Advisories » MGASA-2017-0291

Updated clamav packages fix security vulnerabilities

Publication date: 21 Aug 2017
Modification date: 21 Aug 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-6418 , CVE-2017-6420

Description

It was discovered that ClamAV incorrectly handled parsing certain e-mail
messages. A remote attacker could possibly use this issue to cause
ClamAV to crash, resulting in a denial of service (CVE-2017-6418).

It was discovered that ClamAV incorrectly handled parsing certain PE
files with WWPack compression. A remote attacker could possibly use this
issue to cause ClamAV to crash, resulting in a denial of service
(CVE-2017-6420).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=21555
• https://usn.ubuntu.com/usn/usn-3393-1/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6418
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6420

SRPMS

5/core

• clamav-0.99.2-1.1.mga5

6/core

• clamav-0.99.2-2.2.mga6