Debian Security Advisory

DLA-95-1 clamav -- LTS security update

Date Reported:
02 Dec 2014
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2014-9050, CVE-2013-6497.
More information:

Two bugs were discovered in clamav and are fixed by this release.

One issue is in clamscan, the command line anti-virus scanner included in the package, which could lead to crashes when scanning certain files (CVE-2013-6497). The second issue is in libclamav which caused a heap buffer overflow when scanning a specially crafted y0da Crypter obfuscated PE file (CVE-2014-9050). Note that this is remotely exploitable when ClamAV is used as a mail gateway scanner.

For Debian 6 Squeeze, these issues have been fixed in clamav version 0.98.1+dfsg-1+deb6u4

If you use clamav, we highly recommend that you upgrade to this version.