ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause
a denial of service (application crash) via a crafted 7z file
(CVE-2016-1372).

libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware
Protection (AMP) on Cisco Email Security Appliance (ESA) devices before
9.7.0-125 and Web Security Appliance (WSA) devices before 9.0.1-135 and
9.1.x before 9.1.1-041, allows remote attackers to cause a denial of
service (AMP process restart) via a crafted document (CVE-2016-1405).

The clavav package has been updated to version 0.99.2, fixing these issues
and other bugs. See the upstream release announcements for details.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=19495
• https://www.ubuntu.com/usn/usn-3093-1/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1371
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1372
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1405

SRPMS

5/core

• clamav-0.99.2-1.mga5