Debian Security Advisory
DLA-95-1 clamav -- LTS security update
- Date Reported:
- 02 Dec 2014
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2014-9050, CVE-2013-6497.
- More information:
Two bugs were discovered in clamav and are fixed by this release.
One issue is in clamscan, the command line anti-virus scanner included in the package, which could lead to crashes when scanning certain files (CVE-2013-6497). The second issue is in libclamav which caused a heap buffer overflow when scanning a specially crafted y0da Crypter obfuscated PE file (CVE-2014-9050). Note that this is remotely exploitable when ClamAV is used as a mail gateway scanner.
For Debian 6
Squeeze, these issues have been fixed in clamav version 0.98.1+dfsg-1+deb6u4
If you use clamav, we highly recommend that you upgrade to this version.