[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 95-1] clamav security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

[ this was initially sent on 2014-11-27, but did not reach the list
due to a mistake on my side ]

Package        : clamav
Version        : 0.98.1+dfsg-1+deb6u4
CVE ID         : CVE-2014-9050 CVE-2013-6497
Debian Bug     : #770985

Two bugs were discovered in clamav and are fixed by this release.

One issue is in clamscan, the command line anti-virus scanner included
in the package, which could lead to crashes when scanning certain files
(CVE-2013-6497).
The second issue is in libclamav which caused a heap buffer overflow
when scanning a specially crafted y0da Crypter obfuscated PE file
(CVE-2014-9050). Note that this is remotely exploitable when ClamAV is
used as a mail gateway scanner.

If you use clamav, we highly recommend that you upgrade to this version.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJUfjEFAAoJEKGwm0IzOWHo8W8P/213Y3TJ3Cgmon6oAhATVeA2
0Vo/B1nOTQE95SkqSoHAo+z25oXJRAbm3Az7x1viU5iju5ZS7PZ/6T37tZHyQPUD
Ey1SPuvE6j+DGuIvGSYZ3flQi7D0LQu4fPusUKbpyUieQzm/M1mjQSiW2r87TQL1
UcHfAv1gDYJQuBieNdj1KwxbxAFV/I82S0dmvCFSedZ/O+dM/PpvauP4WRlKwCvZ
q8vuzFUjCimPI44fU+yiYL3XIPPFeV3yIUodDAWBr2jROGOFQFNiYfWZaTc1+w8s
WXHuTzbY2cQ6hdVH6pnOTHnV42qrxe52kq7mafrzkj2EbIZ7hbGHl1oRvWfO9Jib
iXeD8GNeeRWKS8CQZu6aMEJxyJuzZNSVwEVO5L0uzHhJo5xa2z2MZ/9pvgoB7spY
ws/RydZfiGH1ESa98YlAowxNVoOJahrMPXekH0fHAsGuovUroCY61aTalKIz+SOU
n8GMRiiX09Qy2Sxx7wJVMkYbG6+8Lsl4uXwXdscuiDFFOKuhuJq9qoJlfazj1lBN
BMHhTuoNn5th/DQ84rlQ7e2yi/TiT1W+fr+qJxJJ5f2K6aq2qM4GUuguBQAssVVY
GUremfwz1Nwz87UJH71b//s0xvJcT/gk+8M2Xo4NsQKjO/2c/wfCkgXgJT956Jbk
NDwp5gMGKHsh9kDyuKnu
=q9/G
-----END PGP SIGNATURE-----


Reply to: