Debian Long Term Support / LTS Security Information / 2014 / Security Information -- DLA-95-1 clamav

Debian Security Advisory

DLA-95-1 clamav -- LTS security update

Date Reported:

02 Dec 2014

Affected Packages:

clamav

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2014-9050, CVE-2013-6497.

More information:

Two bugs were discovered in clamav and are fixed by this release.

One issue is in clamscan, the command line anti-virus scanner included in the package, which could lead to crashes when scanning certain files (CVE-2013-6497). The second issue is in libclamav which caused a heap buffer overflow when scanning a specially crafted y0da Crypter obfuscated PE file (CVE-2014-9050). Note that this is remotely exploitable when ClamAV is used as a mail gateway scanner.

For Debian 6 Squeeze, these issues have been fixed in clamav version 0.98.1+dfsg-1+deb6u4

If you use clamav, we highly recommend that you upgrade to this version.